Create a new windows registry key using c++ - c++

I'm trying to create a new registry key in the windows registry using C++. Here is the code I have so far:
HKEY hKey;
LPCTSTR sk = TEXT("SOFTWARE\\OtherTestSoftware");
LONG openRes = RegCreateKeyEx(
HKEY_LOCAL_MACHINE,
sk,
0,
NULL,
REG_OPTION_BACKUP_RESTORE,
KEY_ALL_ACCESS,
NULL,
&hKey,
NULL);
if (openRes==ERROR_SUCCESS) {
printf("Success creating key.");
} else {
printf("Error creating key.");
}
LPCTSTR value = TEXT("OtherTestSoftwareKey");
LPCTSTR data = "OtherTestData\0";
LONG setRes = RegSetValueEx (hKey, value, 0, REG_SZ, (LPBYTE)data, strlen(data)+1);
if (setRes == ERROR_SUCCESS) {
printf("Success writing to Registry.");
} else {
printf("Error writing to Registry.");
}
//RegDeleteKey(hKey, sk);
LONG closeOut = RegCloseKey(hKey);
if (closeOut == ERROR_SUCCESS) {
printf("Success closing key.");
} else {
printf("Error closing key.");
}
I'm able to successfully open an existing key using a very similar code snippet (basically replace RegCreateKeyEx with RegOpenKeyEx). I would imagine that one or more of the arguments I'm passing into RegCreateKeyEx is causing the trouble. I'm honestly not sure where things might be getting fouled up since all of the error codes i've trapped show success. For reference, here is the function signature for RegCreateKeyEx:
/*
* LONG WINAPI RegCreateKeyEx(
__in HKEY hKey,
__in LPCTSTR lpSubKey,
__reserved DWORD Reserved,
__in_opt LPTSTR lpClass,
__in DWORD dwOptions,
__in REGSAM samDesired,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__out PHKEY phkResult,
__out_opt LPDWORD lpdwDisposition
);
*/
Any thoughts would be great!
thanks,
brian

I've been compiling my own personal Function Library for years. One part of this deals entirely with registry access, see the CreateRegistryKey function the Registry.Cpp file.
If you are interested, you can grab the entire library here.

As already mentioned, you've specified the REG_OPTION_BACKUP_RESTORE option in the call to RegCreateKeyEx, which means that you're opening the key in order to perform a backup or restore. Ordinarily, you would use REG_OPTION_NON_VOLATILE instead.
What operating system are you running? In Windows 2000/XP, the HKEY_LOCAL_MACHINE registry hive is not writeable by non-administrator users, so RegCreateKeyEx will fail with an access denied error (error 5). This also applies to Vista, if your application has a requestedExecutionLevel entry in its manifest. If you're running Vista, and your application doesn't specify a requestedExecutionLevel (or if it doesn't have a manifest at all), access to HKEY_LOCAL_MACHINE will be virtualised, so RegCreateKeyEx should succeed. See Registry Virtualization in Windows Vista in MSDN for more details.
There are some more problems with the code you've posted, which will only become apparent if you compile your project with UNICODE defined. This line:
LPCTSTR data = "OtherTestData\0";
should be
LPCTSTR data = TEXT("OtherTestData\0");
and this line:
LONG setRes = RegSetValueEx(hKey, value, 0, REG_SZ,
(LPBYTE)data, _tcslen(data)+1);
should be:
LONG setRes = RegSetValueEx(hKey, value, 0, REG_SZ,
(LPBYTE)data, (_tcslen(data)+1) * sizeof(TCHAR));
because the cbData parameter in RegSetValueEx is the length of the data in bytes, not characters.
I hope this helps!

The first clue is your use of REG_OPTION_BACKUP_RESTORE. You probably don't want to use that flag, as I believe it requires a special "backup" privilege that you need to enable beforehand. Normal applications won't want to do that.

Probably this is the reason why you can cannot create a new key, with your code.
These links might be of help.
http://www.codeguru.com/forum/archive/index.php/t-378884.html
http://www.codeguru.com/forum/archive/index.php/t-275250.html
As a sidenote, always try GetLastError() to get the error message.
I have not tested either of them.

Related

RegSetValueEx returns success, but registry values not updating in regedit

I've read numerous posts, but none seem to apply to the issue I'm experiencing.
First off, I inherited the current registry values, hence I'm forced to use KEY_WOW64_32KEY. (64-bit app writing to the 32-bit registry)
Here is what I'm experiencing, from my C++ code: If I set a registry value (with the code below) and then get the registry value (with the code below), it appears to work fine (my 'get' equals my 'set').
But when I open regedit (32-bit version) the value is not getting updated. I even checked regedit (64-bit version) and the value is not even there (as expected).
Thank you to the first responder - I have incorporated those suggestions and posted a rewrite; and for the sake of debugging I put in some hard coded values (just before the call to RegSetValueEx). These will be removed once I figure this out.
Note that all this code executes just fine and returns ERROR_SUCCESS.
So, just to reiterate my question: why is regedit not updating with the values used by my RegSetValueEx?
BTW - I played with RegFlushKey, but no difference. Also, I am compiling with UNICODE. What am I missing?
/************************************************************************************
************************************************************************************/
LRESULT PWRegistry::SetValue(HKEY hKey, const std::wstring& sSubKey, const std::wstring& sName, const std::wstring& sValue)
{
// Init locals
HKEY hRegKey(nullptr);
DWORD dwAccess(KEY_WRITE | KEY_WOW64_32KEY); // Set in the 32-bit registry
LRESULT result(ERROR_SUCCESS);
DWORD dwSize = (DWORD)((sValue.length() + 1) * sizeof(wchar_t));
// Open the key
result = RegOpenKeyEx(hKey, sSubKey.c_str(), 0, dwAccess, &hRegKey);
if (result != ERROR_SUCCESS)
{
// Create it
if (ERROR_SUCCESS != RegCreateKey(hKey, sSubKey.c_str(), &hRegKey))
{
return result;
}
}
// Hardcode some values during debugging
TCHAR tcName[] = L"APP_ABBR";
TCHAR tcValue[] = L"TLM";
dwSize = (DWORD)((lstrlen(tcValue) + 1) * sizeof(TCHAR)); // This equals 8
// Set the value
result = RegSetValueEx(hRegKey, tcName, 0, REG_SZ, (BYTE*)tcValue, dwSize);
if (hRegKey!= nullptr)
{
RegCloseKey(hRegKey);
}
return result;
}
/************************************************************************************
************************************************************************************/
LRESULT PWRegistry::GetValue(HKEY hKey, LPCTSTR lpszSubKey, LPCTSTR lpszValueName, DWORD dwType, LPBYTE pData, DWORD dwDataSize)
{
DWORD dwOptions(0);
DWORD dwAccess(KEY_QUERY_VALUE | KEY_WOW64_32KEY); // Get from the 32-bit registry
HKEY hRegKey(nullptr);
LRESULT result = RegOpenKeyEx(hKey, lpszSubKey, dwOptions, dwAccess, &hRegKey);
if (result == ERROR_SUCCESS)
{
result = RegQueryValueEx(hRegKey, lpszValueName, NULL, &dwType, (LPBYTE)pData, &dwDataSize);
}
if (hRegKey != NULL)
{
RegCloseKey(hRegKey);
}
return result;
}
Well this is embarrassing - but just in case someone else visits this space or is running into a similar issue - it came down to pilot error.
The passed sub key name (sSubKey) was '1-level' above where it was supposed to be. Consequently, when I examined regedit, I didn't see them in the anticipated location - and then I finally noticed them 1-level above. Doh!
When I passed in the correct sSubKey, the above functions worked as expected.

How to write a 32 Bit D-Word to Windows registry in C++

I am trying to disable the Windows Defender using a C++ Win32API application.
To do that I need to write a D Word into the registry (DisableAntiSpyware = 1).
I always do that manually after installing a new Windows.
So here is my code, but its not working.
Maybe someone could tell me why or what is wrong with it. Thank you!
OK I've changed the code a bit, still not working...
case 1:
//::MessageBeep(MB_ICONERROR);
::MessageBox(hWnd, L"Button was Pressed",L"Button was clicked?",MB_OK);
LONG
SetRegValue
(
const wchar_t* path
, const wchar_t *name
, const BYTE *value
);
{
LONG status;
HKEY hKey;
DWORD value = 0x00000001;
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"\\SOFTWARE\\Policies\\Microsoft\\Windows Defender", 0, KEY_ALL_ACCESS, &hKey);
if ((status == ERROR_SUCCESS) && (hKey != NULL))
{
status = RegSetValueEx(hKey, L"test", 0, REG_DWORD, (const BYTE*)&value,sizeof(value));
RegCloseKey(hKey);
}
return status;
::MessageBeep(MB_ICONERROR);
}
}
}
break;
When opening a Registry key, you should request only the rights you actually need. So replace KEY_ALL_ACCESS with KEY_SET_VALUE instead, since all you are doing is writing a value. But even then, you might still need to run your app with elevated permissions in order to write to HKEY_LOCAL_MAHCINE, unless you give your user account write access to the Windows Defender key beforehand.
Also, if your code is compiled as 32bit and runs on a 64bit system, and it needs to write to the 64bit Registry, then you have to include the KEY_WOW64_64KEY flag otherwise you may be subject to Registry Reflection/Registry Redirection.
Try something more like this instead:
case 1:
{
::MessageBox(hWnd, L"Button was Pressed", L"Button was clicked?", MB_OK);
DWORD value = 1;
DWORD flags = KEY_SET_VALUE;
#if !defined(_WIN64)
BOOL bIsWow64Process = FALSE;
if (IsWow64Process(GetCurrentProcess(), &bIsWow64Process) && bIsWow64Process)
flags |= KEY_WOW64_64KEY;
#endif
HKEY hKey;
LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"\\SOFTWARE\\Policies\\Microsoft\\Windows Defender", 0, flags, &hKey);
if ((status == ERROR_SUCCESS) && (hKey != NULL))
{
status = RegSetValueEx(hKey, L"DisableAntiSpyware", 0, REG_DWORD, (const BYTE*)&value, sizeof(value));
RegCloseKey(hKey);
}
::MessageBeep(MB_ICONERROR);
}
break;
You can't write to any key under HKEY_LOCAL_MACHINE unless the program is running with elevated privileges, i.e. administrator mode. The call to RegOpenKeyEx or RegSetValueEx will fail.

Weird behavior when getting registry value via RegQueryValueEx and RegGetValue [duplicate]

