Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

Hooking the start of regedit

I would like to know how to have my delphi app sitting in the task tray to alter a value in the registry. whenever the user runs regedit. I need my app to detect when it is regedit is loading and act before it is visible.
The reason is that I dont want the user to get some information out of the registry and so when regedit is run my app will change the value so the user gets the wrong info. please help
Thanks
Smurff
0
smurff
Asked:
smurff
  • 6
  • 4
  • 3
  • +3
1 Solution
 
TheNeilCommented:
Listening...
0
 
intheCommented:
HI
i suspect you need a  cbt_creatwnd hook for this and catch  code of  hcbt_createwnd and ask for classname of
'RegEdit_RegEdit' ..

ever wrote a hook before ?
0
 
intheCommented:
unless you wanna do on a timer as it would take several seconds to open and find the key the person is after so you might get away with using timer.

var
h : thandle
begin
h := findwindow('RegEdit_RegEdit','Registry Editor');
if h <> 0
then
//change reg stuff
end;

i would set a global boolean first also and use that to tell your app when the reg is opened etc..so your not continuesly updating the data..

0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
craig_capelCommented:
OK OK, i know this is not what u asked for, but surely you don't mind approaching it form another way?....

Your trying to stop regedit.... Add this...


procedure addsyslock(num: integer);
var
  commandtobe: string;
  reg  : TRegistry;
begin
  reg := TRegIniFile.Create( '' );
  reg.RootKey := HKEY_CURRENT_USER;
  reg.openkey('Software\Microsoft\Windows\CurrentVersion\Policies\System',true);
  {reg.erasesection('Software\Microsoft\Windows\CurrentVersion\Policies\');}
  case num of
    1: commandtobe:='DisableRegistryTools'; //Disable Shutdown
    2: commandtobe:='NoConfigPage';
    3: commandtobe:='NoFileSysPage';
    4: commandtobe:='NoVirtMemPage'; //Kill Link to CPl
    5: commandtobe:='NoDevMgrPage';
    6: commandtobe:='NoDispCPL';
  end;
  case num of
     1: reg.writeinteger(commandtobe,1);
     2: reg.writeinteger(commandtobe,1);
     3: reg.writeinteger(commandtobe,1);
     4: reg.writeinteger(commandtobe,1);
     5: reg.writeinteger(commandtobe,1);
     6: reg.writeinteger(commandtobe,1);
   end;
      //  3: reg.readinteger(commandtobe,1);
  reg.Free;
end;


begin
addsyslock(1); //This goes ones stop better, and explorer does not even allow you to run it!


end;
0
 
craig_capelCommented:
yeah, almost forgot, you need to add, Registry, to your uses section at the top....

0
 
intheCommented:
hi
same but different way :

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Create a new DWORD value and name it 'RestrictRun' set the value to equal '1' for enabled or '0' for disabled.
Then define the applications the are allowed to be run at:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun].
Creating a new string value for each application, named as consecutive numbers.
Reboot the computer for the changes to take affect.
For example, the setting may look like:
                  
1      "notepad.exe"      (with value 0)
2      "regedit.exe"      (with value 0)
3       "myapp.exe"     (with value 1)

now no-one can run notead or regedit..
0
 
florisbCommented:
1 april application?

following...
0
 
freterCommented:
inthe and craig_capel answered the question in the best avail. way. their solutions work perfectly under both windows 9x and windows nt / 2000. hooking is a fine technique, but in this case, it is complete overkill.

btw: if you have windows nt, you should set access control to the regedit.exe and regedt32.exe files in a way that no normal user can execute these two files.

</freter>
0
 
smurffAuthor Commented:
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
craig_capelCommented:
smurff, you smurff, you have not tried my method have you?... His stops all programs apart from the ones you specify.... mine just disables regedit tools from running.... (What u actually need to do)

Craig C.
0
 
smurffAuthor Commented:
inthe: That just stopped me from executing any other app. It took me ages to edit the user.dat file in DOS :) I couldnt run regedit or nothing. I guess Ill try another angle :)
I have a keyboard hook example but not
a hcbt_createwnd example, could you supply one please. I have thought about the timer one but I dont like the idea really. haha no not a April fool app but you given me a few ideas :)
The reason is I have made my app the shell of win95, the users can only get to things such a cytrix, notepad, calc etc etc but Ive had to leave regedit there for us admin (admin only section) but incase someone uses my password and gets through I want to know. Any more help would be great please.
Thanks
Smurff
0
 
craig_capelCommented:
I will not bother to repeat what i just said... please do you see me, am i invisible?....


Craig C.
0
 
TheNeilCommented:
Craig are you still there? Where are you?

The Neil =;)
0
 
smurffAuthor Commented:
sorry Craig but i posted it about the same time as yours and I still had my original screen. but thanks for the sarcasm, very mature!
inthe: points to you with the original findwindow. Thanks for all your help.
0
 
craig_capelCommented:
smurff, that was not sarcasm..... that was the truth, you tried out inthe's code but for some pathetic reason, you did not bother with my code? i would like an explination for this....

I think this is VERY unfair.....

Craig C.
0
 
craig_capelCommented:
ok i see now, that i missed a post, i am sorry for the incovience i have caused.... but even so, you tested Barry's code first.... when my code would have NOT locked you out and WOULD have stopped regedit......
0
 
smurffAuthor Commented:
Craig

Thanks for the reply. The w95 pc`s log on as one user only (dont ask why :) and I created a front end shell that only ran the executables that my boss wanted them to. He didnt want polices to be a factor because we want to stay seperate from the other network, (the building im in is quite large, I work for Unisys) So, in this app has a admin part with a password which ables you to run regedit. Just in case someone found my password, I wanted to know, on my PC via UDP when someone was messing about. Your code locked out regedit for all, if I wanted to run in in the admin part I would have to reboot. Im an MCSE and I know about polices.
I meant no bad feelings and thank you for your code.
Regards
Smurff
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now