This question already has answers here:
How to launch Windows' RegEdit with certain path?
(15 answers)
Closed 9 years ago.
I'm looking for way to open registry editor and show some specific key or value. For example, if I pass "HKLM\\SOFTWARE\\Skype\\Installer" I want to get such a result:
All suggestions except system() calls are welcome.
Just call system. To use Raymond Chen's words: It rather involved being on the other side of this airtight hatchway. Any relevant attack requires compromising the machine to the point that your system call is utterly irrelevant. In fact, any attacker that can change RegEdit can change your program as well, so he could just add that system call. (Which he won't, since it is pointless anyway)
Here is, what I needed.
String GetFullHKEY (HKEY hKeyRoot)
{
if (HKEY_LOCAL_MACHINE == hKeyRoot) return _T("HKEY_LOCAL_MACHINE\\");
if (HKEY_CLASSES_ROOT == hKeyRoot) return _T("HKEY_CLASSES_ROOT\\");
if (HKEY_CURRENT_CONFIG == hKeyRoot) return _T("HKEY_CURRENT_CONFIG\\");
if (HKEY_CURRENT_USER == hKeyRoot) return _T("HKEY_CURRENT_USER\\");
if (HKEY_USERS == hKeyRoot) return _T("HKEY_USERS\\");
}
bool RegistryGoTo (HKEY hKeyRoot, const String &lpctPath, String lpctValue)
{
if (lpctPath.empty() || 0 == hKeyRoot)
return false;
if( lpctValue.empty() && lpctValue.empty() == 0)
{
lpctValue.clear();
}
SHELLEXECUTEINFO shi = { 0 };
DEVMODE dm = { 0 };
HWND hWndRegedit = ::FindWindow (_T("RegEdit_RegEdit"), NULL);
if (NULL == hWndRegedit)
{
shi.cbSize = sizeof(SHELLEXECUTEINFO);
shi.fMask = SEE_MASK_NOCLOSEPROCESS;
shi.lpVerb = _T("open");
shi.lpFile = _T("regedit.exe");
shi.nShow = SW_SHOWNORMAL;
ShellExecuteEx (&shi);
if( GetLastError() != 0 )
{
Sleep(200);
ShellExecuteEx (&shi);
}
WaitForInputIdle (shi.hProcess, INFINITE);
hWndRegedit = ::FindWindow (_T("RegEdit_RegEdit"), NULL);
}
if (NULL == hWndRegedit) return FALSE;
SetForegroundWindow (hWndRegedit);
ShowWindow (hWndRegedit, SW_SHOWNORMAL);
HWND hWndTreeView = FindWindowEx (hWndRegedit, NULL, _T ("SysTreeView32"), NULL);
SetForegroundWindow (hWndTreeView);
SetFocus (hWndTreeView);
for (int i = 0; i < 30; i++)
{
SendMessage (hWndTreeView, WM_KEYDOWN, VK_LEFT, 0);
}
dm.dmSize = sizeof (DEVMODE);
EnumDisplaySettings (NULL, ENUM_CURRENT_SETTINGS, &dm);
if (8 < dm.dmBitsPerPel) Sleep (100);
// the path must start with a backslash
String stRegPath = String (_T("\\")) + GetFullHKEY(hKeyRoot) + lpctPath;
// open path
for (int iIndex = 0; iIndex < (int) stRegPath.length (); iIndex++)
{
if (_T('\\') == stRegPath [iIndex])
{
SendMessage (hWndTreeView, WM_KEYDOWN, VK_RIGHT, 0);
if (8 < dm.dmBitsPerPel)
Sleep (100);
}
else SendMessage (hWndTreeView, WM_CHAR, toupper (stRegPath [iIndex]), 0);
}
SetForegroundWindow (hWndRegedit);
SetFocus (hWndRegedit);
if (lpctValue.length())
{
HWND hWndListView = FindWindowEx (hWndRegedit, NULL, _T("SysListView32"), NULL);
SetForegroundWindow (hWndListView);
SetFocus (hWndListView);
Sleep (100);
SendMessage (hWndListView, WM_KEYDOWN, VK_HOME, 0);
String stValue = lpctValue;
for (String::iterator it = stValue.begin (); it != stValue.end (); ++it)
{
SendMessage (hWndListView, WM_CHAR, toupper (*it), 0);
}
}
return true;
}
Related
currently I have 1 main function which calls 3-4 utility functions that collectively block other browsers using Windows Registry and implements a firefox policy using mkdir + copy, currently, these functions aren't running under users context and are running under the system, My codebase has the function to run a cmd command under user's context but not other functions, below I have mentioned it. I am guessing running the main function under other user's contexts will automatically run the utility functions also under the user's context, since the main function calls the utility functions but I am not sure, anybody knows how to do this, the function basically first creates a directory and copy a file to it in Program Files folder and then get paths of browsers and create & set Registry keys and data-values for that user, but currently due to running from service it runs under SYSTEM.
