註冊碼差異比較
由上次的Sandbox Demo所想到的功能之一,首先以Windows系列
開機必要載入Registry的部分,比較常見的病毒很多都會寫在啟動區
讓病毒開機時順便啟動載入........
使用條件就是先備份一個乾淨的Registry部分
再跟感染病毒後的註冊碼進行比較。
當然很多人會問哪個註冊碼比較重要,因為某些因素測試很多工具
發現了一個工具(Comodo還不錯用,再說就有打廣告嫌疑了XD)
Comodo有把保護的部分秀出來那也順便跟大家一起分享.....
介面
後台部分(比對可以依照想備份自己調整)
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Collections;
using System.Linq;
using Microsoft.VisualBasic;
namespace registbackup
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
string ModernTechBU="C:\\";
string CurrentUser = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\";
//string CurrentUser = @"HKEY_LOCAL_MACHINE\SOFTWARE";可調整想備份部分位置。
string Command = ("/C regedit.exe /e " + @"""" + ModernTechBU + DateTime.Now.ToString("yyyyMMddhhmmss")+".reg" + @"""" + CurrentUser);
if (Directory.Exists(ModernTechBU) == false)
{
Directory.CreateDirectory(ModernTechBU);
}
System.Diagnostics.Process.Start("CMD.exe", Command);
}
private void button2_Click(object sender, EventArgs e)
{
OpenFileDialog fDilag = new OpenFileDialog();
fDilag.Title = "Please You Choose The Path Of The Modified DataBase!";
fDilag.InitialDirectory = @"c:\";
fDilag.Filter = "All files (*.*)|*.*|All files (*.*)|*.*";
fDilag.FilterIndex = 2;
fDilag.RestoreDirectory = true;
if (fDilag.ShowDialog() == DialogResult.OK )
{
textBox1.Text = fDilag.FileName;
}
}
private void button3_Click(object sender, EventArgs e)
{
OpenFileDialog fDilag = new OpenFileDialog();
fDilag.Title = "Please You Choose The Path Of The Modified DataBase!";
fDilag.InitialDirectory = @"c:\";
fDilag.Filter = "All files (*.*)|*.*|All files (*.*)|*.*";
fDilag.FilterIndex = 2;
fDilag.RestoreDirectory = true;
if (fDilag.ShowDialog() == DialogResult.OK)
{
textBox2.Text = fDilag.FileName;
}
}
private void compare_Click(object sender, EventArgs e)
{
List<string> arrText = new List<string>();
List<string> arrText2 = new List<string>();
#region 進行比對........
try
{
StreamReader objReader = new StreamReader(textBox1.Text.ToString());
string sLine = "";
while (sLine != null)
{
sLine = objReader.ReadLine();
if (sLine != null)
arrText.Add(sLine);
}
objReader.Close();
StreamReader objReader1 = new StreamReader(textBox2.Text.ToString());
string sLine1 = "";
while (sLine1 != null)
{
sLine1 = objReader1.ReadLine();
if (sLine1 != null)
arrText2.Add(sLine1);
}
objReader1.Close();
}
catch (Exception ex)
{
MessageBox.Show("請確定檔案是否存在");
}
double total = 0;
// 此段秒速計算可以拿掉@@純屬個人想看
System.Diagnostics.Stopwatch swt = new System.Diagnostics.Stopwatch();//引用stopwatch物件
swt.Reset();
swt.Start();
int num = 0;
// List<string> arrText3 = new List<string>();//測試用
try
{
//開起要存的檔案
string filename = DateTime.Now.ToString("yyyy_MM_dd_hh_mm_ss").ToString();
StreamWriter sw = new StreamWriter("C:\\compare_" + DateTime.Now.ToString("yyyy_MM_dd_hh_mm_ss") + ".txt", true, Encoding.ASCII);
foreach (string sOutput in arrText2)
{
if (sOutput.Split('_')[0].ToString() == "[HKEY")
{
sw.WriteLine(sOutput);
}
if (arrText.Count() == num)
{
sw.WriteLine(sOutput);
}
else if (sOutput != arrText[num].ToString())
{
// arrText3.Add(sOutput); //測試用
sw.WriteLine(sOutput);
}
num++;
}
swt.Stop();
total += swt.Elapsed.TotalSeconds;
sw.Close();
MessageBox.Show("輸出檔案為"+filename+"比對完成花費時間" + total.ToString());
}
catch (Exception ex)
{
}
#endregion
}
}
}
測試
大家一起加入blogads 賺零用錢!!
