CN106201579B - A kind of method, apparatus and electronic equipment for deleting registry boot item - Google Patents
A kind of method, apparatus and electronic equipment for deleting registry boot item Download PDFInfo
- Publication number
- CN106201579B CN106201579B CN201610490412.7A CN201610490412A CN106201579B CN 106201579 B CN106201579 B CN 106201579B CN 201610490412 A CN201610490412 A CN 201610490412A CN 106201579 B CN106201579 B CN 106201579B
- Authority
- CN
- China
- Prior art keywords
- registry
- key value
- data
- value data
- item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Abstract
The embodiment of the present invention discloses a kind of method, apparatus and electronic equipment for deleting registry boot item, is related to computer software technology, is able to solve the low problem of security of system caused by the startup item due to that can not delete rogue program in the prior art.The method for deleting malicious file includes: each registry key Value Data obtained under system registry startup item, each registry key Value Data is stored in the pointer of preset data structure, further includes the corresponding data length value of each registry key Value Data in the preset data structure;It obtains in each registry key Value Data using the first character as the first registry key Value Data of bebinning character;The data length value of the first registry key Value Data is obtained according to the preset data structure;If the data length value of the first registry key Value Data is greater than 0, the corresponding first registry boot item of the first registry key Value Data is deleted.The present invention is suitable for antivirus software.
Description
Technical field
The present invention relates to computer software technology more particularly to a kind of method, apparatus and electricity for deleting registry boot item
Sub- equipment.
Background technique
With the development of internet technology, the Malwares such as virus, wooden horse emerge one after another.
The registry boot item of general procedure is stored in: HKEY_LOCAL_MACHINE SOFTWARE Microsoft
Under Windows CurrentVersion Run, and registration table key assignments is preserved under it, such as " av1 ", the LPCTSTR such as " acb "
The character string of type.In C language exploitation, character string is all with " 00 " character ends.As some registration table key assignments is
" av1 00 ", in practical applications can " av1 " be parameter, pass through and delete function RegDeleteValue and delete rogue program
Startup item.
But in a particular application, it being deleted in order to prevent, rogue program would generally construct special registration table key assignments,
Such as " 00av1 ".Since the registration table key assignments is that 00 character of Yi starts, Er 00 character of represents the knot of registration table key assignments
Beam, so, when deleting startup item using RegDeleteValue function, it will be considered that the corresponding registration table key assignments of the startup item is
Startup item empty that the rogue program deletes, to reduce the safety of system.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method, apparatus and electronic equipment for deleting registry boot item, energy
Enough solve the problems, such as that security of system caused by the startup item due to that can not delete rogue program in the prior art is low.
In a first aspect, the embodiment of the present invention provides a kind of method for deleting registry boot item, comprising:
Each registry key Value Data under system registry startup item is obtained, each registry key Value Data is stored in pre-
If further including that the corresponding data of each registry key Value Data are long in the preset data structure in the pointer of data structure
Angle value;
It obtains in each registry key Value Data using the first character as the first registry key Value Data of bebinning character;
The data length value of the first registry key Value Data is obtained according to the preset data structure;
If the data length value of the first registry key Value Data is greater than 0, the first registration table key assignments is deleted
The corresponding first registry boot item of data.
With reference to first aspect, in the first embodiment of first aspect, under the acquisition system registry startup item
Each registry key Value Data include:
System registry startup item is obtained using the key assignments function NtEnumerateValueKey that enumerates in ntdll module
Under each registry key Value Data.
With reference to first aspect, in the first embodiment of first aspect, first character is " 00 ", described pre-
If data structure is _ UNICODE_STRING.
With reference to first aspect, described to delete the first registration table key assignments in the first embodiment of first aspect
The corresponding first registry boot item of data includes: the title for obtaining the first registry boot item;Described first is registered
The title of table startup item is stored in chained list;The delete key value function in ntdll module is called according to the chained list
NtDeleteValueKey deletes the first registry boot item.