BOOLEAN
CreateProcessInActiveSession(
const std::wstring wstrCmd
)
{
DWORD dwSId = 0xFFFFFFFF;
dwSId = WTSGetActiveConsoleSessionId();// LZGetActiveSessionId();
if (0xFFFFFFFF == dwSId)
{
return FALSE;
}
BOOL bRet;
HANDLE hTok = NULL;
bRet = WTSQueryUserToken(dwSId, &hTok);
if (FALSE == bRet)
{
return FALSE;
}
DWORD dwLinkedTokSz;
TOKEN_LINKED_TOKEN ElvTok;
bRet = GetTokenInformation(hTok, TokenLinkedToken, &ElvTok, sizeof(ElvTok), &dwLinkedTokSz);
if (TRUE == bRet)
{
CloseHandle(hTok);
hTok = ElvTok.LinkedToken;
}
HANDLE hTokDup = NULL;
bRet = DuplicateTokenEx(hTok, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hTokDup);
if (FALSE == bRet)
{
CloseHandle(hTok);
return FALSE;
}
CloseHandle(hTok);
DWORD dwCreationFlag;
dwCreationFlag = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
PVOID pEnv = NULL;
bRet = CreateEnvironmentBlock(&pEnv, hTokDup, FALSE);
if (FALSE == bRet)
{
pEnv = NULL;
}
else
{
dwCreationFlag |= CREATE_UNICODE_ENVIRONMENT;
}
STARTUPINFO stInfo;
memset(&stInfo, 0, sizeof(stInfo));
PROCESS_INFORMATION procInfo;
memset(&procInfo, 0, sizeof(procInfo));
stInfo.cb = sizeof(stInfo);
WCHAR szDesktop[] = L"winsta0\\default";
stInfo.lpDesktop = szDesktop;
WCHAR wszCmd[MAX_PATH];
wcscpy_s(wszCmd, ARRAY_SIZE(wszCmd), wstrCmd.c_str());
bRet = CreateProcessAsUserW(
hTokDup,
NULL,
wszCmd,
NULL,
NULL,
FALSE,
dwCreationFlag,
pEnv,
NULL,
&stInfo,
&procInfo
);
if (FALSE == bRet)
{
if (NULL != pEnv)
{
DestroyEnvironmentBlock(pEnv);
}
CloseHandle(hTokDup);
return FALSE;
}
CloseHandle(procInfo.hProcess);
CloseHandle(procInfo.hThread);
if (NULL != pEnv)
{
DestroyEnvironmentBlock(pEnv);
}
CloseHandle(hTokDup);
return TRUE;
}
So far I tried to use GetWindow using GetForegroundWindow and this always returns NULL. when I use The GetLastError I have a msg saying 1400, Invalid windows Handle.
When I first debug I have Null as I said befor, but when I redo the execution I have a valid handle and all work fine.
