Safe your Registry
So now you understood how to interact with registry (C++ as an example). You can learn more tips & Tricks on windows registry here
(Protecting Windows using Windows Registry C++)
This Post
will tell you how you can secure you windows using some basic features of the Windows
Registry. Windows Registry is a database which stores the configuration
settings and options on Windows operating system. Operating system reads the registry
key values while booting. You should have a comprehensive understanding of registry
keys and the possible value it can have before manipulating it.
Below is an
example in CPP which shows how to make use of the registry keys to customize
the behavior of Windows. To understand the below example, you should have the
basic knowledge of how to write a window based application in CPP.
Registry Functions used:
RegOpenKeyEx for opening the
specified registry key
RegSetValueEx for setting the
value and data type of a specified value under a key
RegDeleteValue for removing a
value from the specified key
1. Declarations
HANDLE hprocess_terminate;
HINSTANCE hInstance;
HWND hwnd;
static int operation;
DWORD x;
static HKEY hkey,hkey1;
UINT drive;
DWORD pid=0;
2. Windows main function
int WINAPI
WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow
)
{
WNDCLASS wnd;
MSG msg;
HWND hwnd;
wnd.cbClsExtra=0;
wnd.cbWndExtra=0;
wnd.hbrBackground=(HBRUSH)GetStockObject(WHITE_BRUSH);
wnd.hCursor=LoadCursor(hInstance,IDC_ARROW);
wnd.hIcon=LoadIcon(hInstance,IDI_APPLICATION);
wnd.hInstance=hInstance;
wnd.lpfnWndProc=myproc;
wnd.lpszClassName=L"usb";
wnd.lpszMenuName=NULL;
wnd.style=CS_HREDRAW|CS_VREDRAW;
if(!RegisterClass(&wnd))
{
MessageBox(NULL,L"RegisterClass
failed",L"",MB_OK);
}
hwnd=CreateWindow(L"usb",L"RegSec",WS_OVERLAPPEDWINDOW,20,20,650,600,NULL,LoadMenu(hInstance,MAKEINTRESOURCE(IDR_MENU1)),hInstance,NULL);
if(hwnd==NULL)
{
MessageBox(NULL,L"CreateWindow
failed",L"",MB_OK);
}
ShowWindow(hwnd,SW_SHOW);
while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 0;
}
3. Window Procedure
LRESULT CALLBACK myproc( HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
switch(uMsg)
{
case WM_CREATE:
return 0;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case
ID_USB_DISABLEUSBPORTS:
x=4;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Services\\USBSTOR",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"Start",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;
case
ID_USB_ENABLEUSBPORTS:
x=3;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Services\\USBSTOR",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"Start",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;
case
ID_USB_ENABLEWRITEPROTECTION:
x=1;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"WriteProtect",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;
case
ID_USB_DISABLEUSBWRITEPROTECTION:
x=0;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"WriteProtect",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;
case
ID_HARDDRIVES_HIDEALLDRIVES:
operation=1;
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG1),hwnd,dialogProc);
break;
case
ID_HARDDRIVES_SHOWALLDRIVES:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoDrives");
break;
case
ID_HARDDRIVES_LOCKHARDDRIVES:
operation=2;
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG1),hwnd,dialogProc);
break;
case
ID_HARDDRIVES_UNLOCKHARDDRIVES:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoViewOnDrive");
break;
case
ID_CONTROLPANEL_DISABLECONTROLPANEL:
x=1;
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoControlPanel",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;
case
ID_CONTROLPANEL_ENABLECONTROLPANEL:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoControlPanel");
break;
case
ID_CONTROLPANEL_BLACKLISTAPPLICATIONS:
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG2),hwnd,dialogProc2);
break;
}
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses(
aProcesses, sizeof(aProcesses), &cbNeeded )
)
{
return 1;
}
// Calculate how many process
identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process
identifier for each process.
for ( i = 0; i <
cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
PrintProcessNameAndID( aProcesses[i] );
}
}
return 0;
case WM_CLOSE:
DestroyWindow(hwnd);
return 0;
case WM_DESTROY :
PostQuitMessage(WM_QUIT);
return 0;
default:
return
DefWindowProc(hwnd,uMsg,wParam,lParam);
}
}
4. Dialog Procedure #1
INT_PTR CALLBACK dialogProc( HWND hwndDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
switch(uMsg)
{
case WM_INITDIALOG:
return true;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case IDC_OK:
drive=GetDlgItemInt(hwndDlg,IDC_EDIT1,NULL,FALSE);
x=drive;
if(operation==1)
{
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoDrives",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
}
if(operation==2)
{
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoViewOnDrive",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
}
EndDialog(hwndDlg,0);
break;
}
return true;
case WM_CLOSE:
EndDialog(hwndDlg,0);
return true;
}
return false;
}
Dialog
Procedure #2
INT_PTR CALLBACK dialogProc2( HWND hwndDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
static int blacklist_app_counter=0;
wchar_t
buff[5],app_name[20];//,temp[20];
switch(uMsg)
{
case WM_INITDIALOG:
/*blacklist_app_counter++;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",0,KEY_ALL_ACCESS,&hkey1);
while(RegEnumKeyEx(hkey1,blacklist_app_counter,NULL,NULL,0,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
{
blacklist_app_counter++;
}
wsprintf(temp,L"%d",blacklist_app_counter);
MessageBox(hwnd,temp,L"",MB_OK);*/
return true;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case IDC_CONTINUE:
blacklist_app_counter++;
wsprintf(buff,L"%d",blacklist_app_counter);
GetDlgItemText(hwndDlg,IDC_EDIT1,app_name,wcslen(app_name));
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",&hkey);
RegSetValueEx(hkey,buff,0,REG_SZ,(LPBYTE)app_name,50);
EndDialog(hwndDlg,0);
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG2),hwnd,dialogProc2);
//MessageBox(hwndDlg,L"continue",L"",MB_OK);
break;
case IDC_ACTIVATE:
x=1;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"DisallowRun",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
EndDialog(hwndDlg,0);
break;
case IDC_DEACTIVATE:
x=0;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"DisallowRun",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
EndDialog(hwndDlg,0);
break;
case IDC_CLEAR:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"DisallowRun");
RegDeleteKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun");
EndDialog(hwndDlg,0);
break;
}
return true;
case WM_CLOSE:
EndDialog(hwndDlg,0);
return true;
}
return false;
}
So now you understood how to interact with registry (C++ as an example). You can learn more tips & Tricks on windows registry here
No comments:
Post a Comment