September 8th, 2016

How can I change a registry key from within the debugger?

If you are using a debugger based on the Windows debugging engine, you can use the !dreg command to dump a registry key, but what if you want to modify a registry key?

I don’t know how often it happens to you, but it happens to us a lot here inside Microsoft: You are given a remote debugging connection to a process that is running on some computer to which you have no physical access. You therefore cannot just run regedit and do your registry work there. You may also be in a situation where you don’t want to run regedit because running another process would interfere with the issue you are debugging.¹

One way to set a registry key from inside the debugger is to simulate a call to the Reg­Set­Value­Ex function.

Or you can think outside the box: Use the .shell command and shell out to reg.exe.

0:001> .shell reg add hkcu\Software\Contoso /v UseWarpCore /t REG_DWORD /d 1

This assumes that the debugger was created without the -noshell option. Otherwise, you’re back to simulating the call.

¹ Usually because you are debugging some focus-related problem, and running regedit changes focus. Or, if you work in my building, because you are debugging Explorer itself and therefore cannot launch any new programs.

Topics
Other

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.