防 JC 脚本
cyx012113
·
·
个人记录
UNJC.cpp
#include <windows.h>
#include <tlhelp32.h>
#include <iostream>
#include <string>
#include <atomic>
#include <thread>
#include <chrono>
#include <random>
std::atomic <bool> disableInput(true); // Input disable flag
std::atomic <bool> shutdownFlag(false); // Program shutdown flag
std::atomic <size_t> sequencePosition(0); // Current sequence position
std::atomic <bool> sequenceActive(false); // Sequence input active status
std::atomic <long long> lastKeyTime(0); // Last key press time
static const std::vector <std::vector <DWORD> > unlockCombinations = {
{48}
};
// 函数声明
void sigint_handler(int sig);
long long getCurrentTime();
bool checkUnlockCombination(DWORD vkCode);
bool checkContinuousSequence(DWORD vkCode);
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam);
void DisableSecurityOptions();
void EnableSecurityOptions();
bool TerminateTaskManager();
void securityMonitorThread();
bool TerminateProcessByName(const std::string& processName);
void BlockCommandPrompts();
void UnblockCommandPrompts();
// Block Ctrl+C interrupt
void sigint_handler(int sig) {
// Do nothing, ignore Ctrl+C
}
// Get current timestamp (milliseconds)
long long getCurrentTime() {
return std::chrono::duration_cast <std::chrono::milliseconds>(
std::chrono::system_clock::now().time_since_epoch()
).count();
}
bool checkUnlockSequence(DWORD vkCode) {
static std::vector<DWORD> keyBuffer;
static long long lastKeyTime = getCurrentTime();
long long currentTime = getCurrentTime();
// 如果2秒内没有按键,清空缓冲区
if (currentTime - lastKeyTime > 2000) {
keyBuffer.clear();
}
lastKeyTime = currentTime;
// 将按键加入缓冲区
keyBuffer.push_back(vkCode);
// 保持缓冲区大小
if (keyBuffer.size() > 20) {
keyBuffer.erase(keyBuffer.begin());
}
// 检查所有解锁组合
for (const auto& combination : unlockCombinations) {
if (keyBuffer.size() >= combination.size()) {
// 从后往前检查是否匹配
bool match = true;
for (int i = 0; i < combination.size(); i++) {
if (keyBuffer[keyBuffer.size() - combination.size() + i] != combination[i]) {
match = false;
break;
}
}
if (match) {
keyBuffer.clear();
return true;
}
}
}
return false;
}
// Keyboard hook, monitor all keys
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode >= 0) {
KBDLLHOOKSTRUCT* pKey = (KBDLLHOOKSTRUCT*)lParam;
DWORD vkCode = pKey->vkCode;
// 只在按键按下时检查解锁序列
if (wParam == WM_KEYDOWN) {
// 使用统一的解锁检查函数
if (checkUnlockSequence(vkCode)) {
disableInput = false;
shutdownFlag = true;
PostQuitMessage(0);
return 1; // 阻止解锁键传递
}
}
// 在disableInput模式下拦截系统快捷键
if (disableInput) {
// 检查是否是Alt键或F4键
bool isAltKey = (vkCode == VK_MENU) || (vkCode == VK_LMENU) || (vkCode == VK_RMENU);
bool isF4Key = (vkCode == VK_F4);
bool isAltPressed = (GetAsyncKeyState(VK_MENU) & 0x8000) != 0;
// 如果是Alt键、F4键,或者Alt+F4组合
if (isAltKey || isF4Key || (isAltPressed && isF4Key)) {
// 阻止所有键盘按下和释放消息
if (wParam == WM_KEYDOWN || wParam == WM_KEYUP ||
wParam == WM_SYSKEYDOWN || wParam == WM_SYSKEYUP) {
return 1;
}
}
// 拦截所有电源相关的快捷键
bool isPowerShortcut =
(GetAsyncKeyState(VK_LWIN) && vkCode == 'X') || // Win+X (电源用户菜单)
(GetAsyncKeyState(VK_LWIN) && vkCode == VK_F4) || // Win+F4 (关机对话框)
(vkCode == VK_SLEEP) || // 睡眠键
(GetAsyncKeyState(VK_MENU) && vkCode == VK_F4) || // Alt+F4
(GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_MENU) && vkCode == VK_DELETE); // Ctrl+Alt+Del
// 拦截密码修改和注销相关的快捷键
bool isPasswordOrLogoffShortcut =
(GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_MENU) && vkCode == VK_DELETE) || // Ctrl+Alt+Del
(GetAsyncKeyState(VK_LWIN) && vkCode == 'L') || // Win+L (锁定/注销)
(GetAsyncKeyState(VK_LMENU) && GetAsyncKeyState(VK_SHIFT) && vkCode == VK_F4) || // Alt+Shift+F4 (注销)
