堆栈内存溢出
  简体   繁体   English

劫持程序的命令来运行记事本

[英]hijack program’s command to run notepad

 原文  2011-03-23 22:17:12       c#/ vb.net

问题描述

I have a utility programs's EXE file, when i run this file there is a winform only and there is button when we click on it, it run windows's notepad. 我有一个实用程序的EXE文件,当我运行这个文件时只有一个winform,当我们点击它时有按钮,它运行windows的记事本。 Now I want to hijack this program's command to run notepad and instead of running notepad I want to run MS Word. 现在我想劫持这个程序的命令来运行记事本而不是运行记事本我想运行MS Word。 I know C# and VB.NET. 我知道C#和VB.NET。 What I need to do this ? 我需要做什么?

2 个解决方案

解决方案1
 5 已采纳  2011-03-23 22:32:24

You can try to add in folder with this program your own program called notepad.exe that should do only one thing: run word. 您可以尝试在此程序的文件夹中添加一个名为notepad.exe的程序,该程序应该只执行一项操作:运行word。

If you want to do it programatically in C then you should read this page - maybe it helps: Intercepted: Windows Hacking via DLL Redirection 如果你想在C中以编程方式进行,那么你应该阅读这个页面 - 也许它会有所帮助: 拦截:Windows Hacking via DLL Redirection

解决方案2
 3  2011-03-23 23:47:49

You can use a trick to replace programs with another by making changes to the registry. 您可以使用技巧通过更改注册表来将程序替换为另一个程序。 This will work even if the program you are running uses absolute paths to run notepad. 即使您运行的程序使用绝对路径运行记事本,这也可以工作。 It overrides any instance of the running program with the chosen one no matter where it resides. 它会覆盖正在运行的程序的任何实例,无论它位于何处。 And you won't have to patch the file. 而且您不必修补文件。 The key you'd be interested in is: 你感兴趣的关键是: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Add a key with the name of the program and add a Debugger string with the path to the program you want to replace it with. 添加一个带有程序名称的密钥,并添加一个Debugger字符串,其中包含要替换它的程序的路径。 Of course you need to have permissions to make the necessary modifications. 当然,您需要具有进行必要修改的权限。 This page explains how you can replace Windows Notepad with another program. 本页介绍如何使用其他程序替换Windows记事本。 You can apply the same process here. 您可以在此处应用相同的过程。

Though you'll probably not want to have this permanent change, so you can write up a program to temporarily add/change the key, run your program then change it back. 虽然您可能不希望进行此永久性更改,但您可以编写一个程序来临时添加/更改密钥,运行程序然后将其更改回来。 Here's a complete one I just whipped up to temporarily replace Notepad with Word for a demonstration. 这是一个完整的,我刚刚用Word暂时替换记事本进行演示。 Seems to work perfectly fine (though as always, use at your own risk). 似乎工作得很好(虽然一如既往,使用风险自负)。 Just make all the necessary changes to fit your situation. 只需进行所有必要的更改以适应您的情况。 

using System.Diagnostics;
using Microsoft.Win32;

namespace ProgramLauncher
{
    class Program
    {
        // change the following constants as needed
        const string PROGRAM_NAME = @"notepad.exe";
        const string REPLACEMENT_PATH = @"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE";
        const string RUNNING_PATH = @"C:\Windows\notepad.exe";

        // root key
        const string KEY = @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options";

        static void Main(string[] args)
        {
            using (var rootKey = Registry.LocalMachine.OpenSubKey(KEY, RegistryKeyPermissionCheck.ReadWriteSubTree))
            {
                var oldPath = default(string);
                var needsRestoration = false;
                try
                {
                    oldPath = BackupKey(rootKey, PROGRAM_NAME, REPLACEMENT_PATH);
                    needsRestoration = true;
                    Process.Start(RUNNING_PATH).WaitForExit();
                }
                finally
                {
                    if (needsRestoration)
                        RestoreKey(rootKey, PROGRAM_NAME, oldPath);
                }
            }
        }

        static string BackupKey(RegistryKey rootKey, string programName, string newPath)
        {
            Debug.Assert(rootKey != null);
            Debug.Assert(!string.IsNullOrEmpty(programName));
            Debug.Assert(!string.IsNullOrEmpty(newPath) && System.IO.File.Exists(newPath));
            if (newPath.Contains(" "))
                newPath = string.Format("\"{0}\"", newPath);

            using (var programKey = rootKey.CreateSubKey(programName, RegistryKeyPermissionCheck.ReadWriteSubTree))
            {
                var oldDebugger = programKey.GetValue("Debugger") as string;
                programKey.SetValue("Debugger", newPath, RegistryValueKind.String);
                return oldDebugger;
            }
        }

        static void RestoreKey(RegistryKey rootKey, string programName, string oldPath)
        {
            Debug.Assert(rootKey != null);
            Debug.Assert(!string.IsNullOrEmpty(programName));

            if (oldPath != null)
            {
                using (var programKey = rootKey.OpenSubKey(programName, RegistryKeyPermissionCheck.ReadWriteSubTree))
                    programKey.SetValue("Debugger", oldPath);
            }
            else
            {
                rootKey.DeleteSubKey(programName);
            }
        }
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何用命令运行程序? - how to run program with command? 以管理员身份运行命令行程序 - Run a command line program as Administrator 如果程序在一天的特定时间运行,则运行命令? - Run command if a program is run at a specific time of day? 从命令提示符运行MonoDevlop程序 - Run MonoDevlop program from command prompt 可以从命令行运行WinForms程序吗? - Can a WinForms program be run from command line? 在远程计算机上执行和运行记事本 - Execute and run notepad on remote computer 如何在远程服务器上运行命令行程序 - How to run a command-line program on a remote server 通过命令提示符检测程序是否正在运行 - detect whether a program is being run via command prompt 如何创建也可以在命令提示符下运行的Windows窗体程序 - How to create a Windows Forms program that can also run at the command prompt 是否可以在 PHP 的正在运行的 C# 程序中运行命令? - It is possible to run a command in a running C# program from PHP?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM