luckboy45
中级用户
积分 487
发帖 212
注册 2007-4-1
状态 离线
|
『楼 主』:
注册表键值判断
| Quote: | @echo off & setlocal enabledelayedexpansion
COLOR 0a
for /f "tokens=*" %%a in (
'reg query "HKLM\System\CurrentControlSet\Services"'
) do (
set tmpString=%%a
set tmpString=!tmpString:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\=!
echo !tmpString! >>2.txt
)
PAUSE |
|
效果是这样的:
REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
Abiosdsk
ACPI
ACPIEC
aec
AFD
Alerter
ALG
AliIde
amdide
AmdK8
AmdLLD
AppMgmt
AsyncMac
atapi
Atdisk
Atmarpc
AudioSrv
audstub
BattC
Beep
BITS
Browser
Cdaudio
Cdfs
Cdrom
CiSvc
| Quote: | | wmic /namespace:\\root\default path stdregprov call EnumKey ^&h80000002,"System\CurrentControlSet\Services" >>1.txt |
|
则效果是这样的
执行 (stdregprov)->EnumKey()
方法执行成功。
输出参数:
instance of __PARAMETERS
{
ReturnValue = 0;
sNames = {"Abiosdsk", "ACPI", "ACPIEC", "aec", "AFD", "Alerter", "ALG", "AliIde", "amdide", "AmdK8", "AmdLLD", "AppMgmt", "AsyncMac", "atapi", "Atdisk", "Atmarpc", "AudioSrv", "audstub", "BattC", "Beep", "BITS", "Browser", "Cdaudio", "Cdfs", "Cdrom", "CiSvc", "Class", "ClipSrv", "CmdIde", "COMSysApp", "ContentFilter", "ContentIndex", "CryptSvc", "DcomLaunch", "Dhcp", "Disk", "dmadmin", "dmboot", "dmio", "dmload", "dmserver", "DMusic", "Dnscache", "Dot3svc", "drmkaud", "EapHost", "ERSvc", "Eventlog", "EventSystem", "Fastfat", "FastUserSwitchingCompatibility", "Fdc", "Fips", "Flpydisk", "FltMgr", "FsVga", "Fs_Rec", "Ftdisk", "gameenum", "Gpc", "HDAudBus", "helpsvc", "HidServ", "HidUsb", "hkmsvc", "HTTP", "HTTPFilter", "i8042prt", "Imapi", "ImapiService", "inetaccs", "Inport", "IntcAzAudAddService", "IntelIde", "intelppm", "Ip6Fw", "IpFilterDriver", "IpInIp", "IpNat", "IPSec", "irda", "IRENUM", "Irmon", "irsir", "ISAPISearch", "isapnp", "Kbdclass", "kbdhid", "kmixer", "KSecDD", "LanmanServer", "lanmanworkstation", "ldap", "LicenseService", "LmHosts", "MDM", "Messenger", "mnmdd", "mnmsrvc", "Modem", "Mouclass", "mouhid", "MountMgr", "MRxDAV", "MRxSmb", "MSDTC", "Msfs", "MSIServer", "MSKSSRV", "MSPCLOCK", "MSPQM", "mssmbios", "Mup", "napagent", "NDIS", "NdisTapi", "Ndisuio", "NdisWan", "NDProxy", "NetBIOS", "NetBT", "NetDDE", "NetDDEdsdm", "Netlogon", "Netman", "Nla", "Npfs", "Ntfs", "NtLmSsp", "NtmsSvc", "Null", "nv", "NVSvc", "NwlnkFlt", "NwlnkFwd", "ose", "Parport", "PartMgr", "ParVdm", "PCI", "PCIIde", "Pcmcia", "perc2hib", "PerfDisk", "PerfNet", "PerfOS", "PerfProc", "PlugPlay", "PolicyAgent", "PptpMiniport", "Processor", "ProtectedStorage", "PSched", "Ptilink", "RasAcd", "RasAuto", "Rasirda", "Rasl2tp", "RasMan", "RasPppoe", "Raspti", "Rdbss", "RDPCDD", "RDPDD", "rdpdr", "RDPNP", "RDPWD", "RDSessMgr", "redbook", "RemoteAccess", "RemoteRegistry", "ROCKEYNT", "RpcSs", "RSVP", "RTL8023xp", "SamSs", "SCardSvr", "Schedule", "Secdrv", "seclogon", "SENS", "serenum", "Serial", "Sfloppy", "SharedAccess", "ShellHWDetection", "SiFilter", "Simbad", "splitter", "Spooler", "sptd", "sr", "Srv", "SSDPSRV", "stisvc", "swenum", "swmidi", "SwPrv", "sysaudio", "SysmonLog", "TapiSrv", "Tcpip", "TDPIPE", "TDTCP", "TermDD", "TermService", "Themes", "TlntSvr", "TosIde", "TrkWks", "TSDDD", "Udfs", "UnlockerDriver5", "Update", "upnphost", "UPS", "usbccgp", "usbehci", "usbhub", "usbohci", "usbstor", "usbuhci", "VgaSave", "ViaIde", "vmmouse", "VolSnap", "VSS", "VXD", "W32Time", "W3SVC", "Wanarp", "wdmaud", "WebClient", "winmgmt", "Winsock", "WinSock2", "WinTrust", "WmdmPmSN", "Wmi", "WmiApRpl", "WmiApSrv", "WS2IFSL", "wscsvc", "wuauserv", "WZCSVC", "xmlprov", "{A41CD26E-2C3E-4DB4-BC93-1E66051815FC}"};
};
我的目的是,先生成一个临时文件,内部是上面的服务名称,然后再检测下目前注册表中的服务,对应的,将多出来的服务用FOR命令提取后分别,再输出成这样的效果
[amdide / amdide][Running/Boot Start]
<C:\WINDOWS\system32\DRIVERS\amdide.sys>
其实主要用来检测是否有莫名服务或者驱动被安装,希望有能力的朋友能帮忙实现下.
|
逍遥@浪子@反病毒 |
|
