Solved

Hooking the start of regedit

Posted on 2000-03-17
17
314 Views
Last Modified: 2010-04-04
I would like to know how to have my delphi app sitting in the task tray to alter a value in the registry. whenever the user runs regedit. I need my app to detect when it is regedit is loading and act before it is visible.
The reason is that I dont want the user to get some information out of the registry and so when regedit is run my app will change the value so the user gets the wrong info. please help
Thanks
Smurff
0
Comment
Question by:smurff
  • 6
  • 4
  • 3
  • +3
17 Comments
 
LVL 5

Expert Comment

by:TheNeil
ID: 2627635
Listening...
0
 
LVL 17

Expert Comment

by:inthe
ID: 2627681
HI
i suspect you need a  cbt_creatwnd hook for this and catch  code of  hcbt_createwnd and ask for classname of
'RegEdit_RegEdit' ..

ever wrote a hook before ?
0
 
LVL 17

Accepted Solution

by:
inthe earned 100 total points
ID: 2627726
unless you wanna do on a timer as it would take several seconds to open and find the key the person is after so you might get away with using timer.

var
h : thandle
begin
h := findwindow('RegEdit_RegEdit','Registry Editor');
if h <> 0
then
//change reg stuff
end;

i would set a global boolean first also and use that to tell your app when the reg is opened etc..so your not continuesly updating the data..

0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2627760
OK OK, i know this is not what u asked for, but surely you don't mind approaching it form another way?....

Your trying to stop regedit.... Add this...


procedure addsyslock(num: integer);
var
  commandtobe: string;
  reg  : TRegistry;
begin
  reg := TRegIniFile.Create( '' );
  reg.RootKey := HKEY_CURRENT_USER;
  reg.openkey('Software\Microsoft\Windows\CurrentVersion\Policies\System',true);
  {reg.erasesection('Software\Microsoft\Windows\CurrentVersion\Policies\');}
  case num of
    1: commandtobe:='DisableRegistryTools'; //Disable Shutdown
    2: commandtobe:='NoConfigPage';
    3: commandtobe:='NoFileSysPage';
    4: commandtobe:='NoVirtMemPage'; //Kill Link to CPl
    5: commandtobe:='NoDevMgrPage';
    6: commandtobe:='NoDispCPL';
  end;
  case num of
     1: reg.writeinteger(commandtobe,1);
     2: reg.writeinteger(commandtobe,1);
     3: reg.writeinteger(commandtobe,1);
     4: reg.writeinteger(commandtobe,1);
     5: reg.writeinteger(commandtobe,1);
     6: reg.writeinteger(commandtobe,1);
   end;
      //  3: reg.readinteger(commandtobe,1);
  reg.Free;
end;


begin
addsyslock(1); //This goes ones stop better, and explorer does not even allow you to run it!


end;
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2627781
yeah, almost forgot, you need to add, Registry, to your uses section at the top....

0
 
LVL 17

Expert Comment

by:inthe
ID: 2627828
hi
same but different way :

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Create a new DWORD value and name it 'RestrictRun' set the value to equal '1' for enabled or '0' for disabled.
Then define the applications the are allowed to be run at:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun].
Creating a new string value for each application, named as consecutive numbers.
Reboot the computer for the changes to take affect.
For example, the setting may look like:
                  
1      "notepad.exe"      (with value 0)
2      "regedit.exe"      (with value 0)
3       "myapp.exe"     (with value 1)

now no-one can run notead or regedit..
0
 
LVL 2

Expert Comment

by:florisb
ID: 2628246
1 april application?

following...
0
 
LVL 2

Expert Comment

by:freter
ID: 2628271
inthe and craig_capel answered the question in the best avail. way. their solutions work perfectly under both windows 9x and windows nt / 2000. hooking is a fine technique, but in this case, it is complete overkill.

btw: if you have windows nt, you should set access control to the regedit.exe and regedt32.exe files in a way that no normal user can execute these two files.

</freter>
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 3

Author Comment

by:smurff
ID: 2628279
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2628383
smurff, you smurff, you have not tried my method have you?... His stops all programs apart from the ones you specify.... mine just disables regedit tools from running.... (What u actually need to do)

Craig C.
0
 
LVL 3

Author Comment

by:smurff
ID: 2628400
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2628655
I will not bother to repeat what i just said... please do you see me, am i invisible?....


Craig C.
0
 
LVL 5

Expert Comment

by:TheNeil
ID: 2628663
Craig are you still there? Where are you?

The Neil =;)
0
 
LVL 3

Author Comment

by:smurff
ID: 2628859
sorry Craig but i posted it about the same time as yours and I still had my original screen. but thanks for the sarcasm, very mature!
inthe: points to you with the original findwindow. Thanks for all your help.
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2629126
smurff, that was not sarcasm..... that was the truth, you tried out inthe's code but for some pathetic reason, you did not bother with my code? i would like an explination for this....

I think this is VERY unfair.....

Craig C.
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2629140
ok i see now, that i missed a post, i am sorry for the incovience i have caused.... but even so, you tested Barry's code first.... when my code would have NOT locked you out and WOULD have stopped regedit......
0
 
LVL 3

Author Comment

by:smurff
ID: 2635327
Craig

Thanks for the reply. The w95 pc`s log on as one user only (dont ask why :) and I created a front end shell that only ran the executables that my boss wanted them to. He didnt want polices to be a factor because we want to stay seperate from the other network, (the building im in is quite large, I work for Unisys) So, in this app has a admin part with a password which ables you to run regedit. Just in case someone found my password, I wanted to know, on my PC via UDP when someone was messing about. Your code locked out regedit for all, if I wanted to run in in the admin part I would have to reboot. Im an MCSE and I know about polices.
I meant no bad feelings and thank you for your code.
Regards
Smurff
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now