Second aspect, the embodiment of the present invention provide a kind of device for deleting registry boot item, comprising:
First obtains module, for obtaining each registry key Value Data under system registry startup item, each registration
Table key assignments data are stored in the pointer of preset data structure, further include each registry key in the preset data structure
The corresponding data length value of Value Data;
Second obtains module, for obtaining the using the first character as bebinning character in each registry key Value Data
One registry key Value Data;
Third obtains module, for obtaining the data of the first registry key Value Data according to the preset data structure
Length value;
Removing module when being greater than 0 for the data length value in the first registry key Value Data, deletes described first
The corresponding first registry boot item of registry key Value Data.
In conjunction with second aspect, in the first embodiment of second aspect, the first acquisition module is specifically used for: benefit
With each registration enumerated under key assignments function NtEnumerateValueKey acquisition system registry startup item in ntdll module
Table key assignments data.
In conjunction with second aspect, in the first embodiment of second aspect, first character is " 00 ", described pre-
If data structure is _ UNICODE_STRING.
In conjunction with second aspect, in the first embodiment of second aspect, the removing module includes:
Acquisition submodule, for obtaining the title of the first registry boot item;
Sub-module stored, for the title of the first registry boot item to be stored in chained list;
Submodule is deleted, for calling the delete key value function in ntd11 module according to the chained list
NtDeleteValueKey deletes the first registry boot item.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes: shell, processor, deposits
Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting
On circuit boards;Power circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing and can hold
Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory
The program answered, for performing the following operations:
Each registry key Value Data under system registry startup item is obtained, each registry key Value Data is stored in pre-
If further including that the corresponding data of each registry key Value Data are long in the preset data structure in the pointer of data structure
Angle value;
It obtains in each registry key Value Data using the first character as the first registry key Value Data of bebinning character;
The data length value of the first registry key Value Data is obtained according to the preset data structure;
If the data length value of the first registry key Value Data is greater than 0, the first registration table key assignments is deleted
The corresponding first registry boot item of data.
Fourth aspect, the embodiment of the invention also provides a kind of storage mediums, described to apply journey for storing application program
Sequence is used to execute a kind of method for deleting registry boot item provided by the embodiment of the present invention.
5th aspect, the embodiment of the invention also provides a kind of application programs, are provided for executing the embodiment of the present invention
A kind of deletion registry boot item method.
A kind of method, apparatus and electronic equipment for deleting registry boot item provided in an embodiment of the present invention, obtains each note
Using the first character as the first registry key Value Data of bebinning character in volume table key assignments data, and judge the first registration table key assignments number
According to data length value whether be 0.If the data length value of the first registry key Value Data be greater than 0, delete described in
The corresponding first registry boot item of first registry key Value Data.Thus, even the scheme using the embodiment of the present invention exists
Rogue program remains to distinguish the startup item of rogue program and is deleted in the case where constructing special startup item key assignments, so as to
It enough solves the problems, such as that security of system caused by the startup item due to that can not delete rogue program in the prior art is low, ensure that
The safety of system.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow chart of the method for the deletion registry boot item of the embodiment of the present invention one;
Fig. 2 is the structural schematic diagram of the device of the deletion registry boot item of the embodiment of the present invention two;
Fig. 3 is the structural schematic diagram of electronic equipment one embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its
Its embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is the flow chart of the deletion registry boot item of the embodiment of the present invention one.As shown in Figure 1, the present embodiment
Delete malicious file method may include:
Each registry key Value Data under step 101, acquisition system registry startup item.
The embodiment of the present invention is applicable to the equipment such as PC.Specifically, in this step, utilizing enumerating in ntdll module
Key assignments function NtEnumerateValueKey obtains each registry key Value Data under system registry startup item.Specifically,
This by enumerate key assignments function enumerate HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows
CurrentVersion all registry key Value Datas below Run registry boot item.
