Hacking Windows Registry with VB

I assume there is absolutely no need to give any primer to Visual Basic in this article. If you think there is, then probably the latter part of the text is not for you.

NOTE : This is a series of articles that I intent to write, so the functions I have used are of my comfort. There can be better or easier ways to access the Windows Registry but these are standard functions and I will use them in all the forthcoming articles. 

As we all know VB can be used to develop variety of applications at a rapid pace. It truly proves that it is a RAD tool. In this article we will look at how to tweak the information storehouse of the Windows operating system, the Registry.

Registry, apart from developers, for long has remained a taboo subject for daily users of Windows. Understandably so as mishandling it may lead to the loom of doom i.e. halting of system. The tweaks mentioned here are safe as far as I am concerned, but don’t hesitate in taking a backup before trying your hands on it. 

Although I am using VB to perform these tweaks, they can be done without the help of any language as well. Let us now see how to access the registry in VB.

The Windows Registry has a tree like structure that displays the various keys and sub keys. We can change the values of these keys to create some cool and nifty applications. To view the Windows Registry on your system, type ‘regedit’ at the ‘Run’ menu The registry will show you five main nodes and hundreds of children and grandchildren nodes. The 5 main nodes should be HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS and HKEY_CURRENT_CONFIG. I am not going in detail about what contains what, as they are self-descriptive but incase you want to know, let me know. (You will find my email id when we are through with this article, hope you know that). 

To modify the registry from our VB application, it must first know how to access it and then perform various functions such as deleting, modifying, creating new keys et al. Our first step is to define 10 CONSTANTS in a module. I prefer to define all the constants and functions to be used in a module for a number of reasons. The constants are 

Public Const HKEY_CLASSES_ROOT = &H80000000
Public Const HKEY_CURRENT_USER = &H80000001
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const HKEY_USERS = &H80000003
Public Const HKEY_CURRENT_CONFIG = &H80000005
Public Const HKEY_DYN_DATA = &H80000006
Public Const REG_SZ = 1 'Unicode null terminated string
Public Const REG_BINARY = 3 'Free form binary
Public Const REG_DWORD = 4 '32-bit number
Public Const ERROR_SUCCESS = 0&

After defining these constants, we will need to use 7 Windows API functions. 

Public Declare Function RegCloseKey Lib "advapi32.dll" _
(ByVal hKey As Long) As Long

Public Declare Function RegCreateKey Lib "advapi32.dll" _
Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey _
As String, phkResult As Long) As Long

Public Declare Function RegDeleteKey Lib "advapi32.dll" _
Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey _
As String) As Long

Public Declare Function RegDeleteValue Lib "advapi32.dll" _
Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal _
lpValueName As String) As Long

Public Declare Function RegOpenKey Lib "advapi32.dll" _
Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey _
As String, phkResult As Long) As Long

Public Declare Function RegQueryValueEx Lib "advapi32.dll" _
Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName _
As String, ByVal lpReserved As Long, lpType As Long, lpData _
As Any, lpcbData As Long) As Long

Public Declare Function RegSetValueEx Lib "advapi32.dll" _
Alias "RegSetValueExA" (ByVal hKey As Long, ByVal _
lpValueName As String, ByVal Reserved As Long, ByVal _
dwType As Long, lpData As Any, ByVal cbData As Long) As Long

Don’t get overwhelmed by the amount of code, this all can be real easy if you use the API Viewer shipped along with VB. Just search for the right functions, copy and paste it in the module. Now after we have declared all the CONSTANTS and API Functions, we will create our own subroutines and function to access and modify the registry as per our need. One thing you should know here is that a value can be a STRING, DWORD or BINARY value, so we need different ways to access and modify them.

Public Sub DeleteValue(ByVal hKey As Long, _
ByVal strPath As String, ByVal strValue As String)
Dim hCurKey As Long
Dim lRegResult As Long

lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegDeleteValue(hCurKey, strValue)
lRegResult = RegCloseKey(hCurKey)
End Sub
Public Sub DeleteKey(ByVal hKey As Long, ByVal strPath As String)
Dim lRegResult As Long
lRegResult = RegDeleteKey(hKey, strPath)
End Sub

Public Sub CreateKey(hKey As Long, strPath As String)
Dim hCurKey As Long
Dim lRegResult As Long

lRegResult = RegCreateKey(hKey, strPath, hCurKey)
If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If

lRegResult = RegCloseKey(hCurKey)

End Sub

Public Sub SaveSettingString(hKey As Long, strPath _
As String, strValue As String, strData As String)
Dim hCurKey As Long
Dim lRegResult As Long

lRegResult = RegCreateKey(hKey, strPath, hCurKey)

lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, _
ByVal strData, Len(strData))