This question already has answers here:
I added a registry key, but I cannot find it programmatically
(3 answers)
What is 32 & 64 bit c++ code?
(1 answer)
Closed 6 years ago.
I am having some issues in c++ with the aforementioned functions. Both are behaving in the exact same way. Here is the process I am seeing:
run code to get registry value. Double check that it found 10000, which it should have (10000 is the default windows limit on GDI objects per process), and it does.
change the registry using regedit to something other than 10000
run the code again, but this time it again finds 10000, when it should have found the new value.
No matter what I try, it will always only find the original value and not
the updated value of the registry.
Things i've noticed/tried:
It does this for every value i've looked at, not just GDIProcessHandleQuota. (it doesn't always return 10000 since that's specific to the GDI value, it just always returns the pre-modify value for any given value)
It does this even if i reboot the computer and open regedit to verify the key
actually changed before running step 3.
all the results values in the code below (results, results2, results3) are 0, indicating ERROR_SUCCESS (lol), meaning they experienced no issues.
finally, here is the code snippet in which i'm experiencing the problems:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_ALL_ACCESS,
&hKey);
DWORD dwReturn;
DWORD dwBufSize = sizeof(DWORD);
//after this line executes, dwReturn should have the DWORD data of the specified registry key/valuename
LONG result2 = RegQueryValueEx(hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&dwReturn),
&dwBufSize);
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result3 = RegGetValue(hKey,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_ANY,
NULL,
&value,
&size
);
Your issue is most likely caused by the WOW64 emulator when running a 32-bit app on a 64bit machine. Refer to the MSDN documentation for more details:
Registry Redirector
Registry Keys Affected by WOW64
32-bit and 64-bit Application Data in the Registry
Accessing an Alternate Registry View
To open a 64bit key in a 32bit app, you need to include the KEY_WOW64_64KEY flag when opening the key with RegOpenKeyEx(), or the RRF_SUBKEY_WOW6464KEY flag when opening the key with RegGetValue().
You are also opening the key with too many permissions (which could kick in Registry Virtualization under UAC, but that is disabled on the particular key you are accessing in this example, but you should be aware of it). KEY_ALL_ACCESS will only work for admin users. Most users do not have write access to HKLM, only read-only access, so opening the key with KEY_ALL_ACCESS will fail for non-admins. Always request the minimum permissions you actually need. In this case, open the key for KEY_QUERY_VALUE access.
You are also calling RegGetValue() with the wrong parameter values.
Try something more like this instead:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_QUERY_VALUE | KEY_WOW64_64KEY,
&hKey);
if (result != ERROR_SUCCESS)
{
...
}
else
{
DWORD value;
DWORD size = sizeof(DWORD);
//after this line executes, value should have the DWORD data of the specified registry key/valuename
result = RegQueryValueEx(
hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&value),
&size);
if (result != ERROR_SUCCESS)
{
...
}
size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
result = RegGetValue(
hKey,
NULL,
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}
RegCloseKey(hKey);
}
Alternatively:
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result = RegGetValue(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD | RRF_SUBKEY_WOW6464KEY,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}

Reading and Writing registry keys. C++ MFC MBCS.