Each registry key Value Data by enumerating the acquisition of key assignments function is stored in the pointer of preset data structure, in institute
Stating in preset data structure further includes the corresponding data length value of each registry key Value Data.Wherein, the preset data knot
Structure can be _ UNICODE_STRING type structure, which is the pointer of PVOID type.
Step 102 obtains in each registry key Value Data using the first character as the first registration table of bebinning character
Key assignments data.
According to the description of background technique, character string is all with " 00 " character ends.Consequently, to facilitate searching, in this reality
It applies in example, first character is " 00 ".
Step 103, the data length value that the first registry key Value Data is obtained according to the preset data structure.
According to the preset data structure, the data length value of available first registry key Value Data.
If the data length value of step 104, the first registry key Value Data is greater than 0, first note is deleted
The corresponding first registry boot item of volume table key assignments data.
Specifically, in this step, obtaining the title of the first registry boot item, and first registration table is opened
The title of dynamic item is stored in chained list, and the delete key value function in ntdll module is then called according to the chained list
NtDeleteValueKey deletes the first registry boot item.
From the above, it can be seen that even the scheme using the embodiment of the present invention constructs special startup item key assignments in rogue program
In the case where remain to distinguish the startup item of rogue program and be deleted, so as to solve in the prior art due to that can not delete
The low problem of security of system caused by startup item except rogue program, ensure that the safety of system.
In a particular application, be in the rogue programs such as virus write-in registry boot item data with " 00 " beginning, that
Conventional deletion mode will be considered that it is empty, so can not delete.The Registry Editor of even system can not also be shown
The registry boot item data of virus write-in.Registry Editor to enumerate HKEY_LOCAL_MACHINE SOFTWARE
Microsoft Windows CurrentVersion data below Run when, an empty registry key can be enumerated
Value Data.
In Windows api, the function for routinely writing registry key Value Data is RegSetValue, and the registration table being written
Key assignments is the character string of LPCTSTR type, so this function can not be written with the startup item key assignments of " 00 " beginning.So from
RegSetValue function sets out, can be by a NtSetValueKey function in ntdll module, this function can be registration table
The encapsulation of key assignments data, is packaged into the data structure of one _ UNICODE_STRING type.It include registration table in this data structure
Key assignments data and registry key Value Data length.In this way, rogue program can save arbitrary data in the data structure,
Not just character string, and it is not necessarily to limited length length.
So rogue program is the NtSetValueKey function used in ntdll module, and construct one it is special _
The structure of UNICODE_STRING type and registry key Value Data is written to startup item, wherein registry key Value Data with "
The registry key Value Data and data length of 00 " beginning are not 0.
According to above analysis, in embodiments of the present invention in view of the above-mentioned problems, enumerating key assignments using in ntdll module
Function NtEnumerateValueKey obtains each registry key Value Data under system registry startup item.Wherein, pass through
The information that NtEnumerateValueKey function obtains is stored in _ UNICODE_STRING type structure in, including PVOID class
The pointer and the corresponding data length value of registry key Value Data of type, wherein registry key Value Data is stored in PVOID type
In pointer.
For acquisition _ UNICODE_STRING type structure, then judge registry key Value Data therein.If some
Registry key Value Data is with " 00 " beginning and registry boot item key assignments length is greater than 0, then the registry key Value Data is corresponding
Registry boot item needs to delete.It should at this point, the delete key value function NtDeleteValueKey in ntdll module is called to delete
Registry boot item.
Fig. 2 is the structural schematic diagram of the device of the deletion malicious file of the embodiment of the present invention three.As shown in Fig. 2, this implementation
Example device may include:
First obtains module 201, for obtaining each registry key Value Data under system registry startup item, each note
Volume table key assignments data are stored in the pointer of preset data structure, further include each registration table in the preset data structure
The corresponding data length value of key assignments data;
Second obtains module 202, for obtaining in each registry key Value Data using the first character as bebinning character
The first registry key Value Data;
Third obtains module 203, for obtaining the first registry key Value Data according to the preset data structure
Data length value;
Removing module 204, when being greater than 0 for the data length value in the first registry key Value Data, described in deletion
The corresponding first registry boot item of first registry key Value Data.
