Jump to content











Submitter

SUPPORT TOPIC File Information

  • Submitted: Feb 04 2017 11:37 PM
  • Last Updated: Feb 19 2017 04:31 PM
  • File Size: 14.24KB
  • Views: 6787
  • Downloads: 1071

Download NativeReg 0.4

- - - - -



Screenshots
A native app is an app that will be launched as soon as the kernel initialization is completed.

It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute (run at every boot) or HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\setupexecute (run once only).

A native app can only use NT API functions (ntdll.dll) and not the Windows API functions.

Possible usages :

nativereg createkey \Registry\Machine\SYSTEM\Setup key1
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test0 8 REG_RND_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test1 toto REG_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test2 112233AABBCC REG_BINARY
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test3 666 REG_DWORD
nativereg deletevalue \Registry\Machine\SYSTEM\Setup\key1 test1
nativereg deletekey \Registry\Machine\SYSTEM\Setup\key1

The tool is 32 bits (a 64 bits may come later).
It works on XP and up.


Discussion here.

Regards,
Erwan






  • 430 Total Files
  • 13 Total Categories
  • 92 Total Authors
  • 6801974 Total Downloads
  • Shell Latest File
  • Mahmoud Latest Submitter

123 user(s) are online (in the past 3000 minutes)

0 members, 123 guests, 0 anonymous users