- Сообщения
- 3,556
- Репутация
- 628
AutoIt: 3.3.8.1
Категория:Реестр, файлы, процессы.
Описание: Контролирование изменений в реестре - в ключах , которые отвечают за регулярный автозапуск программ(учтены основные ключи). Контролирование папок автозагрузки. Процессы
По ссылке можно скачать готовый вариант программы (установка, удаление), исходники
Файл: AU3,EXE
сканер (приведен пример для х64)
меню управления
История версий:
Источник: autoit-script.ru
Автор(ы): joiner
Категория:Реестр, файлы, процессы.
Описание: Контролирование изменений в реестре - в ключах , которые отвечают за регулярный автозапуск программ(учтены основные ключи). Контролирование папок автозагрузки. Процессы
По ссылке можно скачать готовый вариант программы (установка, удаление), исходники
Файл: AU3,EXE
сканер (приведен пример для х64)
Код:
#NoTrayIcon
#RequireAdmin
#include <array.au3>
#include <file.au3>
#include <FileOperations.au3>
#include <_RegFunc.au3>
#include <WinAPIEx.au3>
Global $autorun = @ScriptDir & '\autorun_all.txt', $startup_all, $reg_key, $file_search, $Rev, $Rr, $type, $file_data, $key_data, $run_array
Global $startup = @ScriptDir & '\startup_all.txt'
Global $hMapping_sleep = _WinAPI_OpenFileMapping('sleep')
Global $pAddress_sleep = _WinAPI_MapViewOfFile($hMapping_sleep)
Global $tData_sleep = DllStructCreate('wchar[1024]', $pAddress_sleep)
Global $hMapping_out = _WinAPI_OpenFileMapping('exit')
Global $pAddress_out = _WinAPI_MapViewOfFile($hMapping_out)
Global $tData_out = DllStructCreate('wchar[1024]', $pAddress_out)
AdlibRegister('_exit')
_array_startup()
_array_run()
While 1
$sleep = DllStructGetData($tData_sleep, 1)
Sleep($sleep)
_autorun_all()
WEnd
Func _autorun_all()
Dim $run_array
_FileReadToArray($autorun, $run_array)
For $r = 1 To UBound($reg_key) - 1
$i = 0
Do
$Rev = _RegEnumValue($reg_key[$r], $i)
$Rr = RegRead($reg_key[$r], $Rev)
If Not $Rev = '' Then
If @extended = 1 Then $type = 'REG_SZ'
If @extended = 2 Then $type = 'REG_EXPAND_SZ'
If @extended = 3 Then $type = 'REG_BINARY'
If @extended = 4 Then $type = 'REG_DWORD'
If @extended = 5 Then $type = 'REG_DWORD_BIG_ENDIAN'
If @extended = 6 Then $type = 'REG_LINK'
If @extended = 7 Then
$type = 'REG_MULTI_SZ'
$Rr = StringRegExpReplace($Rr, @LF, '')
EndIf
If @extended = 8 Then $type = 'REG_RESOURCE_LIST'
If @extended = 9 Then $type = 'REG_FULL_RESOURCE_DESCRIPTOR'
If @extended = 10 Then $type = 'REG_RESOURCE_REQUIREMENTS_LIST'
If @extended = 11 Then $type = 'REG_QWORD'
$search = _ArrayFindAll($run_array, $reg_key[$r] & ' ' & $Rev & ' ' & $type & ' ' & $Rr)
$index_search = UBound($run_array,1)
If $search = -1 Then
$index = _ArrayFindAll($run_array, $reg_key[$r] & ' ' & $Rev, 1, $index_search - 1, 0, 1)
For $in = 0 To UBound($index) - 1
_FileWriteToLine($autorun, $index[$in], '', 1)
Next
$key_data = $reg_key[$r]
_gui_reg()
EndIf
EndIf
Sleep(50)
$i = $i + 1
Until $Rev = '0'
Next
_search()
Dim $startup_array
_FileReadToArray($startup, $startup_array)
For $s = 1 To UBound($file_search) - 1