Wherein, the first acquisition module 201 is specifically used for: enumerating key assignments function using in ntdll module
NtEnumerateValueKey obtains each registry key Value Data under system registry startup item.
Specifically, first character is " 00 ", the preset data structure is _ UNICODE_STRING.
Specifically, the removing module 204 includes:
Acquisition submodule, for obtaining the title of the first registry boot item;Sub-module stored, for by described the
The title of one registry boot item is stored in chained list;Submodule is deleted, for calling in ntdll module according to the chained list
Delete key value function NtDeleteValueKey deletes the first registry boot item.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 1, realization principle and skill
Art effect is similar, and details are not described herein again.
From the above, it can be seen that even the scheme using the embodiment of the present invention constructs special startup item key assignments in rogue program
In the case where remain to distinguish the startup item of rogue program and be deleted, so as to solve in the prior art due to that can not delete
The low problem of security of system caused by startup item except rogue program, ensure that the safety of system.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence " including one ... ", it is not excluded that
There is also other identical elements in the process, method, article or apparatus that includes the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
The embodiment of the present invention also provides a kind of electronic equipment, and the electronic equipment includes dress described in aforementioned any embodiment
It sets.
Fig. 3 is the structural schematic diagram of electronic equipment one embodiment of the present invention, and embodiment illustrated in fig. 1 of the present invention may be implemented
Process, as shown in figure 3, above-mentioned electronic equipment may include: shell 301, processor 302, memory 303,304 and of circuit board
Power circuit 305, wherein circuit board 304 is placed in the space interior that shell 301 surrounds, and processor 302 and memory 303 are set
It sets on circuit board 304;Power circuit 305, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 303
For storing executable program code;Processor 302 is run by reading the executable program code stored in memory 303
Program corresponding with executable program code, for executing method described in aforementioned any embodiment.
Processor 302 passes through operation executable program code to the specific implementation procedure and processor 302 of above-mentioned steps
Come the step of further executing, the description of embodiment illustrated in fig. 1 of the present invention may refer to, details are not described herein.
The electronic equipment exists in a variety of forms, including but not limited to:
(1) mobile communication equipment: the characteristics of this kind of equipment is that have mobile communication function, and to provide speech, data
Communication is main target.This Terminal Type includes: smart phone (such as iPhone), multimedia handset, functional mobile phone and low
Hold mobile phone etc..
(2) super mobile personal computer equipment: this kind of equipment belongs to the scope of personal computer, there is calculating and processing function
Can, generally also have mobile Internet access characteristic.This Terminal Type includes: PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device: this kind of equipment can show and play multimedia content.Such equipment include: audio,
Video player (such as iPod), handheld device, e-book and intelligent toy and portable car-mounted navigation equipment.
(3) server: providing the equipment of the service of calculating, and the composition of server includes that processor, hard disk, memory, system are total
Line etc., server is similar with general computer architecture, but due to needing to provide highly reliable service, in processing energy
Power, stability, reliability, safety, scalability, manageability etc. are more demanding.
(5) other electronic equipments with data interaction function.
In addition, for storing application program, the application program is used the embodiment of the invention also provides a kind of storage medium
In a kind of method for deleting registry boot item provided by the embodiment of the present invention that executes.
In addition, the embodiment of the invention also provides a kind of application program, for executing one provided by the embodiment of the present invention
The method that kind deletes registry boot item.
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
For convenience of description, description apparatus above is to be divided into various units/modules with function to describe respectively.Certainly, exist
Implement to realize each unit/module function in the same or multiple software and or hardware when the present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can
It realizes by means of software and necessary general hardware platform.Based on this understanding, technical solution of the present invention essence
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment or embodiment of the invention
Method described in part.
