Windows self-start

Many monitoring software require that the software can start running without clicking the icon after the system restarts, the method is to write the Registry SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run. For details about the reference program, refer to: (find the execution file of the program directory and add the registry if it exists) // Code 1 Int C *** DLG: createrun (void) { // Add the following code Hkey regkey; Cstring Spath; Getmodulefilename (null, Spath. getbuffersetlength (max_path + 1), max_path ); Spath. releasebuffer (); Int NPOs; NPOs = Spath. reversefind ('\\'); Spath = Spath. Left (NPOs ); Cstring lpszfile = Spath + "\ getip.exe"; // Add the name of the execution file to be searched. Cfilefind ffind; Bool bsuccess; Bsuccess = ffind. findfile (lpszfile ); Ffind. Close (); If (bsuccess) { Cstring fullname; Fullname = lpszfile; Regkey = NULL; Regopenkey (HKEY_LOCAL_MACHINE, "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run", & regkey ); Regsetvalueex (regkey, "getip", 0, REG_SZ, (const unsigned char *) (lpctstr) fullname, fullname. getlength (); // Add the content you need to register in the registry. This-> updatedata (false ); } Else { // Theapp. setmainskin (); : Afxmessagebox ("failed to find execution program, automatic operation failed "); Exit (0 ); } Return 0; } // Replace the above getip (2 in total) with the name of the program you want to start. ========================================================== ========== Practical Code 2: // Write to the Registry and start automatically upon startup Hkey; // Locate the system startup Item Lpctstr lprun = "SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run "; // Open the startup key Long LRET = regopenkeyex (HKEY_LOCAL_MACHINE, lprun, 0, key_write, & hkey ); If (LRET = error_success) { Char pfilename [max_path] = {0 }; // Obtain the full path of the program. DWORD dwret = getmodulefilename (null, pfilename, max_path ); // Add a sub-key and set the value. // The following "getip" is the name of the application (without suffix .exe) LRET = regsetvalueex (hkey, "getip", 0, REG_SZ, (byte *) pfilename, dwret ); // Close the registry Regclosekey (hkey ); If (LRET! = Error_success) { Afxmessagebox ("system parameter error, cannot start with system "); } } 1. Dedicated Startup folder of the current user This is a common location for Automatic startup of many applications. All shortcuts for Windows Automatic startup in this folder. The User Startup Folder is generally in the \ Documents and Settings \ <username> \ "start" Menu \ Program \ Start, where "<username>" is the name of the currently logged-on user account. 2. Effective startup folders for all users This is the second important position to find an Automatic startup program. No matter what identity the user uses to log on to the system, the shortcut to put the folder is always automatically started-this is the difference between it and the user-specific Startup Folder. This folder is generally in: \ Documents ents and Settings \ All Users \ Start Menu \ Program \ Start. Iii. Load registration key There is not much information about the registration key. In fact, it can also automatically start the program. Location: HKEY_CURRENT_USER \ Software \ Microsoft \ WindowsNT \ CurrentVersion \ windows \ load. Iv. userinit registration key Location: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon \ USERINIT. This also enables the system to automatically initialize the program at startup. Quotation marks (excluding quotation marks ). 5. Explorer \ Run registration key Unlike load and userinit, the Explorer \ Run key is available in both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. The specific location is HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run, and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run. 6. runservicesonce registration key The runservicesonce registration key is used to start the service program. the start time is before the user logs on and prior to other programs started by the registration key. The runservicesonce registration key is HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ runservicesonce, and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservicesonce. VII. runservices registration key The program specified by the runservices registration key runs immediately after the program specified by runservicesonce, but both run before the user logs on. Runservices: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ runservices, and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices. 8. runonce \ setup registration key Runonce \ setup specifies the program that runs after the user logs on. Its location is HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ runonce \ setup, and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runonce \ setup. 9. runonce registration key The installer usually runs the program automatically with the runonce key, which is located in HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runonce and HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ runonce. The runonce key under HKEY_LOCAL_MACHINE runs the program immediately after the user logs on. The runtime is before the program specified by other run keys. The runonce key under HKEY_CURRENT_USER runs after the operating system processes other run keys and the content of the "Start" folder. If it is XP, you also need to Check HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runonceex. 