Can not disable Device Manager using a C++ program - c++

I want to disable Device Manager from my control panel editing registry values. I can do it in C#, but I want to do it in C++ without using any .NET framework. I have succedded to change my processor name in C++. But I am facing a problem when I want to disable the task manager. Here is my code.
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
0,
KEY_SET_VALUE,
&hKey);
RegSetValueEx(hKey, REGNAME_TO_WRITE, 0, REG_SZ,
(const unsigned char *)"ProcessorNameString",
strlen("ProcessorNameString"));
//RegCloseKey(hKey);
// The problem begins here
RegOpenKeyEx( HKEY_LOCAL_MACHINE,
"Software\\Policies\\Microsoft\MMC\\{74246bfc-4c96-11d0-abef-0020af6b0b7a}\\",
0,
KEY_SET_VALUE,
&hKey );
RegSetValueEx( hKey,"Restrict_Run",0,REG_SZ,
(const unsigned char *)"1",
strlen("1") );
RegCloseKey(hKey);
return 0;
}

You should disable WOW64 registry redirection, or else your program may make changes to WOW6432Node instead of HKEY_LOCAL_MACHINE.
See Disabling registry redirection for a registry key on an x64 platform

Viola, I got the solution. The solution would be like this:
DWORD dwVal = 1;
HKEY hKey = HKEY_CURRENT_USER;
RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Policies\\Microsoft\\MMC\\{74246bfc-4c96-11d0-abef-0020af6b0b7a}\\", 0, KEY_ALL_ACCESS, &hKey);
RegSetValueEx (hKey, "Restrict_Run", 0, REG_DWORD, (LPBYTE)&dwVal, sizeof(DWORD));
RegCloseKey(hKey);

Related

How to write a 32 Bit D-Word to Windows registry in C++

I am trying to disable the Windows Defender using a C++ Win32API application.
To do that I need to write a D Word into the registry (DisableAntiSpyware = 1).
I always do that manually after installing a new Windows.
So here is my code, but its not working.
Maybe someone could tell me why or what is wrong with it. Thank you!
OK I've changed the code a bit, still not working...
case 1:
//::MessageBeep(MB_ICONERROR);
::MessageBox(hWnd, L"Button was Pressed",L"Button was clicked?",MB_OK);
LONG
SetRegValue
(
const wchar_t* path
, const wchar_t *name
, const BYTE *value
);
{
LONG status;
HKEY hKey;
DWORD value = 0x00000001;
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"\\SOFTWARE\\Policies\\Microsoft\\Windows Defender", 0, KEY_ALL_ACCESS, &hKey);
if ((status == ERROR_SUCCESS) && (hKey != NULL))
{
status = RegSetValueEx(hKey, L"test", 0, REG_DWORD, (const BYTE*)&value,sizeof(value));
RegCloseKey(hKey);
}
return status;
::MessageBeep(MB_ICONERROR);
}
}
}
break;
When opening a Registry key, you should request only the rights you actually need. So replace KEY_ALL_ACCESS with KEY_SET_VALUE instead, since all you are doing is writing a value. But even then, you might still need to run your app with elevated permissions in order to write to HKEY_LOCAL_MAHCINE, unless you give your user account write access to the Windows Defender key beforehand.
Also, if your code is compiled as 32bit and runs on a 64bit system, and it needs to write to the 64bit Registry, then you have to include the KEY_WOW64_64KEY flag otherwise you may be subject to Registry Reflection/Registry Redirection.
Try something more like this instead:
case 1:
{
::MessageBox(hWnd, L"Button was Pressed", L"Button was clicked?", MB_OK);
DWORD value = 1;
DWORD flags = KEY_SET_VALUE;
#if !defined(_WIN64)
BOOL bIsWow64Process = FALSE;
if (IsWow64Process(GetCurrentProcess(), &bIsWow64Process) && bIsWow64Process)
flags |= KEY_WOW64_64KEY;
#endif
HKEY hKey;
LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"\\SOFTWARE\\Policies\\Microsoft\\Windows Defender", 0, flags, &hKey);
if ((status == ERROR_SUCCESS) && (hKey != NULL))
{
status = RegSetValueEx(hKey, L"DisableAntiSpyware", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
::MessageBeep(MB_ICONERROR);
}
break;
You can't write to any key under HKEY_LOCAL_MACHINE unless the program is running with elevated privileges, i.e. administrator mode. The call to RegOpenKeyEx or RegSetValueEx will fail.

