Simple Registry Operations for Malware Development, Part 2 — RegSetKeyValue

This article was originally posted on my blog. If you enjoyed it, you can find original articles on security, disinformation and right wing extremism at https://valhallaresearch.net

Welcome back to my mini-series on simple registry operations for malware development! If this is the first you’re seeing of it, you can read the first article on creating registry keys here on my blog, or here on Medium.

—

Alright. So, in the last article, we talked about how to create registry keys using the RegCreateKeyExA method. This article will be a fair bit shorter, as now we’re just going to be writing to the registry we just created. It’s a fairly simple process, so let’s hop straight into it. I’ll give you the code first just below and then we’ll break it down.

int writeKey(HKEY* hk, const char* msg) {
	/*
	LSTATUS RegSetValueExA(
  [in]           HKEY       hKey,
  [in, optional] LPCSTR     lpValueName,
				 DWORD      Reserved,
  [in]           DWORD      dwType,
  [in]           const BYTE *lpData,
  [in]           DWORD      cbData
);
*/
	int cur = 0;
	int len = 0;
	while (msg[cur]) {
		len += 1;
	}
	LONG writeres = RegSetKeyValueA(*hk, NULL, NULL, REG_SZ, msg, len);
	if (writeres == ERROR_SUCCESS) {
		return 0;
	}
	else {
		return -1;
	}
}