i was bored and fed up with task manager not showing me the info i needed, so i decided to play around with the windows registry to replace it by SystemInformer (also known as ProcessHacker) whenever i use win+r taskmgr or ctrl-alt-del shortcuts.
doing it in a few clicks was too easy so i went the funnier way and played with some really interesting (documented 🙏) win32 functions.
gcc main.c create_dword_value.c -o main.exe && .\main.exe then let it do the magic
in case of testing, you might want to backup your registry, even though rolling back is as easy as removing the created taskmgr.exe subkey
- opens the
HKEY_LOCAL_MACHINEregistry key - lists all subkeys within that key before modification
- creates a new subkey under
Image File Execution Options(full path :HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\) - sets the key/value pair
- again lists all subkeys within that key after modification to confirm the creation of the subkey
not much i guess, mostly fueled by boredom and i like learning new stuff whether it's useful or not at the end
main.c: core logic explained abovecreate_dword_value.c: contains helper functionscreate_dword_value.h: function declarations
RegOpenKeyEx
RegEnumKeyEx
RegQueryInfoKey
RegCreateKeyEx
RegSetValueEx
code is kind of atrocious and not really cleaned/optimized but i'm okay with it since I don't plan on working on it anymore
even though i see some ways of weaponizing it and i'd like to learn more about windows registry stuff, we'll see
enjoy (or not i will understand)