Solved

Hooking the start of regedit

Posted on 2000-03-17
17
321 Views
Last Modified: 2010-04-04
I would like to know how to have my delphi app sitting in the task tray to alter a value in the registry. whenever the user runs regedit. I need my app to detect when it is regedit is loading and act before it is visible.
The reason is that I dont want the user to get some information out of the registry and so when regedit is run my app will change the value so the user gets the wrong info. please help
Thanks
Smurff
0
Comment
Question by:smurff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +3
17 Comments
 
LVL 5

Expert Comment

by:TheNeil
ID: 2627635
Listening...
0
 
LVL 17

Expert Comment

by:inthe
ID: 2627681
HI
i suspect you need a  cbt_creatwnd hook for this and catch  code of  hcbt_createwnd and ask for classname of
'RegEdit_RegEdit' ..

ever wrote a hook before ?
0
 
LVL 17

Accepted Solution

by:
inthe earned 100 total points
ID: 2627726
unless you wanna do on a timer as it would take several seconds to open and find the key the person is after so you might get away with using timer.

var
h : thandle
begin
h := findwindow('RegEdit_RegEdit','Registry Editor');
if h <> 0
then
//change reg stuff
end;

i would set a global boolean first also and use that to tell your app when the reg is opened etc..so your not continuesly updating the data..

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:craig_capel
ID: 2627760
OK OK, i know this is not what u asked for, but surely you don't mind approaching it form another way?....

Your trying to stop regedit.... Add this...


procedure addsyslock(num: integer);
var
  commandtobe: string;
  reg  : TRegistry;
begin
  reg := TRegIniFile.Create( '' );
  reg.RootKey := HKEY_CURRENT_USER;
  reg.openkey('Software\Microsoft\Windows\CurrentVersion\Policies\System',true);
  {reg.erasesection('Software\Microsoft\Windows\CurrentVersion\Policies\');}
  case num of
    1: commandtobe:='DisableRegistryTools'; //Disable Shutdown
    2: commandtobe:='NoConfigPage';
    3: commandtobe:='NoFileSysPage';
    4: commandtobe:='NoVirtMemPage'; //Kill Link to CPl
    5: commandtobe:='NoDevMgrPage';
    6: commandtobe:='NoDispCPL';
  end;
  case num of
     1: reg.writeinteger(commandtobe,1);
     2: reg.writeinteger(commandtobe,1);
     3: reg.writeinteger(commandtobe,1);
     4: reg.writeinteger(commandtobe,1);
     5: reg.writeinteger(commandtobe,1);
     6: reg.writeinteger(commandtobe,1);
   end;
      //  3: reg.readinteger(commandtobe,1);
  reg.Free;
end;


begin
addsyslock(1); //This goes ones stop better, and explorer does not even allow you to run it!


end;
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2627781
yeah, almost forgot, you need to add, Registry, to your uses section at the top....

0
 
LVL 17

Expert Comment

by:inthe
ID: 2627828
hi
same but different way :

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Create a new DWORD value and name it 'RestrictRun' set the value to equal '1' for enabled or '0' for disabled.
Then define the applications the are allowed to be run at:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun].
Creating a new string value for each application, named as consecutive numbers.
Reboot the computer for the changes to take affect.
For example, the setting may look like:
                  
1      "notepad.exe"      (with value 0)
2      "regedit.exe"      (with value 0)
3       "myapp.exe"     (with value 1)

now no-one can run notead or regedit..
0
 
LVL 2

Expert Comment

by:florisb
ID: 2628246
1 april application?

following...
0
 
LVL 2

Expert Comment

by:freter
ID: 2628271
inthe and craig_capel answered the question in the best avail. way. their solutions work perfectly under both windows 9x and windows nt / 2000. hooking is a fine technique, but in this case, it is complete overkill.

btw: if you have windows nt, you should set access control to the regedit.exe and regedt32.exe files in a way that no normal user can execute these two files.

</freter>
0
 
LVL 3

Author Comment

by:smurff
ID: 2628279
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2628383
smurff, you smurff, you have not tried my method have you?... His stops all programs apart from the ones you specify.... mine just disables regedit tools from running.... (What u actually need to do)

Craig C.
0
 
LVL 3

Author Comment

by:smurff
ID: 2628400
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2628655
I will not bother to repeat what i just said... please do you see me, am i invisible?....


Craig C.
0
 
LVL 5

Expert Comment

by:TheNeil
ID: 2628663
Craig are you still there? Where are you?

The Neil =;)
0
 
LVL 3

Author Comment

by:smurff
ID: 2628859
sorry Craig but i posted it about the same time as yours and I still had my original screen. but thanks for the sarcasm, very mature!
inthe: points to you with the original findwindow. Thanks for all your help.
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2629126
smurff, that was not sarcasm..... that was the truth, you tried out inthe's code but for some pathetic reason, you did not bother with my code? i would like an explination for this....

I think this is VERY unfair.....

Craig C.
0
 
LVL 2

Expert Comment

by:craig_capel
ID: 2629140
ok i see now, that i missed a post, i am sorry for the incovience i have caused.... but even so, you tested Barry's code first.... when my code would have NOT locked you out and WOULD have stopped regedit......
0
 
LVL 3

Author Comment

by:smurff
ID: 2635327
Craig

Thanks for the reply. The w95 pc`s log on as one user only (dont ask why :) and I created a front end shell that only ran the executables that my boss wanted them to. He didnt want polices to be a factor because we want to stay seperate from the other network, (the building im in is quite large, I work for Unisys) So, in this app has a admin part with a password which ables you to run regedit. Just in case someone found my password, I wanted to know, on my PC via UDP when someone was messing about. Your code locked out regedit for all, if I wanted to run in in the admin part I would have to reboot. Im an MCSE and I know about polices.
I meant no bad feelings and thank you for your code.
Regards
Smurff
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question