(GetAsyncKeyState(VK_LMENU) && vkCode == VK_F4 && GetForegroundWindow() == GetDesktopWindow()); // Alt+F4在桌面时
// 拦截系统快捷键
if (vkCode == VK_ESCAPE || vkCode == VK_TAB ||
vkCode == VK_LWIN || vkCode == VK_RWIN ||
vkCode == 'L' || vkCode == 'D' || // Block Win+L (lock), Win+D (desktop)
vkCode == VK_F4 || // Block F4 key
isPowerShortcut || // 拦截电源快捷键
isPasswordOrLogoffShortcut || // 拦截密码和注销快捷键
(GetAsyncKeyState(VK_CONTROL) && GetAsyncKeyState(VK_MENU) && vkCode == VK_DELETE) || // Ctrl+Alt+Del
(GetAsyncKeyState(VK_LWIN) && vkCode == 'L') || // Win+L
(GetAsyncKeyState(VK_LWIN) && vkCode == 'D') || // Win+D
(GetAsyncKeyState(VK_CONTROL) && vkCode == VK_ESCAPE) || // Ctrl+Esc (Start menu)
(GetAsyncKeyState(VK_MENU) && vkCode == VK_F4)) { // Alt+F4 (Close window)
return 1;
}
// 拦截 Ctrl+C
bool isCtrlPressed = (GetAsyncKeyState(VK_CONTROL) & 0x8000) != 0;
bool isCPressed = (vkCode == 'C');
if (isCtrlPressed && isCPressed) {
return 1; // 完全拦截 Ctrl+C
}
// 注意:不要在这里拦截所有键盘输入,否则解锁密码无法输入
// 只拦截特定的系统快捷键,允许普通按键通过以输入解锁密码
}
}
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
// Mouse hook, block all mouse input
LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (disableInput) {
// 扩展鼠标操作禁用范围
if (wParam == WM_LBUTTONDOWN || wParam == WM_RBUTTONDOWN ||
wParam == WM_MBUTTONDOWN || wParam == WM_MOUSEWHEEL ||
wParam == WM_LBUTTONUP || // 移除重复的 WM_MOUSEWHEEL
wParam == WM_RBUTTONUP || wParam == WM_MBUTTONUP ||
wParam == WM_LBUTTONDBLCLK || wParam == WM_RBUTTONDBLCLK ||
wParam == WM_MBUTTONDBLCLK || wParam == WM_XBUTTONDOWN ||
wParam == WM_XBUTTONUP || wParam == WM_XBUTTONDBLCLK) {
return 1; // 阻止所有鼠标输入
}
}
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
void DisableSecurityOptions() {
HKEY hKey;
DWORD value = 1;
// Disable Task Manager
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "DisableTaskMgr", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 更彻底的禁用用户切换功能
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "HideFastUserSwitching", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用欢迎屏幕和快速用户切换
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
DWORD disableWelcome = 1;
RegSetValueEx(hKey, "AllowMultipleTSSessions", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegSetValueEx(hKey, "EnableFastUserSwitching", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegSetValueEx(hKey, "ForceAutoLogon", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用切换用户服务
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services\\FastUserSwitching",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "Start", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用终端服务(用于多用户会话)
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
DWORD fDenyTSConnections = 1;
RegSetValueEx(hKey, "fDenyTSConnections", 0, REG_DWORD, (const BYTE*)&fDenyTSConnections, sizeof(fDenyTSConnections));
RegCloseKey(hKey);
}
// 防止修改密码
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "DisableChangePassword", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 防止注销
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoLogoff", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用所有电源按钮(关机、重启、睡眠、休眠)
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
// 禁用关机按钮
RegSetValueEx(hKey, "NoClose", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
// 禁用所有电源选项(包括睡眠和休眠)
RegSetValueEx(hKey, "NoPowerOptions", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用开始菜单中的电源按钮
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "HidePowerOptions", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用Ctrl+Alt+Del界面中的电源按钮