From the above, it can be seen that even the scheme using the embodiment of the present invention constructs special startup item key assignments in rogue program
In the case where remain to distinguish the startup item of rogue program and be deleted, so as to solve in the prior art due to that can not delete
The low problem of security of system caused by startup item except rogue program, ensure that the safety of system.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (9)
1. a kind of method for deleting registry boot item characterized by comprising
Each registry key Value Data under system registry startup item is obtained, each registry key Value Data is stored in present count
According in the pointer of structure, further including the corresponding data length of each registry key Value Data in the preset data structure
Value;
It obtains in each registry key Value Data using the first character as the first registry key Value Data of bebinning character;
The data length value of the first registry key Value Data is obtained according to the preset data structure;
If the data length value of the first registry key Value Data is greater than 0, the first registry key Value Data is deleted
Corresponding first registry boot item.
2. the method according to claim 1 for deleting registry boot item, which is characterized in that the acquisition system registry
Each registry key Value Data under startup item includes:
It is obtained under system registry startup item using the key assignments function NtEnumerateValueKey that enumerates in ntdll module
Each registry key Value Data.
3. it is according to claim 1 delete registry boot item method, which is characterized in that first character be "
00 ", the preset data structure is _ UNICODE_STRING.
4. the method according to claim 1 for deleting registry boot item, which is characterized in that described to delete first note
The corresponding first registry boot item of volume table key assignments data includes:
Obtain the title of the first registry boot item;
The title of the first registry boot item is stored in chained list;
The delete key value function NtDeleteValueKey in ntdll module is called to delete first registration according to the chained list
Table startup item.
5. a kind of device for deleting registry boot item characterized by comprising
First obtains module, for obtaining each registry key Value Data under system registry startup item, each registry key
Value Data is stored in the pointer of preset data structure, further includes each registration table key assignments number in the preset data structure
According to corresponding data length value;
Second obtains module, for obtaining in each registry key Value Data using the first character as the first note of bebinning character
Volume table key assignments data;
Third obtains module, for obtaining the data length of the first registry key Value Data according to the preset data structure
Value;
Removing module when being greater than 0 for the data length value in the first registry key Value Data, deletes first registration
The corresponding first registry boot item of table key assignments data.
6. the device according to claim 5 for deleting registry boot item, which is characterized in that described first obtains module tool
Body is used for: being obtained under system registry startup item using the key assignments function NtEnumerateValueKey that enumerates in ntdll module
Each registry key Value Data.
7. it is according to claim 5 delete registry boot item device, which is characterized in that first character be "
00 ", the preset data structure is _ UNICODE_STRING.
8. the device according to claim 5 for deleting registry boot item, which is characterized in that the removing module includes:
Acquisition submodule, for obtaining the title of the first registry boot item;
Sub-module stored, for the title of the first registry boot item to be stored in chained list;
Submodule is deleted, for calling the delete key value function NtDeleteValueKey in ntdll module according to the chained list
Delete the first registry boot item.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes: shell, processor, memory, circuit board and electricity
Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply
Circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing executable program code;Processing
Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding
The following operation of row:
Each registry key Value Data under system registry startup item is obtained, each registry key Value Data is stored in present count
According in the pointer of structure, further including the corresponding data length of each registry key Value Data in the preset data structure
Value;
It obtains in each registry key Value Data using the first character as the first registry key Value Data of bebinning character;
The data length value of the first registry key Value Data is obtained according to the preset data structure;
