网站营销推广计划书,泰安电视台直播在线观看,杭州网站设计公司排名,可以发广告的100个网站试用网上成品的禁用U盘的相关软件#xff0c;发现使用固态硬盘改装的U盘以及手机等设备#xff0c;无法被禁止#xff0c;无奈下#xff0c;自己使用C#手搓了一个。 基本逻辑#xff1a;
开机自启#xff1b;启动时#xff0c;修改注册表#xff0c;禁止系统插入USB存…试用网上成品的禁用U盘的相关软件发现使用固态硬盘改装的U盘以及手机等设备无法被禁止无奈下自己使用C#手搓了一个。 基本逻辑
开机自启启动时修改注册表禁止系统插入USB存储设备监听系统的USB插入事件 判断系统插入USB设备的类型如果系统注册表被篡改并插入非法设备则立刻重启系统
Demo1.0主要代码如下
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Management;
using System.Security.AccessControl;
using System.Security.Principal;
using System.ServiceProcess;namespace ListeningUSB
{partial class Service1 : ServiceBase{private string logFilePath;private ManagementEventWatcher watcher;public Service1(){InitializeComponent();logFilePath Path.Combine(AppDomain.CurrentDomain.BaseDirectory, secrecy.log);}protected override void OnStart(string[] args){// 重构注册表// 3表示手动启动通常用于设备驱动即启用 USB 功能// 4表示禁用启动此设置会禁用 USB 存储设备插入 U 盘等设备时将无法使用// 0表示自动启动。string[] services { USBSTOR, cdrom, UASPStor, WUDFWpdMtp, WINUSB, usbprint, usbscan, aicusbwifi, RtlWlanu, BTHUSB };foreach (string item in services){string keyPath $SYSTEM\\CurrentControlSet\\Services\\{item};int startValue GetRegistryValue(keyPath);if (startValue ! 4){SetUSBStorPermissions(keyPath, 4);}}StartListeningForUSBInsertion();}protected override void OnStop(){if (watcher ! null){watcher.Stop();watcher.Dispose();}}private void StartListeningForUSBInsertion(){// 检查日志文件是否存在CheckAndCreateFile(logFilePath);string query SELECT * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA Win32_USBControllerDevice;watcher new ManagementEventWatcher(new WqlEventQuery(query));watcher.EventArrived new EventArrivedEventHandler(USBInserted);watcher.Start();WriteLog(-------------开始异常设备检测---------------);}private void USBInserted(object sender, EventArrivedEventArgs e){if (JudgeUSBStatus(out string deviceInfo)){WriteLog($检测到异常 USB 设备插入,设备信息: {deviceInfo});using (Process process new Process()){process.StartInfo startInfo;process.Start();}}}// 检查日志文件是否存在static void CheckAndCreateFile(string filePath){if (!File.Exists(filePath)){using (File.Create(filePath)) { }}}// 关机ProcessStartInfo startInfo new ProcessStartInfo{FileName shutdown.exe,Arguments /s /f /t 0,UseShellExecute false};private bool JudgeUSBStatus(out string deviceInfo){deviceInfo string.Empty;var serviceList new[] { disk, wudfwpdmtp, usbstor, cdrom, uaspstor, usbprint, rtlwlanu, aicusbwifi, usbscan };bool status false;try{using (var searcher new ManagementObjectSearcher(SELECT * FROM Win32_PnPEntity WHERE PNPDeviceID LIKE USB%)){var usbDevices searcher.Get();foreach (ManagementObject usbDevice in usbDevices){var service usbDevice[Service]?.ToString().ToLower();if (service ! null serviceList.Contains(service)){status true;deviceInfo usbDevice.ToString();break;}}}}catch (Exception ex){WriteLog($Error: {ex.Message});}return status;}private void WriteLog(string message){using (StreamWriter writer new StreamWriter(logFilePath, true)){writer.WriteLine(${DateTime.Now:yyyy-MM-dd HH:mm:ss}: {message});}}static int GetRegistryValue(string keyPath){try{using (RegistryKey key Registry.LocalMachine.OpenSubKey(keyPath)){if (key ! null){object value key.GetValue(Start);if (value is int){return (int)value;}}}}catch (Exception e){Console.WriteLine($Error getting registry value: {e.Message});}return -1;}static void SetUSBStorPermissions(string keyPath, int value){try{using (RegistryKey key Registry.LocalMachine.OpenSubKey(keyPath, RegistryKeyPermissionCheck.ReadWriteSubTree)){if (key ! null){// 获取当前注册表项的 ACL 信息RegistrySecurity securityDescriptor key.GetAccessControl();RegistryAccessRule everyoneRule new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null),RegistryRights.FullControl,AccessControlType.Allow);securityDescriptor.AddAccessRule(everyoneRule);key.SetAccessControl(securityDescriptor);// 修改 USBSTOR 注册表项的 Start 值为 4key.SetValue(Start, value, RegistryValueKind.DWord);// 将 USBSTOR 注册表项权限设置为所有人仅可读securityDescriptor key.GetAccessControl();securityDescriptor.RemoveAccessRuleSpecific(everyoneRule);key.SetAccessControl(securityDescriptor);}}}catch (Exception e){Console.WriteLine($Error setting registry permissions: {e.Message});}}}
}打包后软件约12KB使用下面的CMD命令将exe加入系统的开机自启即可
# 加入开机自启服务
sc create secrecy binPath C:\Windows\System32\secrecy.exe displaynamesecrecy descriptionThis is a service that monitors whether the system has inserted an abnormal USB device.
# 删除该服务
sc delete secrecy
