I want to add a string name and its value to the Windows Registry using C code, to stop browsers other than Firefox stop running. I plan to do the Windows Registry editing in a loop for all browsers, but for now I am implementing it for Chrome only.
My current code below is adding a value to the Default
string, and it is not working, but I want to create a Debugger
string and set it to "ntsd -c q"
in the chrome.exe
subkey, as shown in the picture below.
Here is my code, which is adding "ntsd -c q"
for the Default
string and not creating a new Debugger
string. I am not able to clearly understand from Microsoft's documentation about how to achieve this using C/C . I have seen some solutions that do it via the command line, but co-workers are very ethical and they don't prefer that way.
#include <Windows.h>
#include <iostream>
int main()
{
HKEY hkey;
LSTATUS ReturnValue = 0;
LPCTSTR Directory = TEXT("SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Image\ File\ Execution\ Options\\chrome.exe");
ReturnValue = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Directory, 0, KEY_ALL_ACCESS, &hkey);
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegOpenKeyEx failed\n");
printf("%d\n", GetLastError());
return -1;
}
//LPCSTR value = "Debugger";
//ReturnValue = RegQueryValueEx(HKEY_LOCAL_MACHINE, Directory, NULL, NULL, value, sizeof(value));
LPCSTR Value = "ntsd\ -c\ q\0";
ReturnValue = RegSetValueA(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Image\ File\ Execution\ Options\\chrome.exe",REG_SZ, Value, sizeof(Value));
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegStatusValueA failed\n");
printf("%d\n", GetLastError());
return -1;
}
ReturnValue = RegCloseKey(hkey);
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegCloseKey failed\n");
printf("%d\n", GetLastError());
return -1;
}
return 0;
}
CodePudding user response:
KEY_ALL_ACCESS
requires admin rights. All you really need in this situation is KEY_SET_VALUE
instead. Don't ask for more permissions than you actually need. But, you do still need admin rights to write to HKEY_LOCAL_MACHINE
to begin with. So make sure you are running your code as an elevated user.
In any case, your string literals have a few \
that don't belong. But more importantly, your use of RegSetValueA()
is completely wrong for this task. It is a deprecated API that can only write to the (Default)
string and nothing else (and, you are not even calling it correctly anyway, you would need strlen(Value) 1
instead of sizeof(Value)
- not that it matters because that parameter is ignored anyway).
In order to create your Debugger
string value, you need to use RegSetValueEx()
instead, eg:
#include <Windows.h>
#include <iostream>
int main()
{
HKEY hkey;
LPCTSTR Directory = TEXT("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\chrome.exe");
LSTATUS ReturnValue = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Directory, 0, KEY_SET_VALUE, &hkey);
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegOpenKeyEx failed: %u\n", GetLastError());
return -1;
}
LPCTSTR Value = TEXT("ntsd -c q");
ReturnValue = RegSetValueEx(hkey, TEXT("Debugger"), 0, REG_SZ, (const BYTE*)Value, (lstrlen(Value) 1) * sizeof(TCHAR));
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegSetValueExA failed: %u\n", GetLastError());
RegCloseKey(hkey);
return -1;
}
ReturnValue = RegCloseKey(hkey);
if (ERROR_SUCCESS != ReturnValue)
{
printf("RegCloseKey failed: %u\n", GetLastError());
return -1;
}
return 0;
}