项目地址

https://github.com/wxi3/WindowsAutoRunDemo

核心函数

#include "AutoRun.h"

BOOL Reg_CurrentUser(LPCWSTR lpszFileName, LPCWSTR lpszValueName)
{
	HKEY hKey;
	printf("[+] length: %d\n",::lstrlen(lpszFileName));
	if (ERROR_SUCCESS != ::RegOpenKeyEx(HKEY_CURRENT_USER,L"software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&hKey))
	{
		printf("[-] Open Register Error,Code: %d\n", GetLastError());
		return FALSE;
	}
	if (ERROR_SUCCESS != ::RegSetValueEx(hKey, lpszValueName, 0, REG_SZ, (BYTE*)lpszFileName, (2 * ::lstrlen(lpszFileName))))
	{
		::RegCloseKey(hKey);
		printf("[-] Register Set Value Error,Code:%d", GetLastError());
		return FALSE;
	}
	::RegCloseKey(hKey);
	return TRUE;
}

void QueryRegistry()
{
	HKEY hKey;
	const wchar_t* subKey = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run";
	if (RegOpenKeyEx(HKEY_CURRENT_USER, subKey, 0, KEY_READ, &hKey) == ERROR_SUCCESS)
	{
		wchar_t  valueName[256];
		DWORD valueNameSize = sizeof(valueName) / sizeof(valueName[0]);
		BYTE data[256];
		DWORD dataSize = sizeof(data);
		DWORD index = 0;

		while (RegEnumValue(hKey, index, valueName, &valueNameSize, NULL, NULL, data, &dataSize) == ERROR_SUCCESS)
		{
			char valueNameMb[256];
			WideCharToMultiByte(CP_UTF8, 0, valueName, -1, valueNameMb, sizeof(valueNameMb), NULL, NULL);

			
			char dataMb[256];
			WideCharToMultiByte(CP_UTF8, 0, (wchar_t*)data, -1, dataMb, sizeof(dataMb), NULL, NULL);

			printf("[+] Value Name: %s, Data: ", valueNameMb);
			if (dataSize > 0)
			{
				char dataMb[256];
				WideCharToMultiByte(CP_UTF8, 0, (wchar_t*)data, dataSize / sizeof(wchar_t), dataMb, sizeof(dataMb), NULL, NULL);
				dataMb[sizeof(dataMb) - 1] = '\0'; 

				printf("%s\n", dataMb);
			}
			else {
				printf("null\n");
			}

			valueNameSize = sizeof(valueName) / sizeof(valueName[0]);
			dataSize = sizeof(data);
			index++;
		}

		RegCloseKey(hKey);
	}
	else
	{
		printf("[-] Failed to open registry key.\n");
	}
}

第一个函数的作用是，将一个地址的应用程序添加至注册表启动项，第二个函数的作用是查询当前用户的自启动注册表的内容。正常来说还可以加入到本地机器的自启动项，但是原理都一样，只不过需要管理员权限而已。

调用

#include "AutoRun.h"
#include <iostream>

int main(int argc, CHAR* argv[])
{
	if (argc < 3)
	{
		printf("[*] Usage: %s <FilPath> <RegistryName>\n", argv[0]);
		QueryRegistry();
		return 1;
	}
	wchar_t wFilePath[MAX_PATH];
	wchar_t wRegistryName[50];
	size_t convertedChars = 0;
	mbstowcs_s(&convertedChars, wFilePath, argv[1], _TRUNCATE);
	mbstowcs_s(&convertedChars, wRegistryName, argv[2], _TRUNCATE);
	printf("[+] FilePath: %ls\n", wFilePath);
	printf("[+] RegistryName: %ls\n", wRegistryName);

	if (FALSE == Reg_CurrentUser(wFilePath, wRegistryName))
	{
		printf("[-] Register modify failed.\n");
	}
	printf("[+] Reg OK.\n");
	QueryRegistry();
	system("pause");
	return 0;
}