Skip to main content

Protecting Windows using Windows Registry (an example in C++)



This Post will tell you how you can secure you windows using some basic features of the Windows Registry. Windows Registry is a database which stores the configuration settings and options on Windows operating system. Operating system reads the registry key values while booting. You should have a comprehensive understanding of registry keys and the possible value it can have before manipulating it.
Below is an example in CPP which shows how to make use of the registry keys to customize the behavior of Windows. To understand the below example, you should have the basic knowledge of how to write a window based application in CPP.

Registry Functions used:
RegOpenKeyEx for opening the specified registry key
RegSetValueEx for setting the value and data type of a specified value under a key
RegDeleteValue for removing a value from the specified key



Download the source code


1.  Declarations

HANDLE hprocess_terminate;
HINSTANCE hInstance;
HWND hwnd;
static int operation;
DWORD x;
static HKEY hkey,hkey1;
UINT drive;
DWORD pid=0;


2.  Windows main function

int WINAPI WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow
)
{
WNDCLASS wnd;
MSG msg;
HWND hwnd;

wnd.cbClsExtra=0;
wnd.cbWndExtra=0;
wnd.hbrBackground=(HBRUSH)GetStockObject(WHITE_BRUSH);
wnd.hCursor=LoadCursor(hInstance,IDC_ARROW);
wnd.hIcon=LoadIcon(hInstance,IDI_APPLICATION);
wnd.hInstance=hInstance;
wnd.lpfnWndProc=myproc;
wnd.lpszClassName=L"usb";
wnd.lpszMenuName=NULL;
wnd.style=CS_HREDRAW|CS_VREDRAW;

if(!RegisterClass(&wnd))
{
MessageBox(NULL,L"RegisterClass failed",L"",MB_OK);
}

hwnd=CreateWindow(L"usb",L"RegSec",WS_OVERLAPPEDWINDOW,20,20,650,600,NULL,LoadMenu(hInstance,MAKEINTRESOURCE(IDR_MENU1)),hInstance,NULL);
if(hwnd==NULL)
{
MessageBox(NULL,L"CreateWindow failed",L"",MB_OK);
}

ShowWindow(hwnd,SW_SHOW);

while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}


return 0;
}


3.  Window Procedure

LRESULT CALLBACK myproc(          HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{

switch(uMsg)
{
case WM_CREATE:
return 0;
case WM_COMMAND:
switch(LOWORD(wParam))
{
case ID_USB_DISABLEUSBPORTS:
x=4;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Services\\USBSTOR",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"Start",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;

case ID_USB_ENABLEUSBPORTS:
x=3;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Services\\USBSTOR",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"Start",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;

case ID_USB_ENABLEWRITEPROTECTION:
x=1;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"WriteProtect",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;

case ID_USB_DISABLEUSBWRITEPROTECTION:
x=0;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,L"SYSTEM\\CurrentControlSet\\Control\\StorageDevicePolicies",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"WriteProtect",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;

case ID_HARDDRIVES_HIDEALLDRIVES:
operation=1;
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG1),hwnd,dialogProc);
break;

case ID_HARDDRIVES_SHOWALLDRIVES:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoDrives");
break;

case ID_HARDDRIVES_LOCKHARDDRIVES:
operation=2;
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG1),hwnd,dialogProc);
break;

case ID_HARDDRIVES_UNLOCKHARDDRIVES:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoViewOnDrive");
break;

case ID_CONTROLPANEL_DISABLECONTROLPANEL:
x=1;
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoControlPanel",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
break;

case ID_CONTROLPANEL_ENABLECONTROLPANEL:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"NoControlPanel");
break;

case ID_CONTROLPANEL_BLACKLISTAPPLICATIONS:
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG2),hwnd,dialogProc2);
break;
}

DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
{
return 1;
}
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name and process identifier for each process.
for ( i = 0; i < cProcesses; i++ )
{
if( aProcesses[i] != 0 )
{
PrintProcessNameAndID( aProcesses[i] );
}
}
return 0;
case WM_CLOSE:
DestroyWindow(hwnd);
return 0;
case WM_DESTROY :
PostQuitMessage(WM_QUIT);
return 0;
default:
return DefWindowProc(hwnd,uMsg,wParam,lParam);
}

}

4.  Dialog Procedure #1

INT_PTR CALLBACK dialogProc(          HWND hwndDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
switch(uMsg)
{
case WM_INITDIALOG:

return true;
case WM_COMMAND:

switch(LOWORD(wParam))
{
case IDC_OK:
drive=GetDlgItemInt(hwndDlg,IDC_EDIT1,NULL,FALSE);
x=drive;
if(operation==1)
{
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoDrives",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
}
if(operation==2)
{
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,L"NoViewOnDrive",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
}