What could be the problem.
static int CheckZOrder2Windows(HWND FirstWindow, HWND SecondWindow)
{
int zOrderWnd1 = -1, zOrderWnd2 =-1;
HWND tempHwnd = GetWindow(GetForegroundWindow(), GW_HWNDFIRST);
if (!tempHwnd)
ErrorExit(TEXT(""));
DWORD dwFGThread1 = GetWindowThreadProcessId(FirstWindow, NULL);
DWORD dwFGThread2 = GetWindowThreadProcessId(SecondWindow, NULL);
int currentOrder = 0;
DWORD dwFGThread = 0;
while(tempHwnd)
{
++currentOrder;
if(IsWindowVisible(tempHwnd))
{
dwFGThread = GetWindowThreadProcessId(tempHwnd, NULL);
if (dwFGThread == dwFGThread1)
zOrderWnd1 = currentOrder;
else if (dwFGThread == dwFGThread2)
zOrderWnd2 = currentOrder;
}
tempHwnd=GetWindow(tempHwnd,GW_HWNDNEXT);
}
if ((zOrderWnd1 == -1) || (zOrderWnd2 == -1))
return 0;
return (zOrderWnd1 - zOrderWnd2);
}
GetForegroundWindow is allowed to return NULL and you never check for that.
MSDN also says:
The Enum[Child]Windows function is more reliable than calling GetWindow in a loop. An application that calls GetWindow to perform this task risks being caught in an infinite loop or referencing a handle to a window that has been destroyed.
I have this program that works perfectly in windows 7 but on windows 8 the readprocessmemory seems to be blank when I output it.Get Last error code 299. I Did not create this part of of program for read process but I use it because it was working for windows 7. The game handles and aria location are same on windows 8 machine, I double checked them. and The game handle is found. The address works fine in windows 7.
hGameWindow = FindWindow(L"WFElementClient Window",NULL);
if(hGameWindow) {
GetWindowThreadProcessId( hGameWindow, &dwProcId );
if( dwProcId != 0 ) {
hProcHandle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, dwProcId );
if( hProcHandle == INVALID_HANDLE_VALUE || hProcHandle == NULL ) {
GameStatus = "Failed to open process for valid handle";
}else{
GameStatus = "Game Found";
myaddr = FindPointerAddr(hProcHandle, ariaBase, aOffset);
// IsGameAvail = true;
}
}
else GameStatus = "Failed to obtain process id";
}
else GameStatus = "game handle not found";
ReadProcessMemory(hProcHandle, (LPCVOID)myaddr, &buffer, sizeof(buffer), NULL);
int FindPointerAddr(HANDLE pHandle,int baseaddr, DWORD offsets[])
{
int Address = baseaddr;
int offset = 0;
int offsetCount = 5;
for (int i = 0; i < offsetCount; i++)
{
ReadProcessMemory(pHandle, (LPCVOID)Address, &Address , 4, NULL);
Address+=offsets[i];
}
return Address;
}
Security permissions have changed from Windows 7 to Windows 8.
You may need to run as administrator and set SeDebugPrivelage now, when you were not required to on previous versions of Windows. Such as when calling OpenProcess() with PROCESS_ALL_ACCESS because PROCESS_VM_READ requires SeDebugPrivelage
Here is how you set SeDebugPrivelage:
bool SetDebugPrivilege(bool Enable)
{
HANDLE hToken{ nullptr };
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
return false;
TOKEN_PRIVILEGES TokenPrivileges{};
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0;
if (!LookupPrivilegeValueA(nullptr, "SeDebugPrivilege", &TokenPrivileges.Privileges[0].Luid))
{
CloseHandle(hToken);
return false;
}
if (!AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr))
{
CloseHandle(hToken);
return false;
}
CloseHandle(hToken);
return true;
}
I'm trying to get the strength of the connected wifi signal using c++ on a Windows 7 machine.
I can get a value for the strength of the signal using the command WlanGetAvailableNetworkList but the value returned is not granular enough for our requirements. Basically as you move away from the Wifi router the value jumps in increments of 20% (99% -> 80% -> 60% etc).
For the application we are developing we really need a more accurate value. I know it's possible as I have seen apps in windows displaying accurate dBm values for signal strength...
