How can I change a registry key from within the debugger?

Raymond Chen

Raymond

If you are using a debugger based on the Windows debugging engine, you can use the !dreg command to dump a registry key, but what if you want to modify a registry key?

I don’t know how often it happens to you, but it happens to us a lot here inside Microsoft: You are given a remote debugging connection to a process that is running on some computer to which you have no physical access. You therefore cannot just run regedit and do your registry work there. You may also be in a situation where you don’t want to run regedit because running another process would interfere with the issue you are debugging.¹

One way to set a registry key from inside the debugger is to simulate a call to the Reg­Set­Value­Ex function.

Or you can think outside the box: Use the .shell command and shell out to reg.exe.

0:001> .shell reg add hkcu\Software\Contoso /v UseWarpCore /t REG_DWORD /d 1

This assumes that the debugger was created without the -noshell option. Otherwise, you’re back to simulating the call.

¹ Usually because you are debugging some focus-related problem, and running regedit changes focus. Or, if you work in my building, because you are debugging Explorer itself and therefore cannot launch any new programs.

0 comments

Comments are closed.