Weird behavior when getting registry value via RegQueryValueEx and RegGetValue [duplicate]

This question already has answers here:
I added a registry key, but I cannot find it programmatically
(3 answers)
What is 32 & 64 bit c++ code?
(1 answer)
Closed 6 years ago.
I am having some issues in c++ with the aforementioned functions. Both are behaving in the exact same way. Here is the process I am seeing:
run code to get registry value. Double check that it found 10000, which it should have (10000 is the default windows limit on GDI objects per process), and it does.
change the registry using regedit to something other than 10000
run the code again, but this time it again finds 10000, when it should have found the new value.
No matter what I try, it will always only find the original value and not
the updated value of the registry.
Things i've noticed/tried:
It does this for every value i've looked at, not just GDIProcessHandleQuota. (it doesn't always return 10000 since that's specific to the GDI value, it just always returns the pre-modify value for any given value)
It does this even if i reboot the computer and open regedit to verify the key
actually changed before running step 3.
all the results values in the code below (results, results2, results3) are 0, indicating ERROR_SUCCESS (lol), meaning they experienced no issues.
finally, here is the code snippet in which i'm experiencing the problems:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_ALL_ACCESS,
&hKey);
DWORD dwReturn;
DWORD dwBufSize = sizeof(DWORD);
//after this line executes, dwReturn should have the DWORD data of the specified registry key/valuename
LONG result2 = RegQueryValueEx(hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&dwReturn),
&dwBufSize);
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result3 = RegGetValue(hKey,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_ANY,
NULL,
&value,
&size
);
Your issue is most likely caused by the WOW64 emulator when running a 32-bit app on a 64bit machine. Refer to the MSDN documentation for more details:
Registry Redirector
Registry Keys Affected by WOW64
32-bit and 64-bit Application Data in the Registry
Accessing an Alternate Registry View
To open a 64bit key in a 32bit app, you need to include the KEY_WOW64_64KEY flag when opening the key with RegOpenKeyEx(), or the RRF_SUBKEY_WOW6464KEY flag when opening the key with RegGetValue().
You are also opening the key with too many permissions (which could kick in Registry Virtualization under UAC, but that is disabled on the particular key you are accessing in this example, but you should be aware of it). KEY_ALL_ACCESS will only work for admin users. Most users do not have write access to HKLM, only read-only access, so opening the key with KEY_ALL_ACCESS will fail for non-admins. Always request the minimum permissions you actually need. In this case, open the key for KEY_QUERY_VALUE access.
You are also calling RegGetValue() with the wrong parameter values.
Try something more like this instead:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_QUERY_VALUE | KEY_WOW64_64KEY,
&hKey);
if (result != ERROR_SUCCESS)
{
...
}
else
{
DWORD value;
DWORD size = sizeof(DWORD);
//after this line executes, value should have the DWORD data of the specified registry key/valuename
result = RegQueryValueEx(
hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&value),
&size);
if (result != ERROR_SUCCESS)
{
...
}
size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
result = RegGetValue(
hKey,
NULL,
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}
RegCloseKey(hKey);
}
Alternatively:
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result = RegGetValue(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD | RRF_SUBKEY_WOW6464KEY,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}

How can i add registry key with c++ on HKEY_LOCAL_MACHINE [duplicate]

Could anybody tell me what's wrong is with this code? There is no errors. Everything returns ERROR_SUCCESS but in register can't see any changes.
void Utils::writePath(LPCTSTR data)
{
HKEY hkey;
DWORD dwDisposition;
if(RegCreateKeyEx(HKEY_LOCAL_MACHINE,
TEXT("SOFTWARE\\aaTestCompany\\testApp"),
0, NULL, 0,
KEY_WRITE, NULL,
&hkey, &dwDisposition) == ERROR_SUCCESS)
{
long setRes = RegSetValueEx (hkey, "testPath", 0, REG_SZ, (LPBYTE)data, strlen(data)+1);
if (setRes == ERROR_SUCCESS) {
printf("Success writing to Registry.");
} else {
printf("Error writing to Registry.");
}
RegCloseKey(hkey);
}
else
MessageBox(NULL,"error","",0);
}
As the application is 32-bit on a 64-bit OS the registry key will actually be created beneath HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node.
See 32-bit and 64-bit Application Data in the Registry.
Can you try with 5th and 6th parameters as REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS

Access is Denied for registry

I am playing with the registry programmatically for the first time, and it's not working that well (but at least I haven't destroyed my computer). Specifically, I keep getting back Error 5 (Access is Denied) from RegCreateKeyEx and RegSetValueEx. The thing that is strangest to me is that when HKEY_CURRENT_USER\Software\dir1\Sub Directory already exists, RegCreateKeyEx fails with Error 5, but when it doesn't already exist, it creates it successfully; and then fails on the RegSetValueEx.
Am I doing anything wrong in this code?
BOOL MyDialog::SaveLocationsToRegistry()
{
HKEY hkey;
DWORD dwDisposition;
DWORD dwType, dwSize;
LONG result = RegCreateKeyEx(HKEY_CURRENT_USER, TEXT("Software\\dir1\\Sub Directory"),
0, NULL, 0, 0, NULL, &hkey, &dwDisposition);
if(result == ERROR_SUCCESS)
{
LPCTSTR szLastFolder = "C:\\Documents and Settings\\user\\My Documents\\Copy of item\0";
dwType = REG_SZ;
dwSize = strlen(szLastFolder)+1;
LONG setResult = RegSetValueEx(hkey, TEXT("LastFolder"), 0, dwType,
(PBYTE)&szLastFolder, dwSize);
RegCloseKey(hkey);
return setResult == ERROR_SUCCESS;
}
else
{
return false;
}
}
Note: The absolute path is only there temporarily. Baby steps ;-)
You're not asking for any access rights. You probably want to specify KEY_WRITE (or something) for the 6th parameter (samDesired).
LONG result = RegCreateKeyEx(HKEY_CURRENT_USER, TEXT("Software\\dir1\\Sub Directory"),
0, NULL, 0, KEY_WRITE, NULL, &hkey, &dwDisposition);