10. Run registration key Run is the most common registration key for automatically running programs. Its location is HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run. The run key under HKEY_CURRENT_USER runs immediately following the run key under HKEY_LOCAL_MACHINE, but both are before processing the "Start" folder. Sometimes people often have a headache for the startup of a program, because some users often do not know how those files are started. So there are often useless things hanging on the system to occupy resources. Sometimes someone has a headache because they don't know how to start a file. Even more, the authors of trov easily discover their Trojans because they do not know the system's self-starting method ...... There are actually many ways to enable Windows. In addition to some common startup methods, there are also some very concealed methods that can be used to start files. This article is summarized as follows, although not all, but I think it will be helpful to everyone. All articles are subject to the default system status for research. English represents the English operating system and Chinese represents the Chinese operating system. This document does not indicate that Windows 98 is a Chinese operating system. Warning some operations mentioned in this article may involve system stability. For example, incorrect use of the Registry Editor may cause serious problems such as re-installing the system. Microsoft cannot guarantee that the results caused by abnormal use of the Registry Editor can be solved. I am not responsible for the use of the consequences, please use according to your own situation. Windows auto-start mode: I. self-starting directory: 1. The first self-starting directory: The default path is: C: windowsstart menuprogramsstartup (English) C: windowsstart menuprograms startup (Chinese) This is the most basic and commonly used Windows Startup method. It is mainly used to start self-starting projects of some applications, such as office shortcut menus. Generally, you can start the files you want to start at startup by simply placing the files or their shortcuts in the folder. Corresponding Registry location: [Hkey_current_usersoftwaremicrosoftwindowscurrentversionpolicershell folders] Startup = \ "% directory % \" [Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliceruser Shell Folders] Startup = \ "% directory % \" "% Directory %" is the Startup Folder location. 　　 Default English: C: windowsstart menuprogramsstartup Chinese default: C: windowsstart menuprograms start The "start" folder in the Start menu can be changed. If you change the Startup Folder, the key values of the above registry are changed to the corresponding name. It is worth noting that the content in the "Start" folder in the Start menu can be clearly viewed by users by default. However, modifications can be made to achieve the purpose of relatively concealed startup: First, the shortcut or other file attributes in the "Start" folder can be changed to "hidden ". In this way, the hidden files are not started by the system, and the startup function can be restored by changing the file attributes when the system needs to be started. Second, in fact, the "Start" folder is just a normal folder, but the system monitors this folder, so it becomes somewhat special, but the folder has some functions, as well as the folder. For example, the name of the "Start" folder can be changed, and the "Start" folder can also set properties. If you set the attribute to "hidden", then the "Start" in the system ]? [Program] menu does not see the "Start" folder (even if "show all files" has been set in "Folder Options "). The system also starts non-hidden files in the hidden folder. Sensitive people may have discovered problems. For example: If I want to start the server of Trojan A, I can change the name of the original "start" menu to "Startup" (here it is changed randomly, the corresponding key value of the registry is also automatically changed .) Create a folder named "start" and copy all the files in the "Startup" menu to the "Start" menu, put the server program of Trojan A in the "Startup" folder, and hide the "Startup" folder. Success! 　　 What is the user's [start ]? [Start] the directory is still in, and the file to be started is also in. However, the file started by the system is not a file in the folder named "start", but a file in the folder named "Startup. If the trojan is good, you can copy the files in "Startup" to the "Startup" directory every time you start the system to update the startup directory in real time. Since the "Startup" folder is hidden, start from ]? [Program] cannot see the real Startup Menu "Startup", so it achieves the purpose of concealed startup! Although this startup method is relatively concealed, it can still be seen on the "Start" page through msconfig. 2. The second self-starting directory: Yes, in fact, there is another self-starting directory in windows, which is obviously but often ignored. The path is located: C: windowsall usersstart menuprogramsstartup (English) C: windowsall usersstart menuprograms startup (Chinese) This directory is used in the same way as the first self-starting directory. You only need to find the Directory and drag and drop the files to be started to start the directory. [Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpoliceruser Shell Folders] \ "Common Startup \" = \ "% directory % \" [Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpolicershell folders] \ "Common Startup \" = \ "% directory % \" 　　 It is worth noting that this directory is completely invisible in the "Start" directory of the Start Menu. With each startup, non-hidden files in this directory will also be started! In addition, you can see the file to be started under this directory in msconfig. Ii. Start the system configuration file: Because the system configuration files are quite unfamiliar to most users, these startup methods are relatively hidden, therefore, some of the methods mentioned here are often used for some destructive operations. Please note that. 1. Start Windows. ini: Startup location (file.exe is the name of the file to be started ): [Windows] Loadpolicfile.exe Runningfile.exe Note: The difference between load = and run = is that by using load = to run a file, the file will be run (minimized) in the background, and by running =, the file is run by default. 