If anyone has any suggestions they would be greatly appreciated!
dwResult = WlanGetAvailableNetworkList(hClient,&pIfInfo->InterfaceGuid,0,NULL,&pBssList);
if (dwResult != ERROR_SUCCESS) {
wprintf(L"WlanGetAvailableNetworkList failed with error: %u\n", dwResult);
dwRetVal = 1;
} else {
for (j = 0; j < pBssList->dwNumberOfItems; j++) {
pBssEntry = (WLAN_AVAILABLE_NETWORK *) & pBssList->Network[j];
if ((pBssEntry->dwFlags & WLAN_AVAILABLE_NETWORK_CONNECTED ) != 0 ){
if (pBssEntry->wlanSignalQuality == 0)
iRSSI = -100;
else if (pBssEntry->wlanSignalQuality == 100)
iRSSI = -50;
else
iRSSI = -100 + (pBssEntry->wlanSignalQuality/2);
wprintf(L" Signal Quality[%u]:\t %u (RSSI: %i dBm)\n", j,
pBssEntry->wlanSignalQuality, iRSSI);
}
}
Ok after continuing research online I managed to patch together a way that works for me. From what I've read - there are many different ways of obtaining the RSSI - but this method, while maybe a little cumbersome, worked well for our needs...
I'm using the command WlanGetNetworkBssList, and then getting the RSSI value directly from the returned PWLAN_BSS_ENTRY.
I found it is important to call WlanScan each time before querying WlanGetNetworkBssList, otherwise the returned value doesn't change with any sort of regularity.
HANDLE hClient;
PWLAN_INTERFACE_INFO_LIST pIfList = NULL;
PWLAN_INTERFACE_INFO pIfConnInfo = NULL;
PWLAN_CONNECTION_ATTRIBUTES pConnectInfo = NULL;
PWLAN_BSS_LIST pBssList=NULL;
PWLAN_BSS_ENTRY pBssEntry=NULL;
WLAN_OPCODE_VALUE_TYPE opCode = wlan_opcode_value_type_invalid;
DWORD dwResult = 0;
DWORD dwMaxClient = 2;
DWORD dwCurVersion = 0;
DWORD connectInfoSize = sizeof(WLAN_CONNECTION_ATTRIBUTES);
int i;
// Initialise the Handle
dwResult = WlanOpenHandle(dwMaxClient, NULL, &dwCurVersion, &hClient);
if (dwResult != ERROR_SUCCESS)
{
return 0;
}
// Get the Interface List
dwResult = WlanEnumInterfaces(hClient, NULL, &pIfList);
if (dwResult != ERROR_SUCCESS)
{
return 0;
}
//Loop through the List to find the connected Interface
PWLAN_INTERFACE_INFO pIfInfo = NULL;
for (i = 0; i < (int) pIfList->dwNumberOfItems; i++)
{
pIfInfo = (WLAN_INTERFACE_INFO *) & pIfList->InterfaceInfo[i];
if (pIfInfo->isState == wlan_interface_state_connected)
{
pIfConnInfo = pIfInfo;
break;
}
}
if ( pIfConnInfo == NULL )
return 0;
// Query the Interface
dwResult = WlanQueryInterface(hClient,&pIfConnInfo->InterfaceGuid,wlan_intf_opcode_current_connection,NULL,&connectInfoSize,(PVOID *) &pConnectInfo,&opCode);
if (dwResult != ERROR_SUCCESS)
{
return 0;
}
// Scan the connected SSID
dwResult = WlanScan(hClient,&pIfConnInfo->InterfaceGuid,&pConnectInfo->wlanAssociationAttributes.dot11Ssid,NULL,NULL);
if (dwResult != ERROR_SUCCESS)
{
return 0;
}
// Get the BSS Entry
dwResult = WlanGetNetworkBssList(hClient,&pIfConnInfo->InterfaceGuid,&pConnectInfo->wlanAssociationAttributes.dot11Ssid,dot11_BSS_type_infrastructure,TRUE,NULL,&pBssList);
if (dwResult != ERROR_SUCCESS)
{
return 0;
}
// Get the RSSI value
pBssEntry=&pBssList->wlanBssEntries[0];
return pBssEntry->lRssi;
wlanSignalQuality is an interpolation of the RSSI. Take a look at this answer question for how to get the RSSI directly:
Get Rssi Value From Windows
I've been trying to find a good architecture for one application for the last few days, and after some research I'm finally stuck, and the reason is COM.
The app in question will have multiple GUI threads, and they will schedule work items for worker thread. The worker thread will initialize COM via CoInitialize(NULL);, create few COM components and will go into a loop which will wait for WaitForMultipleObjects(2, ...) (ExitEvent - to indicate that app is shutting down and ManualResetEvent - to indicate that there are actually work items to process), and on successful wait, will process the items and PostMessage them back to GUI threads. The ManualResetEvent will be reset inside worker if the queue will be empty and will happen inside queue critical section.
