怎樣用非管理員帳號讀取注冊表信息

怎樣用非管理員帳號讀取注冊表信息?

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

Option ExplicitPublic Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long           ' Note that if you declare the lpData parameter as String, you must pass it By Value.
Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long         ' Note that if you declare the lpData parameter as String, you must pass it By Value.
Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As LongPublic Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_USERS = &H80000003
Public Const HKEY_PERFORMANCE_DATA = &H80000004
Public Const HKEY_CURRENT_CONFIG = &H80000005Public Const REG_SZ = 1
Public Const REG_EXPAND_SZ = 2
Public Const REG_BINARY = 3                     ' Free form binary
Public Const REG_DWORD = 4                      ' 32-bit numberEnum iHKEY
KEY_CLASSES_ROOT = &H80000000
KEY_CURRENT_USER = &H80000001
KEY_LOCAL_MACHINE = &H80000002
KEY_USERS = &H80000003
KEY_PERFORMANCE_DATA = &H80000004
KEY_CURRENT_CONFIG = &H80000005
End EnumEnum iTYPE
SZ = 1
EXPAND_SZ = 2
Binary = 3
DWORD = 4
End EnumPublic Function REG_Write(ByVal inHKEY As iHKEY, ByVal inPath As String, ByVal inName As String, ByVal inType As iTYPE, ByVal inText As String) As Long
    'On Error Resume Next
    Dim hKey As Long
    Dim DataSize As Long
    Dim ret As Long    DataSize = Len(inText) + 1

    RegCreateKey inHKEY, inPath, hKey
    If inType = 4 Then GoTo SetLong

    RegSetValueEx hKey, inName, 0, inType, ByVal inText, DataSize
    RegCloseKey hKey
    Exit Function
SetLong:
    inText = CLng(inText)
    RegSetValueEx hKey, inName, 0, inType, inText, DataSize
    RegCloseKey hKey
End FunctionPublic Function REG_Read(ByVal inHKEY As iHKEY, ByVal inPath As String, ByVal inName As String, ByVal inType As iTYPE) As String
    'On Error Resume Next
    Dim hKey As Long
    Dim rSize As Long
    Dim ret As Long
    Dim OutTxt As String    ret = RegOpenKeyEx(inHKEY, inPath, 0, 0, hKey)
    ret = RegQueryValueEx(hKey, inName, 0, inType, vbNullString, rSize)
    OutTxt = String(rSize, Chr(0))
    ret = RegQueryValueEx(hKey, inName, 0, inType, ByVal OutTxt, rSize)
    OutTxt = Left(OutTxt, InStr(OutTxt, Chr(0)))
    REG_Read = OutTxt
    RegCloseKey hKey
End FunctionPublic Function REG_Del(ByVal inHKEY As iHKEY, ByVal inPath As String, ByVal inName As String) As Boolean
    On Error GoTo 1
    Dim hKey As Long
    RegOpenKeyEx inHKEY, inPath, 0, 0, hSubKey
    RegDeleteValue hKey, inName
    RegCloseKey hKey
    Exit Function
1:
    REG_Del = False
End Function
可能是个无法实现的问题，提升权限只能应用在打开进程方面，注册表应该没那么儿戏就被随便打开吧，如果真能实现那应该算是一个windows的新漏洞了
应该不行，我在win2003下编了一个定时关机程序，非得用有关机权限的用户运行才能关机，user组的就关不了。况且，在win2003下，好像每一用户都有自己的注册表文件。