EndDialog(hwndDlg,0);
break;
}
return true;
case WM_CLOSE:
EndDialog(hwndDlg,0);
return true;
}
return false;
}

Dialog Procedure #2

INT_PTR CALLBACK dialogProc2(          HWND hwndDlg,
UINT uMsg,
WPARAM wParam,
LPARAM lParam
)
{
static int blacklist_app_counter=0;
wchar_t buff[5],app_name[20];//,temp[20];
switch(uMsg)
{
case WM_INITDIALOG:
/*blacklist_app_counter++;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",0,KEY_ALL_ACCESS,&hkey1);
while(RegEnumKeyEx(hkey1,blacklist_app_counter,NULL,NULL,0,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
{
blacklist_app_counter++;
}
wsprintf(temp,L"%d",blacklist_app_counter);
MessageBox(hwnd,temp,L"",MB_OK);*/
return true;
case WM_COMMAND:

switch(LOWORD(wParam))
{
case IDC_CONTINUE:
blacklist_app_counter++;
wsprintf(buff,L"%d",blacklist_app_counter);
GetDlgItemText(hwndDlg,IDC_EDIT1,app_name,wcslen(app_name));
RegCreateKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",&hkey);
RegSetValueEx(hkey,buff,0,REG_SZ,(LPBYTE)app_name,50);
EndDialog(hwndDlg,0);
DialogBox(hInstance,MAKEINTRESOURCE(IDD_DIALOG2),hwnd,dialogProc2);
//MessageBox(hwndDlg,L"continue",L"",MB_OK);
break;

case IDC_ACTIVATE:
x=1;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"DisallowRun",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
EndDialog(hwndDlg,0);
break;

case IDC_DEACTIVATE:
x=0;
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegSetValueEx(hkey,L"DisallowRun",0,REG_DWORD,(LPBYTE)&x,sizeof(DWORD));
EndDialog(hwndDlg,0);
break;

case IDC_CLEAR:
RegOpenKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",0,KEY_ALL_ACCESS,&hkey);
RegDeleteValue(hkey,L"DisallowRun");
RegDeleteKey(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun");
EndDialog(hwndDlg,0);
break;
}
return true;
case WM_CLOSE:
EndDialog(hwndDlg,0);
return true;
}
return false;
}

So now you understood how to interact with registry (C++ as an example). You can learn more tips & Tricks on windows registry here http://www.pctools.com/guides/registry/

Download the source code 

Comments

Popular posts from this blog

CDAC CCAT Rank - Which Centre you Should go for...

Subscribe us for our YouTube channel and any kind of help Click here to ask questions regarding CDAC 1. C-DAC (Head Quarters) Pune    CDAC's Admission Booklet- Process of Admission to Post Graduate Diploma Courses of C-DAC                         click below to know about the CCAT's This batch allotment                click above to know about the CCAT's This batch allotment Rank 1-300 c-dac HQ has been the best from the start. 2.  Sunbeam Pune Rank 300-500 I got very positive feedback from my friends who are in c-dac banglure main campus,since there are many companies you may get more opportunities. 3.  C-DAC Knowledge Park Rank 400-700 It as very good faculty .Almost all the students get placed here every year. 4. C-DAC Hyderabad Rank 200-1000 (It depends on the course which you select) C-DAC hyderabad is very good for...

Placement Statistics - 2011 & 2012

Subscribe us for our YouTube channel and any kind of help                          Post your queries below and we will get back to you in no more than 24 hours.  Click here to ask questions regarding CDAC                         click below to know about the CCAT's This batch allotment                     click above to know about the CCAT's This batch allotment CDAC's Admission Booklet- Process of Admission to Post Graduate Diploma Courses of C-DAC Click here to see placement statistics About C-CAT, Exam Pattern and Books No. of Seats Across Various Training Centres Important Dates - 2014 Tags: CDAC, CDAC scope in future, CDAC placements, CDAC training, CDAC recruitment, CDAC training centres, DSSD, DESD, DAC, PGDSSD, PGDESD, PGDAC, DABC, PGDABC, VLSI,...

CDAC COURSES AND PLACEMENTS, WHICH IS BETTER FOR YOU

Subscribe us for our YouTube channel and any kind of help   Click here to ask questions regarding CDAC Before going through this post, I would like to draw your attention towards the importance of this post. This page not only explains my experience in CDAC but also aims at answering the queries of you all who are going or looking to have a course from CDAC. Kindly post your queries at the bottom of this page and we will get back to you within 24 hours. Kindly do not post your queries as an Anonymous user and do not forget to subscribe via email so as to keep track of your query.                         click below to know about the CCAT's This batch allotment                 click below to know about the CCAT's This batch allotment ______________________________________________ NOW a day lot of the graduates and post graduates are wondering most of the t...