If lRegResult <> ERROR_SUCCESS Then
'there is a problem
End If

lRegResult = RegCloseKey(hCurKey)
End Sub

Public Sub SaveSettingDWORD(ByVal hKey As Long, ByVal _
strPath As String, ByVal strValue As String, ByVal lData As Long)
Dim hCurKey As Long
Dim lRegResult As Long

lRegResult = RegCreateKey(hKey, strPath, hCurKey)
lRegResult = RegSetValueEx(hCurKey, strValue, 0&, REG_DWORD, lData, 4)

If lRegResult <> ERROR_SUCCESS Then 
'there is a problem
End If

lRegResult = RegCloseKey(hCurKey)
End Sub

Public Function GetSettingDWORD(ByVal hKey As Long, _
ByVal strPath As String, ByVal strValue As String, _
Optional Default As Long) As Long

Dim lRegResult As Long
Dim lValueType As Long
Dim lBuffer As Long
Dim lDataBufferSize As Long
Dim hCurKey As Long

'Set up default value
If Not IsEmpty(Default) Then
GetSettingDWORD = Default
Else
GetSettingDWORD = 0
End If

lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lDataBufferSize = 4 '4 bytes = 32 bits = long
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, _
lValueType, lBuffer, lDataBufferSize)

If lRegResult = ERROR_SUCCESS Then
If lValueType = REG_DWORD Then
GetSettingDWORD = lBuffer
End If
Else
'there is a problem
End If

lRegResult = RegCloseKey(hCurKey)
End Function

Public Function GetSettingString(hKey As Long, strPath As String, strValue As String, Optional Default As String) As String
Dim hCurKey As Long
Dim lResult As Long
Dim lValueType As Long
Dim strBuffer As String
Dim lDataBufferSize As Long
Dim intZeroPos As Integer
Dim lRegResult As Long

'Set up default value
If Not IsEmpty(Default) Then
GetSettingString = Default
Else
GetSettingString = ""
End If

lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, _
lValueType, ByVal 0&, lDataBufferSize)

If lRegResult = ERROR_SUCCESS Then

If lValueType = REG_SZ Then

strBuffer = String(lDataBufferSize, " ")
lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, _
ByVal strBuffer, lDataBufferSize)

intZeroPos = InStr(strBuffer, Chr$(0))
If intZeroPos > 0 Then
GetSettingString = Left$(strBuffer, intZeroPos - 1)
Else
GetSettingString = strBuffer
End If

End If

Else
'there is a problem
End If

lRegResult = RegCloseKey(hCurKey)
End Function

Using these functions we can completely access the registry. Now let us get our hand dirty and see what we can actually achieve with all these code in our armory. As mentioned earlier, knowing the right keys in the Registry helps a lot. This time we will beautify our old warhorse Internet Explorer by changing various default settings. (By the way, heard of IE in a sandbox? Well that’s IE 7 for you. More secured, stable, effective… as usual. Blah Blah Blah)

In all the 3 examples I have defined the functions in a module for global accessibility.


1. Setting IE’s Toolbar Image : 
To use an image on the IE toolbar we need to change the BackBitmapIE5 key and set its value pointing to a Bitmap image. 

Public Sub setIE_BG(IEBGPath As String)
On Error GoTo ErrHndlr
If IEBGPath <> "" Then SaveSettingString HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar", "BackBitmapIE5", IEBGPath

ErrHndlr:
‘ Do whatever you want to, just don’t tell me.
End Sub

2. Changing IE’s Caption :

To change the IE caption we need to modify the following key. IETitle is the string a sent to the sub, meant to be set as the caption.

Public Sub setIE_Title(IETitle As String)
On Error GoTo ErrHndlr
SaveSettingString HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Main", "Window Title", IETitle

ErrHndlr:
‘ Nothing new here, same suggestion.
End Sub


3. Changing IE’s Animated logo :
You guessed it right. This is animated image that you see on top right corner of IE which changes state while one is browsing the net.

Public Sub setIE_ANI(IEANIPath As String)
On Error GoTo ErrHndlr:
If IEANIPath <> "" Then
SaveSettingString HKEY_CURRENT_USER, "Software\Microsoft\Internet Explorer\Toolbar", "BrandBitmap", IEANIPath
End If

BIE_Err:
‘ What !!! You want something, nothing here except for a few errors.
End Sub


You can manually change the keys value or you can use any language to make applications. The best part about developing registry-based applications is that they are fun to make and are created in no time. Although any professional software needs to keep in mind a whole lot of thing but to begin with, this is fun.

As mentioned above I am planning to write a set of articles related to Windows registry and Win API. I would love to receive your feedbacks and queries on this article. Do tell me if you would like this series to be continued or concluded here only.

Author’s Name: B.Sunny
E-Mail: b_suny@rediffmail.com

Designation & Biography: Work as a Freelancer, creating Web Sites & Applications, Software, Multimedia presentations, Flash Games etc.