0

I have done my Native program for Windows.

( which, I've compiled with #pragma comment(linker, "/SUBSYSTEM:NATIVE")).

I want to add my program to auto-executing list, how can I do it?

My exact questions are:

1). How can I do it in Windows Registry ( I have googled about BootExecute/SetupExecute table, but Setup is empty and BootExecute has only: *autocheck autochk ** ). So I was confused of empty tables ( cause , if it's empty, where are another auto-exec programs in Windows, which ntdll.dll does load ? )

2). Does it matter what is the version of the executable program: for 32/64 bits system?

I have put it in %windir%\system32, but there is also %windir%\WOW64 folder.

Should I highlight this detail in Registry or Windows loads each driver from both folders and just simply highlight them as *32 or 64 bits program in taskmgr?

3). Are there any other ways to do that?

Cœur
  • 37,241
  • 25
  • 195
  • 267
  • I've never heard of anybody wanting to BootExecute a program before. What is your purpose for this? – Gabe Apr 15 '12 at 18:29
  • 2
    @Gabe native-windows development on ntdll.dll level, Win32 is just one of the modules, which ntdll loads, google it! http://technet.microsoft.com/en-us/sysinternals/bb897447 or http://hex.pp.ua/nt-native-applications-shell-eng.php –  Apr 15 '12 at 18:32
  • 1
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager –  Apr 15 '12 at 18:34
  • I know what `BootExecute` is, but I doubt that's what you want, so I'm asking why you are trying to put your program in the BootExecute list. – Gabe Apr 15 '12 at 18:40
  • 1
    @Gabe to make my NATIVE program be auto-executing in Windows –  Apr 15 '12 at 18:46
  • 1
    @Gabe I have asked maybe not twice, but more times this question "how to make it auto-exec", you shoudn't care what my program do. It doesn't make sence. If you don't know please surf another topics. –  Apr 15 '12 at 19:04
  • I'm asking because you say "if it's empty, where are another auto-exec programs in Windows". Since Windows doesn't come with other BootExecute programs, it makes me think that you misunderstand what BootExecute is for. I want to make sure I'm answering the right question before I give the answer. – Gabe Apr 15 '12 at 19:11
  • [This famous utility](http://technet.microsoft.com/it-it/sysinternals/bb963902) from Microsoft scans every possible place where AUTORUNS programs reside. Looking at the various places I'm sure you could find the right spot (I.E. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ) – Steve Apr 15 '12 at 19:12
  • @Steve it's for Win32 programs, not at earlier bootable programs as scandisk etc, which are loading earlier in NT. –  Apr 15 '12 at 19:20
  • @Gabe yes, I'm new to this theme. Cause I'm only has made simple Native program with Hello World, and just want to see, how it's autoexecuting in Windows and look at this in taskmgr with SYSTEM option. Sorry for my rude words. –  Apr 15 '12 at 19:21
  • @magesi: If you run your program with BootExecute, it will have exited by the time you are able to run taskmgr. – Gabe Apr 15 '12 at 19:36
  • @Gabe so, what I suppose to do? Please help me! thank you –  Apr 15 '12 at 19:41

1 Answers1

2

1) You need to place it to BootExecute registry value. It's a multi-string value, and you need to keep whatever strings are already there (normally only "autocheck autochk *") and just append your program name with no extension.

2) You should compile 32 bit binary for 32 bit OS, and 64 bit binary for 64 bit OS. Binary should be placed into %windir%\system32

3) That's the only way as far as I know

PS - for an example install any file system or registry defragmenter that has Boot Defrag feature, enable it, and see how it modifies BootExecute.

Isso
  • 1,285
  • 11
  • 23
  • I have tried to add, but no success :( I add just a name of program on the second line from "autocheck autochk *" - didn't work, also just with space - didn't work too! Trying with full path to program or just the name without extenstion. All variants don't work :( –  Apr 16 '12 at 03:51
  • It means that most likely the program is compiled incorrectly. Make sure that it links to no other library other than ntdll.dll (use Depends viewer to check it), also that it matches the OS architecture (32/64 bit). – Isso Apr 16 '12 at 04:12
  • Also you need to make sure to specify #pragma comment(linker,"/BASE:0x00010000"), #pragma comment(linker, "/ENTRY:your_entry_function_name"), disable Buffer Security Check (/GS-) – Isso Apr 16 '12 at 04:12
  • Also: your entry function should have the following prototype: extern "C" void __stdcall your_entry_function_name(void* Argument) – Isso Apr 16 '12 at 04:15