_ArrayFindAll($startup_array, $file_search[$s])
If @error = 6 Then
$file_data = $file_search[$s]
_gui_file()
EndIf
Next
EndFunc ;==>_autorun_all
Func _array_run()
Dim $reg_key[31]
$reg_key[1] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
$reg_key[2] = 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
$reg_key[3] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
$reg_key[4] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'
$reg_key[5] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows'
$reg_key[6] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows'
$reg_key[7] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce'
$reg_key[8] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx'
$reg_key[9] = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor'
$reg_key[10] = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
$reg_key[11] = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell'
$reg_key[12] = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
$reg_key[13] = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System'
$reg_key[14] = 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx'
$reg_key[15] = 'HKEY_CURRENT_USER\Software\Microsoft\Command Processor'
$reg_key[16] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
$reg_key[17] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell'
$reg_key[18] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'
$reg_key[19] = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System'
$reg_key[20] = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager'
$reg_key[21] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run'
$reg_key[22] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon'
$reg_key[23] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows'
$reg_key[24] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce'
$reg_key[25] = 'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx'
$reg_key[26] = 'HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Command Processor'
$reg_key[27] = 'HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
$reg_key[28] = 'HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System\Shell'
$reg_key[29] = 'HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer'
$reg_key[30] = 'HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System'
_search_hku()
EndFunc ;==>_array_run
Func _search_hku()
$b = 1
Do
$Rek = RegEnumKey('HKEY_USERS', $b)
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Command Processor\Autorun')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Windows\CurrentVersion\Policies\System')
_ArrayAdd($reg_key, 'HKEY_USERS\' & $Rek & '\Software\Microsoft\Command Processor')
$b = $b + 1
Until $Rek = ''
EndFunc ;==>_search_hku
Func _array_startup()
Dim $startup_all[5]
$startup_all[1] = @StartupDir
$startup_all[2] = @StartupCommonDir
$startup_all[3] = @AppDataCommonDir
$startup_all[4] = @AppDataDir
EndFunc ;==>_array_startup
Func _search()
Dim $file_search[1]
For $f = 1 To UBound($startup_all) - 1