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoClose", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 隐藏开始菜单中的注销按钮
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "StartMenuLogOff", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用Ctrl+Alt+Del界面中的轻松访问按钮
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\utilman.exe",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
// 重定向轻松访问工具到cmd.exe(实际上会阻止其运行)
RegSetValueEx(hKey, "Debugger", 0, REG_SZ, (const BYTE*)"cmd.exe", strlen("cmd.exe") + 1);
RegCloseKey(hKey);
}
// 禁用其他轻松访问相关程序
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\osk.exe",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "Debugger", 0, REG_SZ, (const BYTE*)"cmd.exe", strlen("cmd.exe") + 1);
RegCloseKey(hKey);
}
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\magnify.exe",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "Debugger", 0, REG_SZ, (const BYTE*)"cmd.exe", strlen("cmd.exe") + 1);
RegCloseKey(hKey);
}
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\narrator.exe",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "Debugger", 0, REG_SZ, (const BYTE*)"cmd.exe", strlen("cmd.exe") + 1);
RegCloseKey(hKey);
}
// 通过策略禁用轻松访问
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoSetTaskbar", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用Ctrl+Alt+Del中的密码修改选项
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoSecCPL", 0, REG_DWORD, (const BYTE*)&value, sizeof(value)); // 禁用安全设置
RegCloseKey(hKey);
}
// Disable Lock Workstation
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "DisableLockWorkstation", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// Disable Run dialog
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoRun", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
// 禁用U盘自动运行功能 - 通过修改注册表
HKEY hKeyAutoRun;
DWORD disableValue = 0xFF; // 禁用所有驱动器的自动运行
// 方法1: 通过Explorer键值禁用
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKeyAutoRun, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKeyAutoRun, "NoDriveTypeAutoRun", 0, REG_DWORD,
(const BYTE*)&disableValue, sizeof(disableValue));
RegCloseKey(hKeyAutoRun);
}
// 方法2: 通过MountPoints2权限控制彻底禁用:cite[1]:cite[5]
HKEY hKeyMountPoints;
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2",
0, KEY_WRITE, &hKeyMountPoints) == ERROR_SUCCESS) {
// 设置权限拒绝所有用户访问(需要更复杂的ACL操作,这里简化实现)
// 实际应用中可能需要使用SetSecurityInfo或SetNamedSecurityInfo函数
// 这里通过设置特殊值来模拟权限限制
DWORD denyAccess = 1;
RegSetValueEx(hKeyMountPoints, "DisableAutoRun", 0, REG_DWORD,
(const BYTE*)&denyAccess, sizeof(denyAccess));
RegCloseKey(hKeyMountPoints);
}
// 方法3: 禁用所有驱动器的自动运行(更彻底的方法)
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKeyAutoRun, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKeyAutoRun, "NoDriveTypeAutoRun", 0, REG_DWORD,
(const BYTE*)&disableValue, sizeof(disableValue));
RegCloseKey(hKeyAutoRun);
}
}
void EnableSecurityOptions() {
HKEY hKey;
// 恢复 HKEY_CURRENT_USER 下的系统策略
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "DisableTaskMgr");
RegDeleteValue(hKey, "DisableLockWorkstation");
RegCloseKey(hKey);
}
// 恢复 Explorer 策略
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoRun");
RegCloseKey(hKey);
}
// 恢复命令行相关设置
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Policies\\Microsoft\\Windows\\System",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "DisableCMD");
RegCloseKey(hKey);
}
// 恢复用户切换相关设置
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "HideFastUserSwitching");
RegCloseKey(hKey);
}
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "EnableFastUserSwitching");
RegDeleteValue(hKey, "ForceAutoLogon");
RegDeleteValue(hKey, "DisableCAD");
RegCloseKey(hKey);
}
