如何hook注册表的项值变化?
如何hook注册表的项值变化?如变化则重启. 最简单的方法是循环读取注册表。如果不一样,就重启 #include <date.au3>$strComputer = "."
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\default")
$colEvents = $objWMIService.ExecNotificationQuery _
("SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _
"KeyPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'")
While 1
Sleep(250)
$objLatestEvent = $colEvents.NextEvent
MsgBox(0,0,"注册表已更改")
WEnd 感谢小三,有没有api的函数,wmi开机运行太慢了,另外我只监控:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network
config 这个项,要怎么监控? CreateEventA
RegNotifyChangeKeyValue
WaitForSingleObject
返回WAIT_OBJECT_0为被更改
返回WAIT_ABANDONED为发生错误,可以以此做异常处理。 都是天书,看不懂 #include <WinAPI.au3>
#include <LocalSecurityAuthority.au3>
$hKey = _RegOpenKeyEx($HKEY_LOCAL_MACHINE, "Software\Test", $KEY_NOTIFY)
$hEvent = _RegNotifyChangeKeyValue($hKey, False, 15)
_WinAPI_WaitForSingleObject($hEvent, -1)
Msgbox(0, "", "Machine\Software\Test has changed.")
_RegCloseKey($hKey)
Func _RegNotifyChangeKeyValue($hKey, $fWatchSub = False, $iFilter = 15)
Local $hEvent, $iResult
$hEvent = _WinAPI_CreateEvent()
$iResult = DllCall("Advapi32.dll", "long", "RegNotifyChangeKeyValue", _
"hWnd", $hKey, "int", $fWatchSub, "dword", $iFilter, _
"hWnd", $hEvent, "int", 1)
Return SetError($iResult, 0, $hEvent)
EndFunc ;==>_RegNotifyChangeKeyValue
LocalSecurityAuthority.au3 - http://www.autoitx.com/forum.php?mod=viewthread&tid=7080&extra=page%3D1
页:
[1]