$file = _FO_FileSearch($startup_all[$f], '*', True, 0, 1, 1)
For $f_p = 1 To UBound($file) - 1
_ArrayAdd($file_search, $file[$f_p])
Sleep(50)
Next
Sleep(50)
Next
EndFunc ;==>_search
Func _gui_reg()
$Form1 = GUICreate("Run Control", 612, 220, -1, -1, 0x00080000)
GUISetIcon("shell32.dll", -44)
$Input1 = GUICtrlCreateInput($key_data, 24, 25, 561, 21)
$Label1 = GUICtrlCreateLabel("Раздел реестра", 24, 8, 125, 17)
$Input2 = GUICtrlCreateInput($Rev, 24, 68, 313, 21)
$Input3 = GUICtrlCreateInput($type, 24, 110, 153, 21)
$Label2 = GUICtrlCreateLabel("Параметр", 24, 50, 55, 17)
$Label3 = GUICtrlCreateLabel("Тип", 24, 92, 23, 17)
$Label4 = GUICtrlCreateLabel("Значение", 24, 135, 52, 17)
$Button1 = GUICtrlCreateButton("Далее", 368, 68, 75, 25)
$Button4 = GUICtrlCreateButton("В реестре", 500, 68, 75, 25)
$Button2 = GUICtrlCreateButton("Записать", 368, 110, 75, 25)
GUICtrlSetState($Button2, 128)
$checkbox1 = GUICtrlCreateCheckbox('', 450, 110, 17, 17)
$Button3 = GUICtrlCreateButton("Удалить", 368, 150, 75, 25)
GUICtrlSetState($Button3, 128)
$checkbox2 = GUICtrlCreateCheckbox('', 450, 150, 17, 17)
$Edit1 = GUICtrlCreateInput($Rr, 24, 150, 313, 25)
If GUICtrlRead($Input3) = 'REG_MULTI_SZ' Then
GUICtrlSetState($Button1, 128)
GUICtrlSetState($checkbox1, 128)
EndIf
GUISetState(@SW_SHOW)
Do
$nMsg = GUIGetMsg()
Switch $nMsg
Case -3
GUIDelete()
ExitLoop
Case $Button1
FileWriteLine($autorun, GUICtrlRead($Input1) & ' ' & GUICtrlRead($Input2) & ' ' & GUICtrlRead($Input3) & ' ' & GUICtrlRead($Edit1))
GUIDelete()
ExitLoop
Case $Button2
RegWrite(GUICtrlRead($Input1), GUICtrlRead($Input2), GUICtrlRead($Input3), GUICtrlRead($Edit1))
FileWriteLine($autorun, GUICtrlRead($Input1) & ' ' & GUICtrlRead($Input2) & ' ' & GUICtrlRead($Input3) & ' ' & GUICtrlRead($Edit1))
GUIDelete()
ExitLoop
Case $Button3
$name_reg = _TempFile(@ScriptDir & '\Quarantine\', 'reg_', '.reg')
_RegExport($name_reg, $key_data, $Rev)
RegDelete(GUICtrlRead($Input1), GUICtrlRead($Input2))
GUIDelete()
ExitLoop
Case $checkbox1
GUICtrlSetState($Button2, 64)
If GUICtrlRead($checkbox1) = 4 Then
GUICtrlSetState($Button2, 128)
EndIf
Case $checkbox2
GUICtrlSetState($Button3, 64)
If GUICtrlRead($checkbox2) = 4 Then
GUICtrlSetState($Button3, 128)
EndIf
Case $Button4
_JumpRegistry($key_data)
If GUICtrlSetState($Button1, 128) Then GUICtrlSetState($Button1, 64)
EndSwitch
Until $nMsg = -3
EndFunc ;==>_gui_reg
Func _gui_file()
$Form = GUICreate("Run Control", 612, 120, -1, -1, 0x00080000)
GUISetIcon("shell32.dll", -44)
$Input = GUICtrlCreateInput($file_data, 24, 32, 561, 21)
$Labe = GUICtrlCreateLabel("Файл", 24, 8, 125, 17)
$Button_1 = GUICtrlCreateButton("Далее", 100, 60, 75, 25)
$Button_2 = GUICtrlCreateButton("В папке", 235, 60, 75, 25)
$Button = GUICtrlCreateButton("Удалить", 368, 60, 75, 25)
GUICtrlSetState($Button, 128)
$checkbox1 = GUICtrlCreateCheckbox('', 450, 60, 17, 17)
GUISetState(@SW_SHOW)
Do
$nMsg = GUIGetMsg()
Switch $nMsg
Case -3
GUIDelete()
ExitLoop
Case $Button_1
FileWriteLine($startup, GUICtrlRead($Input))