The problem is that COM, as usual, makes EVERYTHING 1000x harder...
If I understand correctly, CoInitialize(NULL); creates a hidden window, and any message posted during WaitForSingle/MultipleObject/s can cause a deadlock.
So, I need to call the MsgWaitForMultiple objects. Which in turn can fail if messages are not pumped correctly. Unfortunately, I can't quite understand how to pump them in a correct way. Do I have to create my own message loop? Will the app crash if COM decides to create a messagebox?
So far it seems I have to proceed like this?
HANDLE hEvents[2] = {};
int ThreadProc(LPVOID lpParam) {
int nRetVal = 0;
CoInitialize(NULL);
CComPtr<ISomething> smthn;
smthn.CoCreateInstance(...);
MSG msg = {};
bool bRun = true;
while(bRun) {
while(PeekMessage(&msg, ??NULL/-1??, 0, 0, PM_REMOVE)) { /*Which one here?*/
if(msg.Message == WM_QUIT) {
bRun = false;
nRetVal = msg.wParam;
break;
}
TranslateMessage(&msg);
DispatchMessage(&msg);
}
if(MsgWaitForMultipleObjects(2, &hEvents, ...)) {
if(exitevent) { bRun = false; nRetVal = 0; }
else if(processevent) { [processdata] }
}
}
smthn.release();
CoUninitialize();
return nRetVal;
}
But what about hidden window, messageboxes, am I even on the right path?
Just use CoWaitForMultipleHandles and it will do the necessary message pumping on the hidden COM window for inter-thread syncing.
The hidden window is of class OleMainThreadWndClass with OleMainThreadWndName as caption but on win9x its class is WIN95 RPC Wmsg. It's hidden which means you can't use straight EnumThreadWindows to find it.
Seems like overkill, but this worked for me :
int waitAndDispatch( HANDLE* event_handle, unsigned int ev_count, DWORD timeout )
{
int rval = -1;
bool bLoop = true; // if the loop should terminate
HANDLE* pHList = new HANDLE[ev_count];
for( unsigned int i = 0; i < ev_count; ++i )
{
pHList[i] = event_handle[i];
}
while( bLoop )
{
DWORD res = ::MsgWaitForMultipleObjects( ev_count, pHList, false, timeout, QS_ALLPOSTMESSAGE | QS_SENDMESSAGE );
if( res == WAIT_OBJECT_0 + ev_count ) // messages arrived
{
MSG tmpMsg;
bool hasMsg = true;
while( bLoop && hasMsg )
{
::PeekMessage( &tmpMsg, 0, 0, 0, PM_NOREMOVE );
if( ::PeekMessage( &tmpMsg, 0, WM_USER, WM_USER, PM_REMOVE ) || // WM_USER for COM
::PeekMessage( &tmpMsg, 0, 0, WM_KEYFIRST - 1, PM_REMOVE ) // all destroy update, ...
)
{
DWORD val = ::WaitForMultipleObjects( ev_count, pHList, false, 0 );
if( val >= WAIT_OBJECT_0 && val <= (WAIT_OBJECT_0 + ev_count) )
{
rval = val - WAIT_OBJECT_0;
bLoop = false;
}
::DispatchMessage( &tmpMsg );
}
else
{
hasMsg = false;
}
}
}
else if( res >= WAIT_OBJECT_0 && res < (WAIT_OBJECT_0 + ev_count) )
{
rval = res - WAIT_OBJECT_0;
bLoop = false;
}
else if( res == WAIT_TIMEOUT )
{
rval = ev_count;
bLoop = false;
}
else
{
rval = -1;
bLoop = false;
}
}
delete[] pHList;
return rval;
}
I had to write this piece for VB6 and its thread interactions over com compartments ... .
If you initialize your thread apartment with CoInitializeEx( 0, COINIT_MULTITHREADED ), your COM calls will not be queued into an message queue. But then you have the problem of objects created in different COM apartments. These need to be marshaled ... .