Why not autoload code via C++ registry?

I

IgFil2020-12-23 18:05:37

C++ / C#

IgFil, 2020-12-23 18:05:37

void AutoRun()
    {
        char arr[MAX_PATH] = { };
        GetModuleFileName(NULL, (LPWSTR)arr, MAX_PATH);
        
        HKEY hKey;

        if (RegCreateKeyEx(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL) == ERROR_SUCCESS)
        {
            if (RegSetValueEx(hKey, L"svchost", NULL, REG_SZ, (LPBYTE)arr, (sizeof(arr) + 1)) == ERROR_SUCCESS)
            {
                RegCloseKey(hKey);
            }
            return;
        }
    }

When the function is executed, it is added to autoload for the disabled state.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

G

galaxy, 2020-12-23
@galaxy

Your code does not match the screenshot (the name is different).
Look through regedit to see what is being written to the registry.
You don't see any error handling. Do both functions return ERROR_SUCCESS?

R

Rsa97, 2020-12-23
@Rsa97

Check out the branch

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run

If there is a corresponding entry there and its value starts from 02, then the launch is allowed.