2. Start system. ini: Startup location (file.exe is the name of the file to be started ): Default Value: [Boot] Shell‑assumer.exe After the file can be started: [Boot] Shell‑assumer.exe file.exe Note: I remember that in a book written by Mr. Norton (the person who developed the Norton software), I once said that the files 1 and 2 have no impact on the system, however, due to the time, I did not have time to test. If you are interested, you can try it. However, it is certain that such a startup method is often used by Trojans or some prank programs (such as the kiss of the demon), leading to abnormal system performance. Generally, users seldom care about these two files, and even some people do not know what these files are for, so they are very concealed. However, as it is used more and more frequently, this startup method is gradually noticed. You can use the msconfig command to check whether any program is loaded. Specifically, enter msconfig and press enter in "run" in the menu, and then follow the text instructions. Note: 1. Different from win.ini files, system.ini can only start a specified file without replacing shell‑policer.exe file.exewith shell‑file.exe. This will paralyze windows! 2. This startup method is earlier than Registry Startup. Therefore, if you want to restrict the startup of files in the registry, use this method. 3. Start wininit. ini: The wininit. ini file may not be known to many users. In general operations, users rarely directly access this file. However, if you have compiled an uninstall program, you may know the file. Wininit is the Windows setup initialization utility. It is the installation and initialization tool for Windows. If you see the following prompt: Please wait while Setup updates your configuration files. This may take a few minutes... Everyone may know it! This is what wininit. INI is working! In Windows, many executable files and driver files are executed into the memory and are protected by the system. Therefore, changing these files in the normal Windows State becomes a problem, so the wininit. ini file appears to help the system do this. Before the system loads windows, the system executes commands, including copying, deleting, and renaming, to update files. The wininit. ini file exists in the Windows directory. However, we usually cannot find this file in the C: Windows directory. We can only find the exeprogram wininit.exe. The reason is that wininit. ini will be automatically deleted by the system every time it is executed by the system until a new wininit. ini file appears again ...... And then deleted. File Format: [Rename] File1 = file2 File1 = file2 means to copy a file named file1 from file2, which overwrites file1. In this way, Windows will update file1 with file2; If file1 does not exist, the actual result is to copy file2 and change it to file1; if you want to delete the file, run the following command: [Rename] Nul = file2 This means to change file2 to null, that is, to delete it. The above file names must contain the complete path. Note: 1. Since wininit. ini files are processed before Windows starts, long file names are not supported. 2. The above files are copied, deleted, renamed, and executed without prompting users. Some viruses also use this file to damage the system, so if you find that the system appears for no reason: Please wait while Setup updates your configuration files. This may take a few minutes... Then the system may be faulty. 3. Windows 95 Resource Kit mentioned that the wininit. ini file has three possible segments, but only describes the [rename] segment usage. 4. Start winstart. BAT: This is a batch file started by the system. It mainly serves to process tasks that need to be copied and deleted. For example, if some software requires a restart after it is installed or uninstalled, you can use the copy and delete files to complete the task. For example: "@ If exist C: windowstempproc. Bat call C: windowstempproc. bat" Here is the command to execute the proc. BAT file; "Call filename.exe> NUL" Here is to remove any output on the screen. It is worth noting that the winstart. BAT file has the same effect as autoexec. bat in a sense. If cleverly arranged, you can completely modify the system! 5. Start autoexec. BAT: this is not enough. It should be one of the system files that the user is familiar. Each time the system is restarted, It is started under DOS. Malicious programs often use this file for auxiliary measures. However, the autoexec. BAT file contains malicious code. Such as format C:/Y. This opportunity is greatly increased due to the existence of BAT malicious programs. For example, the recently popular sircam worm also uses the autoexec. BAT file. Note: Files 4 and 5 are batch files, and their functions cannot be fully written, because batch processing is widely used in the DOS era, its functions are relatively powerful. To use these two files, you must have a certain understanding of DOS.