[shell-coding] Re: ls 24.7 startup code
- From: Vendicator <christoffer.sjoberg@xxxxxxxxxx>
- To: chris rempel <shell-coding@xxxxxxxxxxxxx>
- Date: Mon, 28 Jul 2003 12:47:45 +0200
Sure, you'll have to deal with the formation tho ;)
//
// IsFirstRunThisSession()
//
bool StartupRunner::_IsFirstRunThisSession()
{
bool bReturn = false;
HKEY hkExplorer;
TCHAR tzSessionInfo[30];
OSVERSIONINFO OsVersionInfo;
OsVersionInfo.dwOSVersionInfoSize = sizeof(OsVersionInfo);
GetVersionEx(&OsVersionInfo);
// On NT systems, the SessionInfo subkey will be the AuthenticationID
if (OsVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)
!= 0)
{
TOKEN_STATISTICS tsStats;
DWORD dwOutSize;
if (GetTokenInformation(hToken, TokenStatistics,
&tsStats, sizeof(tsStats), &dwOutSize))
{
StringCchPrintf(tzSessionInfo, 30,
_T("SessionInfo\\%08x%08x"),
tsStats.AuthenticationId.HighPart,
tsStats.AuthenticationId.LowPart);
// Create the SessionInfo and StartUpHasBeenRun
keys
LONG lResult = RegCreateKeyEx(HKEY_CURRENT_USER,
REGSTR_PATH_EXPLORER, 0, NULL, REG_OPTION_NON_VOLATILE,
MAXIMUM_ALLOWED, NULL, &hkExplorer, NULL);
if (lResult == ERROR_SUCCESS)
{
HKEY hkSessionInfo;
lResult = RegCreateKeyEx(hkExplorer,
tzSessionInfo, 0, NULL,
REG_OPTION_VOLATILE, KEY_WRITE, NULL, &hkSessionInfo,
NULL);
if (lResult == ERROR_SUCCESS)
{
DWORD dwDisposition;
HKEY hkStartup;
lResult =
RegCreateKeyEx(hkSessionInfo,
_T("StartupHasBeenRun"), 0, NULL,
REG_OPTION_VOLATILE, KEY_WRITE, NULL,
&hkStartup, &dwDisposition);
RegCloseKey(hkStartup);
if (dwDisposition == REG_CREATED_NEW_KEY)
{
bReturn = true;
}
}
RegCloseKey(hkSessionInfo);
}
RegCloseKey(hkExplorer);
}
}
CloseHandle(hToken);
}
else
{
bReturn = true;
}
return bReturn;
}
// Vendicator
---[ Original Message ]---
From: chris rempel [jugg@xxxxxxxxxxxxxxxxx]
Sent: 2003-07-28, 12:29:44
To: shell-coding@xxxxxxxxxxxxx
Subj: [shell-coding] ls 24.7 startup code
> Would some one please paste the relevant code for detecting whether startup
> items have been ran or not? I believe the latest LS beta implements it.
> Thanks.
> chris
> ______________________________________________________________
> Sent via activatormail.com webmail system.
> ActivatorMail(tm) ver.00608031 Scanned for all viruses by
> www.activatormail.com intelligent anti-virus anti-spam service
> --
> ActivatorMail(tm) ver.00608031 Scanned for all viruses by
> www.activatormail.com intelligent anti-virus anti-spam service
> __________________________________________________
> Subscription options and archive:
> http://www.freelists.org/list/shell-coding
__________________________________________________
Subscription options and archive:
http://www.freelists.org/list/shell-coding
- References:
- [shell-coding] ls 24.7 startup code
- From: chris rempel
Other related posts:
- » [shell-coding] ls 24.7 startup code
- » [shell-coding] Re: ls 24.7 startup code
- [shell-coding] ls 24.7 startup code
- From: chris rempel