Search
Member List
Calendar
Help
|
Playing with Registry...Programatically
|
|
07-01-2010, 10:41 AM
(This post was last modified: 07-01-2010 11:29 AM by dumb_terminal.)
Post: #1
|
|||
|
|||
|
Playing with Registry...Programatically
You guys all know that registry is the bag of magic tricks in Windows. So manipulating them well may be of some help, well u can modify them from the command prompt and from ur c program using system() but there may be cases at time when command prompts are narrowed down to some privileged commands only (in my versity.. i am still trying to figure out how the hell they did that). So learning to manipulate them using WINAPIs won't hurt but rather come in handy. Well in order to play with these APIs we must understand the hierarchy properly. and to make things easier just visualize the regedit as a file explorer. The HKEY_LOCL_MACHINE, HKEY_CURENT_USER etc are the drives, the keys like Softwar\Microsoft\CurrentVersion are folders, and the String, Dword, Binary values u c in the right side pane are files. So just like manipulating file system what do we need to do with registry?
1. Open them 2.Close them 3.Delete them 4.Read Them, 5.Write them 6.Make new Key (folder)The APIs i am providing are the easiest trust me. 1. Open : RegOpenKey(HKEY root, char *subkey, HKEY *openedKey) root - HKEY_LOCAL_MACHINE or HKEY_LOCAL_USER etc, these constants are actually of HKEY (handle to a key) type subkey - just like a subfolder u pass the path the xample will make clear openedKey - pointer to a HKEY, its the handle of the opened key to use later Returns ERROR_SUCCESS upon success Ex: HKEY run ; RegOpenKey(HKEY_LOCAL_MACHINE, Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", &run) ; //opens the key for startup 2. Close RegCloseKey(HKEY hKey) hKey is a handle to a opened key Ex: If we wanna close the key to startup we opened b4 RegCloseKey(run) ; 3. Delete : Delete is of two type Deletion of key(folder), Deletion of value(file), just like u need a recursive function deleting a folder while a simple call to delete a file.
Delete Key:RegDeleteKey(HKEY root, char *thePath) ; Suppose u want to delete the Windows key totally : RegDeleteKey(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows") ; Don't do it of course. And deletion of value : RegDeleteValue(HKEY hKey, char *valueName) ; Suppose there is a "virus" path written in the run key so that it starts every time when boot up and the virus has disabled ur registry. //remember we opened a key to the start up in the first example we keep using that handle to the key run RegDeleteValue(run, "virus") ; //virus is the value (file) name 4.Read : Ofcourse we have to read values (file) //its easier and better than RegQueryValue() trust me. RegQueryValueEx(HKEY key, char *valuename, DWORD *reserved, DWORD *type, BYTE *buffer, DWORD *size) key is where the value hmm long.. Lets see an example - we will read the virus's path we will key to run DWORD type = REG_SZ ; //for string // the other mostly used is REG_DWORD char buffer[255] ; DWORD size = sizeof(buffer) ; RegQueryKeyEx(run, "virus", 0, &type, (BYTE*)buffer, &size) ; //we have to pass the address of type and size coz this api returns the read[b]ed size and type, that is these two are input and output of the function at the same time now what are these called... i forgot[/b]  5. Write : Now keep in mind writing to a existing value and non existing value is same, if the value (file) is non existing its created. RegSetValueEx(HKEY keyUnderwhichTheValueExists, char *nameOfValue, DWORD type, BYTE *data, DWORD size) ; Suppose u are the virus writer now, and want to start it up every time. char path[255] = "c:\\windows\\system32\\lsasss.exe" ; RegSetValueEx(run, "virus", 0, REG_SZ, (BYTE*)path, sizeof(path)) ; 6. Create New Key (Folder) RegCreateKey(HKEY root, char *keyPath, HKEY *handleToCreatedKey) ; Ex: RegCreateKey(HKEY_LOCAL_MACHINE, "Software\\MyCompany\\", &newkey) ; You can create key more than one level deep. Now a last thing to note u may end the path with backslashes but never start with backslash. "Software\\MyCompany\\" is valid while "\\Software\\Mycompany\\" is not Now i'll end this tiring post with a few examples. A few days back a friend of mine was having trouble with a virus, it was doing all sorts of weird things like hiding all files a second after creating new ones, stopping task manager and he asked for my help. I played with the registry for a while, and found out the hidden tricks, and couldn't resist the chance to show off. Wrote a program to fix the hidden problem. here it is.. Code: /*Now u are the virus writer urself... Code: /*P.S : U may edit the registry while regedit is open, but be carful, u may not c the changes in some cases until u close and open regdit again. My codes are not full of Bugs, they are full of Spiders. |
|||
|
|
07-01-2010, 11:20 AM
Post: #2
|
|||
|
|||
 RE: Playing with Registry...Programatically
+rep, welcome to mod team
Rockey Killer GTALK - skg102@gmail.com Orkut - skg102@gmail.com Facebook - skg102@gmail.com Yahoo - rockeykiller@ymail.com Twitter - rockeykiller :-? bas baki profiles abhi mughey banani hain 
|
|||
|
|
07-01-2010, 12:09 PM
Post: #3
|
|||
|
|||
|
RE: Playing with Registry...Programatically
Wow...Don't know how to thank u...but Thanx a lot
My codes are not full of Bugs, they are full of Spiders. |
|||
|
|
|
07-01-2010, 12:18 PM
Post: #4
|
|||
|
|||
|
RE: Playing with Registry...Programatically
You got what you deserved,
and we are obliged to have you in h4ck3r community. I am looking forward for your active contributions in h4ck3r community. Rockey Killer GTALK - skg102@gmail.com Orkut - skg102@gmail.com Facebook - skg102@gmail.com Yahoo - rockeykiller@ymail.com Twitter - rockeykiller :-? bas baki profiles abhi mughey banani hain
|
|||
|
|
|
07-01-2010, 12:19 PM
Post: #5
|
|||
|
|||
|
RE: Playing with Registry...Programatically
Thank u, i'll try my level best.
My codes are not full of Bugs, they are full of Spiders. |
|||
|
|
|
« Next Oldest | Next Newest »
|