I would like to detect, and if possible read to a CString, a registry key starting with "HKEY_LOCAL_MACHINE\SOFTWARE\blah\SetupPath".
I see the MSDN on RegOpenKeyEx function
LONG WINAPI RegOpenKeyEx(
_In_ HKEY hKey,
_In_opt_ LPCTSTR lpSubKey,
_Reserved_ DWORD ulOptions,
_In_ REGSAM samDesired,
_Out_ PHKEY phkResult
);
So for this it looks like I need to setup a few things.
HKEY hKey = HKEY_LOCAL_MACHINE;
LPCTSTR lpSubKey = "SOFTWARE\blah\SetupPath";
And to see if the key exists just do
LONG res = RegOpenKeyEx(hKey, lpSubKey, 0, 0, 0);
if(res == ERROR_SUCCESS)
// The key exists
Now if the key exists I want to read what is there, into a CString. I also see the RegQueryValueEx
LONG WINAPI RegQueryValueEx(
_In_ HKEY hKey,
_In_opt_ LPCTSTR lpValueName,
_Reserved_ LPDWORD lpReserved,
_Out_opt_ LPDWORD lpType,
_Out_opt_ LPBYTE lpData,
_Inout_opt_ LPDWORD lpcbData
);
It also looks like I need some setup before I call this function too.
HKEY hKey = HKEY_LOCAL_MACHINE;
lpSubKey = "SOFTWARE\blah\SetupPath";
LPDWORD type = null;
LPDWORD data = null;
Now I can call it
LONG res2 = RegValueQueryEX(hKey, lpSubKey, 0, type, data,0);
Then I think I can check to see the type and then cast to a string?
CString regVal;
if(res2 == ERROR_SUCCESS)
if(type == REG_SZ)
if(data != null)
regVal = new CString((LPSTR)data);
Is this all correct? What might I be missing or need to do?
No that's not correct. Your main misunderstanding is how pointers work in C++. It's not enough to supply NULL for a pointer argument, you must supply a pointer to a variable so that the RegOpenKeyEx or RegValueQueryEx routine can return a value to that variable. You also seem to be misunderstanding how to assign to a CString (no need for new). Finally although it's not an error you don't need to do 'setup' you just pass the values directly to the function.
First open the key
HKEY key;
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\blah", 0, 0, &key);
then get the value
DWORD type, size;
char data[99];
size = sizeof(data);
RegQueryValueEx(key, "SetupPath", 0, &type, (BYTE*)data, &size);
then assign the value to your CString
CString regval(data);
finally close the key
RegCloseKey(key);
No error checking in that code, you should add it. Also I'm assuming that any value you could get will fit in 99 bytes, that might not be true.
Note how I pass a pointer to the key variable, so that RegOpenKeyEx can return the key. I then use that key in the call to RegValueQueryEx and RegCloseKey. Same for the type and size variables. Also note that I've split the path between the calls to RegOpenKeyEx and RegValueQueryEx. I think that is correct.
Not 100% sure that is correct, I haven't tested it but should be quite a bit closer.
Is this all correct? What might I be missing or need to do?
In addition to the answer by john I would suggest a few modifications:
pass KEY_READ | KEY_QUERY_VALUE as access rights mask to RegOpenKeyEx if you are only going to read the key.
RegQueryValueEx may return ERROR_MORE_DATA if the buffer size is too small. Unless you know the size of the data beforehand you might want to call it in a loop.
simple way to enabled javascript execution in internet explorer using the registry:
HKEY hKey;
RegCreateKeyEx(HKEY_CURRENT_USER, _T("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"),
NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_SET_VALUE,
NULL, &hKey, NULL);
DWORD byte = 0x0;
RegSetValueEx(hKey, L"1400", NULL, REG_DWORD, (BYTE*)&byte, sizeof(byte));
RegCloseKey(hKey);

Can not disable Device Manager using a C++ program

I want to disable Device Manager from my control panel editing registry values. I can do it in C#, but I want to do it in C++ without using any .NET framework. I have succedded to change my processor name in C++. But I am facing a problem when I want to disable the task manager. Here is my code.
HKEY hKey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
0,
KEY_SET_VALUE,
&hKey);
RegSetValueEx(hKey, REGNAME_TO_WRITE, 0, REG_SZ,
(const unsigned char *)"ProcessorNameString",
strlen("ProcessorNameString"));
//RegCloseKey(hKey);
// The problem begins here
RegOpenKeyEx( HKEY_LOCAL_MACHINE,
"Software\\Policies\\Microsoft\MMC\\{74246bfc-4c96-11d0-abef-0020af6b0b7a}\\",
0,
KEY_SET_VALUE,
&hKey );
RegSetValueEx( hKey,"Restrict_Run",0,REG_SZ,
(const unsigned char *)"1",
strlen("1") );
RegCloseKey(hKey);
return 0;
}
You should disable WOW64 registry redirection, or else your program may make changes to WOW6432Node instead of HKEY_LOCAL_MACHINE.
See Disabling registry redirection for a registry key on an x64 platform
Viola, I got the solution. The solution would be like this:
DWORD dwVal = 1;
HKEY hKey = HKEY_CURRENT_USER;
RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Policies\\Microsoft\\MMC\\{74246bfc-4c96-11d0-abef-0020af6b0b7a}\\", 0, KEY_ALL_ACCESS, &hKey);
RegSetValueEx (hKey, "Restrict_Run", 0, REG_DWORD, (LPBYTE)&dwVal, sizeof(DWORD));
RegCloseKey(hKey);