尝试使用窗口注册表中的路径和 DeleteFile() 方法删除.exe文件

Trying to delete .exe file using Path from windows registries and DeleteFile() method

本文关键字:DeleteFile 方法 删除 文件 exe 路径 窗口 注册表      更新时间:2023-10-16

所以我需要扫描Windows注册表,将它们全部显示在控制台上,然后检查哪些值与代码中设置的名称相同

当程序找到具有目标名称的值时,我需要终止它的进程并使用 DeleteFile(( 将其从硬件中删除。

所以我已经完成了所有事情,得到了.exe文件目标的路径,但是当我使用 DeleteFile(( 时; 它不会删除文件

void EndProcess(HANDLE snap, HANDLE &process, PROCESSENTRY32 pe32, TCHAR 
virusName[], TCHAR valuePath[], wofstream &file)
{
    process = OpenProcess(PROCESS_TERMINATE, FALSE, pe32.th32ProcessID);
    if (TerminateProcess(process, 1))
    {
        cout << "Virus process is found and successfully terminated!" << 
    endl;
        file << "Virus process is found and successfully terminated!" << 
    endl;
        CloseHandle(process);
        DeleteFile(valuePath);
    }
    else
    {
        cout << "Failed to terminate Virus process!" << endl;
        file << "Failed to terminate Virus process!" << endl;
    }
}

终止进程是异步的,它启动终止并立即返回。也就是说,不确定该过程是否已终止。简单的解决方案是为延迟添加Sleep()

如果需要确保进程已终止,请使用进程句柄调用 WaitForSingleObject 函数。并且您还需要在打开进程句柄时添加SYNCHRONIZE访问权限:

void EndProcess(HANDLE snap, HANDLE &process, PROCESSENTRY32 pe32, TCHAR
    virusName[], TCHAR valuePath[], wofstream &file)
{
    process = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pe32.th32ProcessID);
    if (TerminateProcess(process, 1))
    {
        cout << "Virus process is found and successfully terminated!" <<
            endl;
        file << "Virus process is found and successfully terminated!" <<
            endl;
        WaitForSingleObject(process, INFINITE);
        CloseHandle(process);
        DeleteFile(valuePath);
    }
    else
    {
        cout << "Failed to terminate Virus process!" << endl;
        file << "Failed to terminate Virus process!" << endl;
    }
}
相关文章: