WINDOWS REGISTRY EDITING WITH C

Abhisek Datta

In this snippet I’ll talk about accessing and editing the Windows System Registry through C programming. Actually I am going to use Windows API (Application Programming Interface) for accessing the Windows System Registry.

Before I begin this manual, I would like to say that understanding and implementing the methods and techniques that I am going to describe in this manual needs basic concepts and working knowledge in C/C++ Programming cause I am going to access and edit Windows System Registry using C programming language.

So before continuing you must analyze yourself and process if you have working knowledge of C programming language.

 Oki as I said earlier that I am going to use Windows API in my codes. So you must be wondering what is Windows API.

 What is Windows API ?

 Windows API (Application Programming Interface) is a set of library functions or better to say application programming interface which enables a programmer to write applications which runs exclusively on Microsoft Windows Platform.

As you have working knowledge in C, you must always have came across that whenever you run a C program in Windows Platform, it always runs in a console. It signifies that C is a platform dependent language and it runs on primarily on DOS (Disk Operating System) platform. Microsoft developed Windows API with the intensions of using C language in their Windows platform thus making C programs written using Windows API compatible in Windows platform. Thus VC++ was developed.

It is not necessary that you can only use Win API functions only in 32bit Windows Applications. You can also use certain Win API functions in your 16bit console programs. But to compile a C program in which you are using Win API functions you need a compiler that supports Win API. Dev C++, Turbo C++ 4.5 are good compilers which supports Win API. But the best which I will suggest is always MSDN. The codes which I am going to use in this snippet is compiled with Microsoft VC++ and tested on Windows XP. But it will work on all Windows platform.

 Note: if you are using MS VC++ then you have to include <windows.h> header file and if you are using Turbo C++ 4.5 then you have to include <shellapi.h> for using Win API functions. For other compilers just go through its help files and documentation.

 

Now I am going to use the following functions to access the Windows System registry.

 RegOpenKey() RegSetValue() RegSetValueEx() RegQueryValue()

RegDeleteKey() RegCloseKey()

 Now go through the first example code.

 /* Compiled in VC++

The Following Program will add a registry key to Run in HKEY_LOCAL_MACHINE

The default value of the new key is set to c:\windows\system32\cmd.exe

So that every time you start windows, the cmd.exe is executed*/

#include <windows.h>

void main(){

HKEY hkeyresult;

RegOpenKey(HKEY_LOCAL_MACHINE,” SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”,&hkeyresult);

RegSetValue(hkeyresult,”Abhisek”,REG_SZ,”c:\\windows\\system32\\cmd.exe”,30);

RegCloseKey(hkeyresult);

}

 Analysis of the above program:

 In the above program I am defining a 32 bit variable named hkeyresult using HKEY which is used for storing the location of the registry database which I will open using RegOpenKey().

Then using RegOpenKey() I am opening the registry key I want to access. Take a clear look at the parameters taken by RegOpenKey(). HKEY_LOCAL_MACHINE is the root, so it is without double quotes. But the location inside the root is given in double quotes. Then I am storing the location of this opened key in the memory location of hkeyresult.

Then using the RegSetValue() function I am creating a new key called Abhisek and changing its default value which is a REG_SZ type value to c:\windows\system32\cmd.exe.

Then finally I am closing hkeyresult to update the registry database.

 HKEY : 32-bit value used as a handle to a key in the registration database

 RegOpenKey(): (TC++ 4.5 Help File)

#include <windows.h> // if you are using MSDN

#include <shellapi.h>  // if you are using TC++ 4.5

 LONG RegOpenKey(hkey, lpszSubKey, lphkResult)

 HKEY hkey;    /* handle of an open key     */

LPCSTR lpszSubKey;  /* address of string for subkey to open     */

HKEY FAR* lphkResult;        /* address of handle of open key    */

 The RegOpenKey function opens the specified key.

 Parameter      Description

 hkey   Identifies an open key (which can be HKEY_CLASSES_ROOT). The key opened by the RegOpenKey function

is a subkey of the key identified by this parameter. This value should not be NULL.

lpszSubKey    Points to a null-terminated string specifying the name of the subkey to open.

lphkResult      Points to the handle of the key that is opened.

 Returns

 The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

 RegSetValue()   (TC++ 4.5 Help File)

 #include <shellapi.h>   // for TC++ 4.5

#include <windows.h> // for MSDN

 LONG RegSetValue(hkey, lpszSubKey, fdwType, lpszValue, cb)

 HKEY hkey;    /* handle of key       */

LPCSTR lpszSubKey;  /* address of string for subkey       */

DWORD fdwType;     /* must be REG_SZ   */

LPCSTR lpszValue;    /* address of string for key  */

DWORD cb;    /* ignored      */

 The RegSetValue function associates a text string with a specified key.

 Parameter      Description

 hkey   Identifies a currently open key (which can be HKEY_CLASSES_ROOT). This value should not be NULL.

lpszSubKey    Points to a null-terminated string specifying the subkey of the hkey parameter with which a text string is

associated. If this parameter is NULL or points to an empty string, the function sets the value of the hkey

parameter.

fdwType        Specifies the string type. For Windows version 3.1, this value must be REG_SZ.

lpszValue       Points to a null-terminated string specifying the text string to set for the given key.

cb      Specifies the size, in bytes, of the string pointed to by the lpszValue parameter. For Windows version 3.1, this

value is ignored.

 Returns

 The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

 RegQueryValue()    (TC++ Help File)

 #include <shellapi.h>   // for TC++ 4.5

#include <windows.h> // for MSDN

 LONG RegQueryValue(hkey, lpszSubKey, lpszValue, lpcb)

 HKEY hkey;    /* handle of key to query    */

LPCSTR lpszSubKey;  /* address of string for subkey to query    */

LPSTR lpszValue;      /* address of buffer for returned string      */

LONG FAR* lpcb;      /* address of buffer for size of returned string      */

 The RegQueryValue function retrieves the text string associated with a specified key.

 Parameter      Description

 hkey   Identifies a currently open key (which can be HKEY_CLASSES_ROOT). This value should not be NULL.

lpszSubKey    Points to a null-terminated string specifying the name of the subkey of the hkey parameter for which a text string is

retrieved. If this parameter is NULL or points to an empty string, the function retrieves the value of the hkey

parameter.

lpszValue       Points to a buffer that contains the text string when the function returns.

lpcb    Points to a variable specifying the size, in bytes, of the buffer pointed to by the lpszValue parameter. When the

function returns, this variable contains the size of the string copied to lpszValue, including the null-terminating

character.

 Returns

 The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

 RegDeleteKey()    (TC++ Help File)

 #include <shellapi.h>   // for TC++ 4.5

#include <windows.h> // for MSDN

 LONG RegDeleteKey(hkey, lpszSubKey)

 HKEY hkey;    /* handle of an open key     */

LPCSTR lpszSubKey;  /* address of string for subkey to delete    */

 The RegDeleteKey function deletes the specified key. When a key is deleted, its value and all of its subkeys are deleted.

 Parameter      Description

 hkey   Identifies an open key (which can be HKEY_CLASSES_ROOT). The key deleted by the RegDeleteKey function

is a subkey of this key.

lpszSubKey    Points to a null-terminated string specifying the subkey to delete. This value should not be NULL.

Returns

The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

RegCloseKey()    (TC++ 4.5 Help File)

#include <shellapi.h>   // for TC++ 4.5

#include <windows.h> // for MSDN

LONG RegCloseKey(hkey)

HKEY hkey;    /* handle of key to close     */

The RegCloseKey function closes a key. Closing a key releases the key's handle. When all keys are closed, the registration

database is updated.

Parameter      Description

hkey   Identifies the open key to close.

Returns

The return value is ERROR_SUCCESS if the function is successful. Otherwise, it is an error value.

Oki since now you have quite a lot idea about Registry Accessing and modification using Windows API functions in C now lets write some useful code.

/* The Following program will tweak the Windows System Registry for the following results:

1. No CD Auto Run on insert.

2. Protection from Batch File Viruses by preventing execution of batch files on double click.

3. Remove Recent Docs Folder from the startmenu.

 Please Note: I am writing this code for educational purpose only.. Not tested on systems apart from Windows XP. */

 #include <windows.h>

#include <stdio.h>

#include <conio.h>

 void nocdrun();

void batch();

void norecentdoc();

 void main(){

puts(“  This Program will Tweak Windows System Registry”);

puts(“  This may cause severe damage to your system”);

puts(“  Back up your system registry before proceeding”);

puts(“  If you don’t know what you are doing then exit”);

puts(“\n  Do you wish to continue”);

getch();

 nocdrun();

batch();

norecentdoc();

}

 void nocdrun(){

HKEY hkeyresult;

RegOpenKey(HKEY_CURRENT_USER,( LPCSTR ) "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkeyresult);

RegSetValueEx(hkeyresult, ( LPCSTR ) "NoDriveTypeAutoRun",0,REG_BINARY,(CONST BYTE*) ( LPCSTR) "0000 95 00 00 00",16);

RegCloseKey(hkeyresult);

puts("\n");

puts(" Tweak Successfull");

}

 void norecentdoc(){

HKEY hkeyresult;

RegOpenKey(HKEY_CURRENT_USER,( LPCSTR ) "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",&hkeyresult);

RegSetValueEx(hkeyresult, ( LPCSTR ) "NoRecentDocs",0,REG_SZ,(CONST BYTE*) ( LPCSTR) "1",1);

RegCloseKey(hkeyresult);

puts("\n");

puts(" Tweak Successfull");

}

 void batch(){

HKEY hkeyresult;

RegOpenKey(HKEY_CLASSES_ROOT, ( LPCSTR) “batfile”,&hkeyresult1);

RegSetValueEx(hkeyresult, ( LPCSTR) “EditFlags”,0,REG_BINARY, (CONST BYTE*) ( LPCSTR ) “00 00 00 00”,11);

RegCloseKey(hkeyresult);

RegOpenKey(HKEY_CLASSES_ROOT,“batfile\\run”,&hkeyresult);

RegSetValue(hkeyresult,”Command”,REG_SZ,” "%1" %*”,7);

RegCloseKey(hkeyresult);

puts("\n");

puts(" Tweak Successfull");

}

 OKI for those who are completely new to C programming using Windows API will take some time to understand the techniques used in this manual.

Eagle Eye readers must be asking that there is some difference is in the above program from the conventional techniques I have talked about before. Well the difference is I used something called ( LPCSTR )

Now you must be asking what it is. Well nothing complicated. Previously I have made new keys using the RegSetValue function. Using ( LPCSTR ) I point to a particular string which exits on the key pointed by hkeyresult. I have used ( LPCSTR ) to access the string values of a registry key.

  Well I think these are enough to get you started with programming the windows system registry through your C codes.

If you have any questions to ask you can contact me..

 

Abhisek Datta