Create a new windows registry key using c++

I'm trying to create a new registry key in the windows registry using C++. Here is the code I have so far:
HKEY hKey;
LPCTSTR sk = TEXT("SOFTWARE\\OtherTestSoftware");
LONG openRes = RegCreateKeyEx(
HKEY_LOCAL_MACHINE,
sk,
0,
NULL,
REG_OPTION_BACKUP_RESTORE,
KEY_ALL_ACCESS,
NULL,
&hKey,
NULL);
if (openRes==ERROR_SUCCESS) {
printf("Success creating key.");
} else {
printf("Error creating key.");
}
LPCTSTR value = TEXT("OtherTestSoftwareKey");
LPCTSTR data = "OtherTestData\0";
LONG setRes = RegSetValueEx (hKey, value, 0, REG_SZ, (LPBYTE)data, strlen(data)+1);
if (setRes == ERROR_SUCCESS) {
printf("Success writing to Registry.");
} else {
printf("Error writing to Registry.");
}
//RegDeleteKey(hKey, sk);
LONG closeOut = RegCloseKey(hKey);
if (closeOut == ERROR_SUCCESS) {
printf("Success closing key.");
} else {
printf("Error closing key.");
}
I'm able to successfully open an existing key using a very similar code snippet (basically replace RegCreateKeyEx with RegOpenKeyEx). I would imagine that one or more of the arguments I'm passing into RegCreateKeyEx is causing the trouble. I'm honestly not sure where things might be getting fouled up since all of the error codes i've trapped show success. For reference, here is the function signature for RegCreateKeyEx:
/*
* LONG WINAPI RegCreateKeyEx(
__in HKEY hKey,
__in LPCTSTR lpSubKey,
__reserved DWORD Reserved,
__in_opt LPTSTR lpClass,
__in DWORD dwOptions,
__in REGSAM samDesired,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__out PHKEY phkResult,
__out_opt LPDWORD lpdwDisposition
);
*/
Any thoughts would be great!
thanks,
brian
I've been compiling my own personal Function Library for years. One part of this deals entirely with registry access, see the CreateRegistryKey function the Registry.Cpp file.
If you are interested, you can grab the entire library here.
As already mentioned, you've specified the REG_OPTION_BACKUP_RESTORE option in the call to RegCreateKeyEx, which means that you're opening the key in order to perform a backup or restore. Ordinarily, you would use REG_OPTION_NON_VOLATILE instead.
What operating system are you running? In Windows 2000/XP, the HKEY_LOCAL_MACHINE registry hive is not writeable by non-administrator users, so RegCreateKeyEx will fail with an access denied error (error 5). This also applies to Vista, if your application has a requestedExecutionLevel entry in its manifest. If you're running Vista, and your application doesn't specify a requestedExecutionLevel (or if it doesn't have a manifest at all), access to HKEY_LOCAL_MACHINE will be virtualised, so RegCreateKeyEx should succeed. See Registry Virtualization in Windows Vista in MSDN for more details.
There are some more problems with the code you've posted, which will only become apparent if you compile your project with UNICODE defined. This line:
LPCTSTR data = "OtherTestData\0";
should be
LPCTSTR data = TEXT("OtherTestData\0");
and this line:
LONG setRes = RegSetValueEx(hKey, value, 0, REG_SZ,
(LPBYTE)data, _tcslen(data)+1);
should be:
LONG setRes = RegSetValueEx(hKey, value, 0, REG_SZ,
(LPBYTE)data, (_tcslen(data)+1) * sizeof(TCHAR));
because the cbData parameter in RegSetValueEx is the length of the data in bytes, not characters.
I hope this helps!
The first clue is your use of REG_OPTION_BACKUP_RESTORE. You probably don't want to use that flag, as I believe it requires a special "backup" privilege that you need to enable beforehand. Normal applications won't want to do that.
Probably this is the reason why you can cannot create a new key, with your code.
These links might be of help.
http://www.codeguru.com/forum/archive/index.php/t-378884.html
http://www.codeguru.com/forum/archive/index.php/t-275250.html
As a sidenote, always try GetLastError() to get the error message.
I have not tested either of them.