Windows API (Intro)

File used -> 12-WinApi-Reg.c, 12-WinApi-Reg.exe

This is just an introduction to Win API, therefore everything is not discussed in detail. For sake of this part we will focus on how to look at the code and details of Windows API and internals will be covered in the next part of the series.

Lets continue (code compiled in Linux using mingw) →

Here we have two function calls CreateRegistryKey and writeStringInRegistry. Lets look into them.

1. CreateRegistryKey

By reading the function name itself, we can understand what is happening. But lets overlook it and understand the working of this function by looking inside it.

Now the first thing that we see, RegCreateKeyExA, which is a Windows API. And a parameter was passed to this function which is ‘onePiece’, via rdx register and just after prologue it is moved to lpSubKey.

Lets look at its documentation.

RegCreateKeyExA function (winreg.h) - Win32 appsdocsmsft

It says this function is used to → ‘Creates the specified registry key. If the key already exists, the function opens it. Note that key names are not case sensitive’

If we see the syntax of RegCreateKeyExA (in above image), we can see what all parameters were passed.

hKey → A handle to an open registry key.

lpSubKey → The name of a subkey that this function opens or creates.

And now we can understand that since lpSubKey is onePiece, it will be opened or created if not exists.

Moving back to main.

Here after CreateRegistryKey function is executed, then we have →

Here 3 parameters can be seen, ‘Gum-Gum Bazoooooka’, ‘Luffy’, ‘onePiece’ .

And we know onePiece is the subkey inside the registry.

Moving to next function, writeStringsInRegistry.

1. In 1st highlighted area, we can see the argument being saved as hkey, lpSubKey (onePiece), lpValueName (Luffy), lpString (Gum-Gum Bazoooooka).

2. In 2nd highlight block, we see call to RegOpenKeyExA. Again on checking on documentation, we will know that it used to open registry key. And in the syntax we can see what all parameters are passed.

3. In 3rd highlighted block, we have RegSetValueExA. On checking with MSDN documentation we will come to know that it is used to ‘Sets the data for the default or unnamed value of a specified registry key’

With all this info, we can understand what is happening. A registry key is created an values are set to it.

This can be confirmed with this →

Lets look at the source code →