GUIDelete()
ExitLoop
Case $Button
FileSetAttrib(GUICtrlRead($Input), '-RSH')
FileDelete(GUICtrlRead($Input))
GUIDelete()
ExitLoop
Case $checkbox1
GUICtrlSetState($Button, 64)
If GUICtrlRead($checkbox1) = 4 Then
GUICtrlSetState($Button, 128)
EndIf
Case $Button_2
_WinAPI_ShellOpenFolderAndSelectItems(GUICtrlRead($Input))
EndSwitch
Until $nMsg = -3
EndFunc ;==>_gui_file
Func _exit()
$Text_out = DllStructGetData($tData_out, 1)
If $Text_out = 'exit' Then
_WinAPI_UnmapViewOfFile($pAddress_sleep)
_WinAPI_CloseHandle($hMapping_sleep)
_WinAPI_UnmapViewOfFile($pAddress_out)
_WinAPI_CloseHandle($hMapping_out)
Exit
EndIf
EndFunc ;==>_exit
Func _JumpRegistry($sKey)
If WinExists('[CLASS:RegEdit_RegEdit]') Then
WinClose('[CLASS:RegEdit_RegEdit]')
EndIf
RegWrite('HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit', 'LastKey', 'REG_SZ', $sKey)
If Not @error Then Run(@WindowsDir & '\regedit.exe')
EndFunc ;==>_JumpRegistry
меню управления
Код:
#NoTrayIcon
#RequireAdmin
#include <ModernMenuRaw.au3>
#include <WinAPIEx.au3>
Opt("MustDeclareVars", 1)
Opt("GUIOnEventMode", 1)
Opt("TrayMenuMode", 7)
Global $autorun = @ScriptDir & '\autorun_all.txt'
Global $startup = @ScriptDir & '\startup_all.txt'
Global $hMapping_sleep = _WinAPI_CreateFileMapping(-1, 2048, 'sleep')
Global $pAddress_sleep = _WinAPI_MapViewOfFile($hMapping_sleep)
Global $tData_sleep = DllStructCreate('wchar[1024]', $pAddress_sleep)
Global $hMapping_out = _WinAPI_CreateFileMapping(-1, 2048, 'exit')
Global $pAddress_out = _WinAPI_MapViewOfFile($hMapping_out)
Global $tData_out = DllStructCreate('wchar[1024]', $pAddress_out)
Run(@ScriptDir & '\run_control.exe')
DllStructSetData($tData_sleep, 1, StringStripWS('5000', 3))
_SetFlashTimeOut(250)
Local $nTrayIcon = _TrayIconCreate("Run Control", "shell32.dll", -209)
_TrayCreateContextMenu()
$bUseAdvTrayMenu = False
Local $hMenu_dell = _TrayCreateMenu('Удалить')
_TrayItemSetIcon(-1, "shell32.dll", -132)
_TrayCreateItem('Удалить программу', $hMenu_dell)
GUICtrlSetOnEvent(-1, "_prog_dell")
_TrayCreateItem('Удалить лог реестра', $hMenu_dell)
GUICtrlSetOnEvent(-1, "_log_reg_dell")
_TrayCreateItem('Удалить лог автозагрузки', $hMenu_dell)
GUICtrlSetOnEvent(-1, "_log_startup_dell")
Local $hMenu_archive = _TrayCreateMenu('Удаленные записи реестра')
_TrayItemSetIcon(-1, "shell32.dll", -63)
_TrayCreateItem('Файлы', $hMenu_archive)
GUICtrlSetOnEvent(-1, "_open")
Local $hMenu_sleep = _TrayCreateMenu('Частота сканирования')
_TrayItemSetIcon(-1, "shell32.dll", -266)
_TrayCreateItem('100 млсек', $hMenu_sleep)
GUICtrlSetOnEvent(-1, "_100")
_TrayCreateItem('1 сек', $hMenu_sleep)
GUICtrlSetOnEvent(-1, "_1000")
_TrayCreateItem('5 сек', $hMenu_sleep)
GUICtrlSetOnEvent(-1, "_5000")
_TrayCreateItem('10 сек', $hMenu_sleep)
GUICtrlSetOnEvent(-1, "_10000")
_TrayCreateItem('1 мин', $hMenu_sleep)
GUICtrlSetOnEvent(-1, "_60000")
Local $sMenu_log = _TrayCreateMenu('Просмотр записей')
_TrayItemSetIcon(-1, "shell32.dll", -222)
_TrayCreateItem('Просмотр лога реестра', $sMenu_log)
