. reg file usage and operation
I. Reg document
First of all, we don't talk about Winapi and other ways to operate the registry, just about the way to operate the reg file
1. Import of reg file
reg files can be imported by double clicking. You can also import them by using the CMD command
As follows:
Use if you want to import
Reg Import
reg import xxx.reg
See the cmd command for details
2. Export of reg file
Here it's similar to the above. Just pay attention to the grammar. The main thing is that / y can be used without prompt
3.regedit import method
Another way is to use regedit import
regedit /s xxx.reg
Use the / s option to pay attention to the. reg file. Some people say that there are four extra spaces after the. reg file. This will cause the import to fail or succeed
This one didn't try
4. summary
All the above methods can be implemented in C + +. Suppose you construct a. reg, you can import it directly with normal permission
Then you understand
II. Black screen problem of C + + code import reg file
C + + if used
system("reg import xxx.reg")
Using the above code, a flash black box will appear. The reason is that the system function is used. We just need to change it to the following
string cwtCommands = "cmd /c "; cwtCommands += cwtCommand; WinExec(cwtCommands.c_str(), SW_HIDE);
Where cwtCommand = command you construct
for example
"reg import xxx.reg"
III. change of registration form name
We know that there is no interface to rename a key. The only way is to delete the key and reset it
But think about what to do if you need to change your name, and deleting and resetting will make you write a lot of code
Although there is no public interface, we can use it
Add any exe to windbg. Check the ntdll symbol
You can see that there is a NtRenameKey function, and then you can rename the key. If you want other powerful functions
So the x command of windbg can help you
Usage method
typedef struct _UNICODE_STRING { WORD Length; WORD MaximumLength; WORD* Buffer; } UNICODE_STRING, * PUNICODE_STRING; typedef VOID (NTAPI* PfnRtlInitUnicodeString) (_Out_ PUNICODE_STRING DestinationString, _In_opt_ PCWSTR SourceString); PfnRtlInitUnicodeString RtlInitUnicodeString; typedef NTSTATUS (_stdcall *PfnNtRenameKey)( HANDLE KeyHandle, PUNICODE_STRING NewName ); PfnNtRenameKey RenameKey; HMODULE hMod = NULL; hMod = LoadLibrary(TEXT("ntdll.dll")); if (hMod == NULL) { return ; } RtlInitUnicodeString = (PfnRtlInitUnicodeString)GetProcAddress(hMod,"RtlInitUnicodeString"); RenameKey = (PfnNtRenameKey)GetProcAddress(hMod,"NtRenameKey"); BOOL RegChangeKey(HKEY hKey,TCHAR *szSubKey,TCHAR *NewKeyFileName) { AdjustPrivileges(TEXT("SE_BACKUP_NAME")); //Start registry permission DWORD dwErrorCode = ERROR_SUCCESS; DWORD dwFlag = REG_OPENED_EXISTING_KEY; RegCreateKeyEx(hKey,szSubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,&dwFlag); if (hKey == 0) { return FALSE; } if (RenameKey == NULL) { RegCloseKey(hKey); return FALSE; } //Initializing unicode'string structure, calling UNICODE_STRING uNewNameString; if (RtlInitUnicodeString == NULL) { RegCloseKey(hKey); return FALSE; } RtlInitUnicodeString(&uNewNameString,NewKeyFileName); //Modify name RenameKey((HANDLE)hKey,&uNewNameString); RegCloseKey(hKey); return TRUE; }