{"id":1812,"date":"2018-02-03T21:48:59","date_gmt":"2018-02-03T20:48:59","guid":{"rendered":"http:\/\/labalec.fr\/erwan\/?p=1812"},"modified":"2018-02-05T21:03:14","modified_gmt":"2018-02-05T20:03:14","slug":"nativereg","status":"publish","type":"post","link":"https:\/\/labalec.fr\/erwan\/?p=1812","title":{"rendered":"NativeReg"},"content":{"rendered":"

A native app is an app that will be launched as soon as the kernel initialization is completed.<\/p>\n

It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SessionManager\\BootExecute<\/strong>(run at every boot) or HKLM\\SYSTEM\\CurrentControlSet\\Control\\SessionManager\\setupexecute<\/strong>(run once only).<\/p>\n

A native app can only use NT API functions (ntdll.dll) and not the Windows API functions.<\/p>\n

Possible usages :
\nnativereg createkey \\Registry\\Machine\\SYSTEM\\Setup key1
\nnativereg createvalue \\Registry\\Machine\\SYSTEM\\Setup\\key1 test0 8 REG_RND_SZ
\nnativereg createvalue \\Registry\\Machine\\SYSTEM\\Setup\\key1 test1 toto REG_SZ
\nnativereg createvalue \\Registry\\Machine\\SYSTEM\\Setup\\key1 test2\u00a0112233AABBCC\u00a0REG_BINARY
\nnativereg createvalue \\Registry\\Machine\\SYSTEM\\Setup\\key1 test3\u00a0666\u00a0REG_DWORD
\nnativereg deletevalue \\Registry\\Machine\\SYSTEM\\Setup\\key1 test1
\nnativereg deletekey \\Registry\\Machine\\SYSTEM\\Setup\\key1<\/p>\n

The tool is 32 bits (a 64 bits may come later).
\nIt works on XP and up.<\/p>\n

Discussion\u00a0here<\/a>.<\/p>\n

Regards,
\nErwan<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

A native app is an app that will be launched as soon as the kernel initialization is completed. It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\\SYSTEM\\CurrentControlSet\\Control\\SessionManager\\BootExecute(run at every boot) or HKLM\\SYSTEM\\CurrentControlSet\\Control\\SessionManager\\setupexecute(run once only). A native app can only use NT API functions (ntdll.dll) and not the […]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[33,6],"class_list":["post-1812","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-native","tag-registry","category-1-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1812"}],"version-history":[{"count":2,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1812\/revisions"}],"predecessor-version":[{"id":1815,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/1812\/revisions\/1815"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}