If the data length value of the first registry key Value Data is greater than 0, the first registry key Value Data is deleted
Corresponding first registry boot item.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610490412.7A CN106201579B (en) | 2016-06-28 | 2016-06-28 | A kind of method, apparatus and electronic equipment for deleting registry boot item |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610490412.7A CN106201579B (en) | 2016-06-28 | 2016-06-28 | A kind of method, apparatus and electronic equipment for deleting registry boot item |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106201579A CN106201579A (en) | 2016-12-07 |
CN106201579B true CN106201579B (en) | 2019-06-21 |
Family
ID=57461667
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610490412.7A Active CN106201579B (en) | 2016-06-28 | 2016-06-28 | A kind of method, apparatus and electronic equipment for deleting registry boot item |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106201579B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113553119A (en) * | 2021-06-30 | 2021-10-26 | 珠海豹趣科技有限公司 | Method and device for monitoring startup self-starting item, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1735029A (en) * | 2004-08-12 | 2006-02-15 | 海信集团有限公司 | Registration form protection System and method |
CN101431521A (en) * | 2008-11-26 | 2009-05-13 | 北京网康科技有限公司 | Anti-Trojan network security system and method |
CN103019778A (en) * | 2012-11-30 | 2013-04-03 | 北京奇虎科技有限公司 | Startups cleaning method and device |
CN103092726A (en) * | 2013-01-16 | 2013-05-08 | 厦门市美亚柏科信息股份有限公司 | Recovery method and recovery device of registry deleted data |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7581250B2 (en) * | 2005-02-17 | 2009-08-25 | Lenovo (Singapore) Pte Ltd | System, computer program product and method of selecting sectors of a hard disk on which to perform a virus scan |
-
2016
- 2016-06-28 CN CN201610490412.7A patent/CN106201579B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1735029A (en) * | 2004-08-12 | 2006-02-15 | 海信集团有限公司 | Registration form protection System and method |
CN101431521A (en) * | 2008-11-26 | 2009-05-13 | 北京网康科技有限公司 | Anti-Trojan network security system and method |
CN103019778A (en) * | 2012-11-30 | 2013-04-03 | 北京奇虎科技有限公司 | Startups cleaning method and device |
CN103092726A (en) * | 2013-01-16 | 2013-05-08 | 厦门市美亚柏科信息股份有限公司 | Recovery method and recovery device of registry deleted data |
Also Published As
Publication number | Publication date |
---|---|
CN106201579A (en) | 2016-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103092456B (en) | A kind of text box input method and system | |
US8521513B2 (en) | Localization for interactive voice response systems | |
CN107341014A (en) | Electronic equipment, the generation method of technical documentation and device | |
CN106126291B (en) | A kind of method, apparatus and electronic equipment for deleting malicious file | |
CN105912362B (en) | A kind of method, apparatus and electronic equipment loading plug-in unit | |
US20090249248A1 (en) | User directed refinement of search results while preserving the scope of the initial search | |
US9451423B2 (en) | Method and apparatus for recording information during a call | |
US20170237816A1 (en) | Method and electronic device for identifying device | |
CN106126282A (en) | Injection method and device for dynamic link library file and terminal equipment | |
US20170150214A1 (en) | Method and apparatus for data processing | |
CN106503069A (en) | File sharing method and device | |
CN111680079A (en) | Method and device for converting Json data into dictionary data and electronic equipment | |
CN106203069B (en) | A kind of hold-up interception method of dynamic link library file, device and terminal device | |
CN110652728B (en) | Game resource management method and device, electronic equipment and storage medium | |
CN106201579B (en) | A kind of method, apparatus and electronic equipment for deleting registry boot item | |
CN106201851A (en) | The detection method of heap memory operation and device | |
US20100242027A1 (en) | Identifying groups and subgroups | |
US20180341426A1 (en) | Method and device for clearing data and electronic device | |
CN106127029B (en) | A kind of the starting method, apparatus and electronic equipment of security application | |
WO2017166640A1 (en) | Application calling method and terminal | |
CN112036132B (en) | Method and device for editing header and footer of document and electronic equipment | |
CN105956475A (en) | DLL file interception processing method and device and electronic equipment | |
CN109240660B (en) | Access method of advertisement data, storage medium, electronic device and system | |
CN105653339A (en) | Application process starting method and application process starting device | |
KR101923011B1 (en) | Scene image generator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20190116 Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 100085 East District, Second Floor, 33 Xiaoying West Road, Haidian District, Beijing Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |