Home > Net >  How to add a String Value/ Name Data pair in Windows Registry Editor key using C and Windows Regis
How to add a String Value/ Name Data pair in Windows Registry Editor key using C and Windows Regis

Time:02-25

I want to add a string name and its value to the Windows Registry using C code, to stop browsers other than Firefox stop running. I plan to do the Windows Registry editing in a loop for all browsers, but for now I am implementing it for Chrome only.

My current code below is adding a value to the Default string, and it is not working, but I want to create a Debugger string and set it to "ntsd -c q" in the chrome.exe subkey, as shown in the picture below.

image

Here is my code, which is adding "ntsd -c q" for the Default string and not creating a new Debugger string. I am not able to clearly understand from Microsoft's documentation about how to achieve this using C/C . I have seen some solutions that do it via the command line, but co-workers are very ethical and they don't prefer that way.

#include <Windows.h>
#include <iostream>

int main()
{
    HKEY hkey;
    LSTATUS ReturnValue = 0;
    LPCTSTR Directory = TEXT("SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Image\ File\ Execution\ Options\\chrome.exe");
    ReturnValue = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Directory, 0, KEY_ALL_ACCESS, &hkey);
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegOpenKeyEx failed\n");
        printf("%d\n", GetLastError());
        return -1;
    }
    //LPCSTR value = "Debugger";
    //ReturnValue = RegQueryValueEx(HKEY_LOCAL_MACHINE, Directory, NULL, NULL, value, sizeof(value));
    
    LPCSTR Value = "ntsd\ -c\ q\0";
    ReturnValue = RegSetValueA(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Image\ File\ Execution\ Options\\chrome.exe",REG_SZ, Value, sizeof(Value));
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegStatusValueA failed\n");
        printf("%d\n", GetLastError());
        return -1;
    }
    
    ReturnValue = RegCloseKey(hkey);
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegCloseKey failed\n");
        printf("%d\n", GetLastError());
        return -1;
    }
    return 0;
}

CodePudding user response:

KEY_ALL_ACCESS requires admin rights. All you really need in this situation is KEY_SET_VALUE instead. Don't ask for more permissions than you actually need. But, you do still need admin rights to write to HKEY_LOCAL_MACHINE to begin with. So make sure you are running your code as an elevated user.

In any case, your string literals have a few \ that don't belong. But more importantly, your use of RegSetValueA() is completely wrong for this task. It is a deprecated API that can only write to the (Default) string and nothing else (and, you are not even calling it correctly anyway, you would need strlen(Value) 1 instead of sizeof(Value) - not that it matters because that parameter is ignored anyway).

In order to create your Debugger string value, you need to use RegSetValueEx() instead, eg:

#include <Windows.h>
#include <iostream>

int main()
{
    HKEY hkey;
    LPCTSTR Directory = TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\chrome.exe");
    LSTATUS ReturnValue = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Directory, 0, KEY_SET_VALUE, &hkey);
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegOpenKeyEx failed: %u\n", GetLastError());
        return -1;
    }
    LPCTSTR Value = TEXT("ntsd -c q");
    ReturnValue = RegSetValueEx(hkey, TEXT("Debugger"), 0, REG_SZ, (const BYTE*)Value, (lstrlen(Value) 1) * sizeof(TCHAR));
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegSetValueExA failed: %u\n", GetLastError());
        RegCloseKey(hkey);
        return -1;
    }
    
    ReturnValue = RegCloseKey(hkey);
    if (ERROR_SUCCESS != ReturnValue)
    {
        printf("RegCloseKey failed: %u\n", GetLastError());
        return -1;
    }
    return 0;
}
  • Related