Scribd
Upload
187 views8 pages

CO1508 Computer Systems & Security - Week 10: Building Your Harmless Virus in C++ - Part 1 Windows Registry

This document provides instructions on building a harmless virus in C++ that infects the Windows registry. It teaches how to make an application start automatically by adding it to the registry Run key. The code examples show how to access the registry using API functions, write a value to the Run key to launch Paint, and write a program that moves the mouse randomly and registers itself to run on startup. The final tasks instruct students to research registry functions for reading/deleting keys and values, and deleting files found in the registry.

Uploaded by

Edward Lee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
187 views8 pages

CO1508 Computer Systems & Security - Week 10: Building Your Harmless Virus in C++ - Part 1 Windows Registry

This document provides instructions on building a harmless virus in C++ that infects the Windows registry. It teaches how to make an application start automatically by adding it to the registry Run key. The code examples show how to access the registry using API functions, write a value to the Run key to launch Paint, and write a program that moves the mouse randomly and registers itself to run on startup. The final tasks instruct students to research registry functions for reading/deleting keys and values, and deleting files found in the registry.

Uploaded by

Edward Lee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Page 1 of 8

CO1508 Computer Systems & Security – Week 10


Building your harmless virus in C++ – Part 1 Windows Registry

Summary
You are going to explore Windows Registry and learn how to make an application starts
every time the computer is powered on. After that, you are going to build a C++ programme
that will infect Windows Registry to start every time the machine starts and make the
mouse go crazy. It’s your little harmless virus!

Note
The C++ code in this lab sheet might contains errors and/or bugs. This is done on purpose.
One of the main aims of this practice is getting you to find out solutions and debug your
code carefully. Don’t worry, when you’re stuck, your lab tutor will help.

Activities

1. Windows Registry

From Start menu  Type Run  Enter. In the Run window, type regedit. Click Yes.
As we discussed during the lecture, Windows registry is a central database for system and
software configurations on Windows machine. You’ll learn a trick to start an application
every time the machine is powered on.
Go to the following location:
\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
What can you see there? How many strings are there?

Now, right click in the empty space and choose New  String Value  MyValue. Right click
on MyValue and choose modify (or simply double click on MyValue). In the Value Data field,
put this: “C:\Windows\System32\mspaint.exe” (yes including the double quotations).
Now, restart your machine and watch the result.
If everything works correctly, Paint should start automatically.
Why is this important? Can you think of a good use and a bad use of this feature?

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 2 of 8

2. Create Visual Studio C++ Project

Open Visual Studio and create a new “Windows Console Application” under Visual C++
project named “Week10-RegVirus”.

3. Windows Registry API

Registry key values can be edited using regedit, as you already did in section 1. Another way
of editing registry keys is an API system library in Windows called winreg.h
Here, you can find all the functions provided by this library:
https://docs.microsoft.com/en-us/windows/desktop/api/winreg/
Examples of these functions are:
RegCloseKey RegOpenKey

RegConnectRegistry RegOpenKeyEx

RegCreateKey RegQueryInfoKey

RegCreateKeyEx RegQueryMultipleValues

You’ve to spend some time reading about these functions and understanding how it works
and why you might need to use them. This is important for your assignment because you
should be able to answer any question about any line of code. This is also important for this
lab sheet so you can fix any bug in the code below.

We’ll do a Hello Registry exercise at the beginning to get you going 😊 However, before
diving into code details, you’ve to remember these steps to change a registry key value
through a C++ programme:
• Open the key you want to edit
• Edit the value
• Close the key (this is very important because otherwise the value won’t be written)

In the code below, I’ll assume that you can refer to the link above (about winreg.h) to
understand registry editing functions. I’ll only explain system functions when necessary.
Again, you’ve to spend some time reading/understanding the main functions in winreg.h.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 3 of 8

4. Windows Registry – Handle to Key (HKEY)

In Section 1, we created a new entry to make Paint starts every time we start the machine.
We’ll do the same now but using C++. Write the following code into your C++ project:

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 4 of 8

After fixing the errors, build and run. Open the registry again and check the values in Run.
Did it work? Do you see anything strange there? Clearly, the code worked but didn’t set the
value correctly. Try to fix the code. Hint: check the parameters types.

Once it’s fixed, build and run again. It should have the correct value in Run. Once it’s there,
save your work, restart your machine and check if MS paint will start automatically.
If you’re stuck, ask your lab tutor for help. Try to find the solution yourself first!

5. Windows Registry – Crazy Mouse

So far, you learnt how to open a registry key and write a new value in Run. Now, let’s try to
write a programme that will make the mouse go crazy. In the same project, add the
following code to your previous one. Remember, put it before return 0 at the end!

Now, build and run. Click ok when you see the infection message. Now, I dare you to control
your mouse!!! ☺

Don’t worry, you can press “Alt+Ctrl+Del” to get Windows task manager and kill the exe file
to stop this madness. (Don’t end Visual studio task!) If you can’t control the mouse to get to
Task manager, use Alt+F4 on keyboard to close the console window.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 5 of 8

Try to run the code again but this time, use the keyboard to close the console window (use
Alt+F4). It looks that our crazy mouse virus is weak and vulnerable to these two methods!
(Windows Task Manager or Alt+F4). We’ll learn how to hide the console window, so it’ll be
more difficult to stop it!!! But first, read the explanation of the new functions used above:

• srand(time(NULL)) initialises the pseudo random number generator with a value


time(NULL), which returns the current calendar time from the system.

• POINT this class represents an x-y coordinate point on a two-dimensional integer grid.
• GetCursorPos(&point) retrieves the position of the mouse cursor, in screen
coordinates and point the value in &point.
• SetCursorPos(point.x, point.y) sets the mouse cursor to the specified
coordinates on the screen.

6. Hide the Console Window

Add the following the code in red to your while loop:

Now, build and run. The console window will disappear. You can use task manger to stop it
by expanding Visual Studio and you’ll find it there Week10-RegVirus.exe ☺ You might have
to use the keyboard if your mouse is still crazy!

• GetConsoleWindow()retrieves the window handle used by the console associated


with the calling process.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 6 of 8

• showWindow() sets the specified window show state. Check the parameters’ values
here https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-
showwindow

7. Windows Registry – Register Yourself to Run Every Time

We want to register the exe file of our virus, so it runs every time the machine runs. I’ll post
the full code here so you’ve the full picture now. The code contains all the pieces from all
the sections in this lab sheet. Note the code in red is the new added pieces to register the
exe file into the Run key.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 7 of 8

Now, build and run. Restart your machine and see what will happen.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 8 of 8

Back to the code, the only new function in this code is GetModuleFileName(NULL, VPath,
MAX_PATH).

It retrieves the fully qualified path for the file that contains the specified module. The
module must have been loaded by the current process. You can read about the parameters
here: https://docs.microsoft.com/en-us/windows/desktop/api/libloaderapi/nf-libloaderapi-
getmodulefilenamea
Can you figure out why did we use MAX_PATH? Find the answer.

8. The Assignment – Start now with these tasks

Now, you should be able to start your assignment. You’ve been given the basics to do the
registry virus and manipulate registry values. In the time left in this lab, try to do the
following tasks in C++:
• Find out how to read a key from the registry and display its value on screen
• Find out how to delete a specific registry value or key
• Find out how to access a path on the hard disk and delete that file you found in the
registry key.

Finally, remember that you have to understand every line of code you’re writing. You’ll be
asked during the demo of your assignment. Therefore, don’t just copy/paste stuff.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

You might also like