Hi,
a little questions. How can i hook a registry call from an exe in windows? Or the hole callings from an exe in windows (Enviroment Variables, Registry ADD/DEL/* and so on ...).
I want to change this hooks from any exe in windows, to my own needs.
@Michael-F-Bryan thx for your answer. I think redhook can i not use he has no win32api crate dependencys. I was hopening that it gives a crate like Microsoft Research Detours Package.
I wanto to code a prgs as an example that works in the background and when a exe starts it log all registry operations.
At the moment i want to use other programs like sysinternal to fetch enviroment-var and registry calls, but i need the possibility to make an temporary registry call.
I call an exe from an rust code and the exe call to the registry will be only delivered from my rust code, so that the original windows registry don't will be touch.
While the solution from Joshua will work for this particular application, it might not work for others (f.e. where the registry path is constructed in code or when the application is signed).
Therefore, I would suggest using DLL injection and intercept calls to RegOpenKey(Ex) , RegCreateKey(Ex) , etc. That way, you can fiddle with the registry path before passing the call down to the real Windows Advapi32.dll .
@AurevoirXavier yes thx a good explanation for hooking in rust. I have some questions.
You have written Libs and i must use your methods for an special thing when i want to hook messageboxes or are this only examples for messageboxes.
Umm the winapi the last contact i have was on win95/98 and the api is ugly today as is is:). every c/c++ has wrapper libs;).
I have a little bit debugged and it's a flashback;). At the moment i cannot find RegEx but opengl calls for the registry.
My program that i want to hook and overwrite are an Unity/3D-Game that don't use Enviroment-Vars (Unity has a special command to determine LocalLow) but it uses Registry-Entrys:
Search the active Profile and snag the Value for the Profile C:\Users\cyber and then he put manually Appdata/LocalLow at the string. I think so. When i change ProfileImagePath he save in the new changed location.
Why can the UnityEnginge not go the normal way about Enviroment-Variables;).
Do you have a little code how i can hook all RegOpenKeyExW and print the values and change the values in RunTime so that the Unity-Prgs became another Value back not the real from the registry?
Sry, I’ve no experience in that. But I could show you some ways to make a hook with rust. If your target is a 32-bit process just use asm! macro to make a inline detour. For 64-bit process you have to do it manually with some ‘disasm’ code. Or you can use a detour library, detour-rs. Here’s a example for d3d hook(64-bit vmt inline hook), that I could change every frame’s rendering. dauntless-helper/rust-ver at master · AurevoirXavier/dauntless-helper · GitHub