GUICtrlSetOnEvent(-1, "_log_reg")
_TrayCreateItem('Просмотр лога автозагрузки', $sMenu_log)
GUICtrlSetOnEvent(-1, "_log_startup")
_TrayCreateItem('Процессы')
GUICtrlSetOnEvent(-1, "_proc_mon")
_TrayItemSetIcon(-1, @ScriptDir & '\tm.ico')
Global $stop_run = _TrayCreateItem('Остановить')
_TrayItemSetIcon(-1, @ScriptDir & '\893.ico')
GUICtrlSetOnEvent(-1, "_stop")
_TrayCreateItem('Выход')
GUICtrlSetOnEvent(-1, "_exit")
_TrayItemSetIcon(-1, "shell32.dll", -216)
_TrayIconSetState()
Local $nTaskBarCreated = DllCall("user32.dll", "uint", "RegisterWindowMessageA", "str", "TaskbarCreated")
DllCall("user32.dll", "none", "ChangeWindowMessageFilter", "UINT", $nTaskBarCreated[0], "dword", 1)
GUIRegisterMsg($nTaskBarCreated[0], "RecreateIcons")
While 1
Sleep(1000)
WEnd
Func _proc_mon()
Run(@ScriptDir & '\proc_mon.exe')
EndFunc
Func _stop()
Local $Text_out = StringStripWS('exit', 3)
DllStructSetData($tData_out, 1, $Text_out)
_TrayItemSetText($stop_run, 'Запустить')
_TrayItemSetIcon($stop_run, @ScriptDir & '\906.ico')
GUICtrlSetOnEvent($stop_run, "_run")
_TrayTip($nTrayIcon, 'Run Control', 'Остановлен', 5, 2)
AdlibRegister('_info',30000)
EndFunc ;==>_stop
Func _info()
_TrayTip($nTrayIcon, 'Run Control', 'Остановлен', 1, 2)
EndFunc
Func _run()
AdlibUnRegister('_info')
DllStructSetData($tData_out, 1, '')
Run(@ScriptDir & '\run_control.exe')
_TrayItemSetText($stop_run, 'Остановить')
_TrayItemSetIcon($stop_run, @ScriptDir & '\893.ico')
GUICtrlSetOnEvent($stop_run, "_stop")
_TrayTip($nTrayIcon, 'Run Control', 'Работает', 5, 1)
EndFunc ;==>_run
Func _exit()
Local $Text_out = StringStripWS('exit', 3)
DllStructSetData($tData_out, 1, $Text_out)
_WinAPI_UnmapViewOfFile($pAddress_sleep)
_WinAPI_CloseHandle($hMapping_sleep)
_WinAPI_UnmapViewOfFile($pAddress_out)
_WinAPI_CloseHandle($hMapping_out)
Exit
EndFunc ;==>_exit
Func _log_reg()
ShellExecute($autorun)
EndFunc ;==>_log_reg
Func _log_startup()
ShellExecute($startup)
EndFunc ;==>_log_startup
Func _log_reg_dell()
FileDelete($autorun)
EndFunc ;==>_log_reg_dell
Func _log_startup_dell()
FileDelete($startup)
EndFunc ;==>_log_startup_dell
Func _prog_dell()
FileInstall('control_uninstall.exe', @TempDir & '\control_uninstall.exe', 1)
Run(@TempDir & '\control_uninstall.exe')
_exit()
EndFunc ;==>_prog_dell
Func _100()
DllStructSetData($tData_sleep, 1, StringStripWS('100', 3))
EndFunc ;==>_100
Func _1000()
DllStructSetData($tData_sleep, 1, StringStripWS('1000', 3))
EndFunc ;==>_1000
Func _5000()
DllStructSetData($tData_sleep, 1, StringStripWS('5000', 3))
EndFunc ;==>_5000
Func _10000()
DllStructSetData($tData_sleep, 1, StringStripWS('10000', 3))
EndFunc ;==>_10000
Func _60000()
DllStructSetData($tData_sleep, 1, StringStripWS('60000', 3))
EndFunc ;==>_60000
Func _open()
ShellExecute(@ScriptDir & '\Quarantine')
EndFunc ;==>_open
Func RecreateIcons()
_TrayIconSetState($nTrayIcon, 2)
_TrayIconSetState($nTrayIcon, 1)
EndFunc ;==>RecreateIcons
История версий:
1.1
Источник: autoit-script.ru
Автор(ы): joiner