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
DWORD fDenyTSConnections = 0;
RegSetValueEx(hKey, "fDenyTSConnections", 0, REG_DWORD, (const BYTE*)&fDenyTSConnections, sizeof(fDenyTSConnections));
RegCloseKey(hKey);
}
// 恢复密码修改功能
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "DisableChangePassword");
RegDeleteValue(hKey, "NoSecCPL");
RegCloseKey(hKey);
}
// 恢复注销功能
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoLogoff");
RegDeleteValue(hKey, "StartMenuLogOff");
RegCloseKey(hKey);
}
// 恢复所有电源按钮功能
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoClose");
RegDeleteValue(hKey, "NoPowerOptions");
RegDeleteValue(hKey, "HidePowerOptions");
RegCloseKey(hKey);
}
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoClose");
RegCloseKey(hKey);
}
// 恢复轻松访问功能
const char* easeOfAccessPrograms[] = {
"utilman.exe",
"osk.exe",
"magnify.exe",
"narrator.exe",
NULL
};
for (int i = 0; easeOfAccessPrograms[i] != NULL; i++) {
std::string regPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\";
regPath += easeOfAccessPrograms[i];
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
regPath.c_str(),
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "Debugger");
RegCloseKey(hKey);
// 删除整个键(如果为空)
RegDeleteKey(HKEY_LOCAL_MACHINE, regPath.c_str());
}
}
// 恢复策略设置
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoSetTaskbar");
RegCloseKey(hKey);
}
// 恢复命令行功能
UnblockCommandPrompts();
// 恢复U盘自动运行设置
// 删除Explorer中的自动运行限制
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoDriveTypeAutoRun");
RegCloseKey(hKey);
}
// 恢复MountPoints2的设置
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "DisableAutoRun");
RegCloseKey(hKey);
}
// 删除本地机器中的自动运行限制
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoDriveTypeAutoRun");
RegCloseKey(hKey);
}
// 强制刷新注册表更改
SendMessageTimeout(HWND_BROADCAST, WM_SETTINGCHANGE, 0,
(LPARAM)"Policy", SMTO_BLOCK, 1000, NULL);
SendMessageTimeout(HWND_BROADCAST, WM_SETTINGCHANGE, 0,
(LPARAM)"Windows", SMTO_BLOCK, 1000, NULL);
}
// 阻止命令行程序通过注册表
void BlockCommandPrompts() {
HKEY hKey;
DWORD value = 1;
if (RegCreateKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "NoRun", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
}
void UnblockCommandPrompts() {
HKEY hKey;
// 恢复运行功能
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "NoRun");
RegCloseKey(hKey);
}
// 恢复命令行禁用设置
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Policies\\Microsoft\\Windows\\System",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "DisableCMD");
RegCloseKey(hKey);
}
// 恢复 PowerShell 禁用设置
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Policies\\Microsoft\\Windows\\PowerShell",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "Disable");
RegCloseKey(hKey);
}
// 恢复 AppCompatFlags 设置
if (RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Layers",
0, KEY_WRITE, &hKey) == ERROR_SUCCESS) {
RegDeleteValue(hKey, "C:\\Windows\\System32\\cmd.exe");
RegDeleteValue(hKey, "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe");
RegCloseKey(hKey);
}
}
bool TerminateProcessByName(const std::string& processName) {
// 保护列表:绝对不能终止的系统关键进程
const char* protectedProcesses[] = {
"winlogon.exe", "csrss.exe", "lsass.exe", "smss.exe",
"services.exe", "svchost.exe", "explorer.exe", "sihost.exe",
"ctfmon.exe", "dwm.exe", "System", "System Idle Process",
NULL
};
for (int i = 0; protectedProcesses[i] != NULL; i++) {
if (_stricmp(processName.c_str(), protectedProcesses[i]) == 0) {
return false; // 拒绝终止受保护的进程
}
}
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE) return false;
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
// 获取当前进程ID和父进程ID
