|
本帖最后由 martin313 于 2024-9-19 06:45 编辑
控制面板相关文件:
Windows\System32\control.exe
Windows\System32\sysdm.cpl
Windows\System32\systemcpl.dll
Windows\System32\timedate.cpl
Windows\SystemResources\sysdm.cpl.mun
Windows\SystemResources\systemcpl.dll.mun
Windows\SystemResources\timedate.cpl.mun
相关注册表
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}"
call RegCopy "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation"
call RegCopy "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{6522CF99-94C7-4958-B18D-4F6159E6926B}"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{71E32BAA-73EE-40a1-933C-F166F0192B72}"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{AABE54D4-6E88-4c46-A6B3-1DF790DD6E0D}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6522CF99-94C7-4958-B18D-4F6159E6926B}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{71E32BAA-73EE-40a1-933C-F166F0192B72}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{AABE54D4-6E88-4c46-A6B3-1DF790DD6E0D}"
call RegCopy "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel"
call RegCopy "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Control Panel"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{BB06C0E4-D293-4f75-8A90-CB05B6477EEE}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{BB06C0E4-D293-4f75-8A90-CB05B6477EEE}"
call RegCopy "HKLM\SOFTWARE\Classes\AppID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}"
call RegCopy "HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}"
call RegCopy "HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}"
call RegCopy "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{741fc222-44ed-4ba7-98e3-f405b2d2c4b4}"
call RegCopy "HKLM\System\ControlSet001\Control\CommonGlobUserSettings\Control Panel"
刚刚测试了一下,在普通PE里,把 SHEL %SystemRoot%\explorer.exe 改成 SHEL %SystemRoot%\winxshell.exe -shell 启动PE,控制面板还正常的;但接着删了explorer.exe再启动PE,发现控制面板就不行了!
看来在骨头系列(指无巨硬的原生explorer.exe)的PE里,只能放弃控制面板了?!
不知有无替代方案?
|
|