DWORD currentProcessId = GetCurrentProcessId();
DWORD parentProcessId = 0;
// 使用简单的方法获取父进程ID
HANDLE hCurrentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, currentProcessId);
if (hCurrentProcess) {
// 使用 Process32First/Next 来查找当前进程的父进程ID
if (Process32First(hSnapshot, &pe)) {
do {
if (pe.th32ProcessID == currentProcessId) {
parentProcessId = pe.th32ParentProcessID;
break;
}
} while (Process32Next(hSnapshot, &pe));
}
CloseHandle(hCurrentProcess);
}
// 重新开始遍历进程
Process32First(hSnapshot, &pe);
bool found = false;
do {
if (_stricmp(pe.szExeFile, processName.c_str()) == 0) {
// 跳过系统关键进程、当前进程和父进程
if (pe.th32ProcessID == currentProcessId ||
pe.th32ProcessID == parentProcessId ||
pe.th32ProcessID == 0 ||
pe.th32ProcessID == 4) { // System and Idle processes
continue;
}
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pe.th32ProcessID);
if (hProcess != NULL) {
// 尝试优雅终止
if (TerminateProcess(hProcess, 0)) found = true;
CloseHandle(hProcess);
}
}
} while (Process32Next(hSnapshot, &pe));
CloseHandle(hSnapshot);
return found;
}
// Check if taskmgr.exe is running and terminate it
bool TerminateTaskManager() {
return TerminateProcessByName("taskmgr.exe");
}
// 禁用Windows安全屏幕
void DisableSecurityScreen() {
HKEY hKey;
DWORD value = 1;
// 禁用Ctrl+Alt+Del安全屏幕
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) == ERROR_SUCCESS) {
RegSetValueEx(hKey, "DisableCAD", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
}
void securityMonitorThread() {
while (!shutdownFlag) {
if (!shutdownFlag) {
// Check and terminate Task Manager if running
TerminateTaskManager();
// 终止所有与轻松访问相关的进程
const char* easeOfAccessProcesses[] = {
"taskmgr.exe", // 任务管理器
"cmd.exe", // 命令提示符
"powershell.exe", // PowerShell
"utilman.exe", // 轻松访问工具
"osk.exe", // 屏幕键盘
"magnify.exe", // 放大镜
"narrator.exe", // 讲述人
"sethc.exe", // 粘滞键
"control.exe", // 控制面板
"ms-settings:", // 设置应用
NULL
};
for (int i = 0; easeOfAccessProcesses[i] != NULL && !shutdownFlag; i++) {
TerminateProcessByName(easeOfAccessProcesses[i]);
}
}
std::this_thread::sleep_for(std::chrono::milliseconds(1000));
}
}
bool IsRunningAsAdmin() {
BOOL isAdmin = FALSE;
PSID adminGroup = NULL;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
if (AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &adminGroup)) {
if (!CheckTokenMembership(NULL, adminGroup, &isAdmin)) isAdmin = FALSE;
FreeSid(adminGroup);
}
return isAdmin;
}
int main() {
if (!IsRunningAsAdmin()) {
MessageBox(NULL, "Please run this program as administrator", "Permission Error", MB_ICONERROR | MB_OK);
return 1;
}
// Set signal handler to ignore Ctrl+C
signal(SIGINT, sigint_handler);
// Install hooks
HHOOK keyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardProc, NULL, 0);
HHOOK mouseHook = SetWindowsHookEx(WH_MOUSE_LL, MouseProc, NULL, 0);
if (keyboardHook == NULL || mouseHook == NULL) {
std::cerr << "Failed to install hooks!" << std::endl;
return 1;
}
// Disable security options
DisableSecurityOptions();
DisableSecurityScreen();
// Start security monitoring thread
std::thread monitorThread(securityMonitorThread);
// Message loop
MSG msg;
while (!shutdownFlag) {
if (PeekMessage(&msg, NULL, 0, 0, PM_REMOVE)) {
if (msg.message == WM_QUIT) break;
TranslateMessage(&msg);
DispatchMessage(&msg);
}
else std::this_thread::sleep_for(std::chrono::milliseconds(10));
}
// Cleanup - 确保正确的顺序
shutdownFlag = true;
// 等待监控线程退出
if (monitorThread.joinable()) monitorThread.join();
// 恢复系统设置
EnableSecurityOptions();
// 卸载钩子
UnhookWindowsHookEx(keyboardHook);
UnhookWindowsHookEx(mouseHook);
// 确保系统有足够时间恢复
std::this_thread::sleep_for(std::chrono::seconds(1));
return 0;
}