Jump to content
  • Advertisement
Sign in to follow this  
VeryBoringNickName

Executing programs before the shell comes up?

This topic is 4553 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Some programs, especially common with defragmenters, start themselves up, even before windows is full loaded. One example is this program, which defragments the page file: http://www.sysinternals.com/Utilities/PageDefrag.html If you start it, chose the option "defragment at next boot", and then reboot, you will very much see what I mean. So, my question is: How to do something like that too?

Share this post


Link to post
Share on other sites
Advertisement
The shell for a console will always come up, however, for a windows program, if you don't make a window, you get no window. So, put your program in the registry so that windows loads it up first and executes it.

Share this post


Link to post
Share on other sites
Here are a few links that might help.

STARTUP PROGRAM LOADING
Windows Program Automatic Startup Locations
Launching an Application on Windows Startup

Looking over pagedfrg.exe in a pe file hacking tool reveals that a device driver (pagedfrg.sys) and a system service exe (pgdfgsvc.exe) are stored in the resource section of that utility. Either of those files could accomplish the task.

Using Regmon to monitor the registry activity of pagedfrg.exe after selecting the "defrag at next boot" option reveals the following activities:

143 304.01150513 pagedfrg.exe:1472 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"
144 304.01153564 pagedfrg.exe:1472 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"

155 320.61981201 pagedfrg.exe:1472 SetValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"

So it appears that

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

is the registry key to focus on - plug that key into google web and google groups and start reading. YMMV.

Share this post


Link to post
Share on other sites
Thanks.

Googling gave me these links:

http://www.sysinternals.com/Information/NativeApplications.html
http://www.sysinternals.com/Information/NativeApi.html

It seems only "native" apps can be executed with bootexecute (and no, win32 isn't native).

Interesting.

Share this post


Link to post
Share on other sites
Quote:
Original post by LessBread
Here are a few links that might help.

STARTUP PROGRAM LOADING
Windows Program Automatic Startup Locations
Launching an Application on Windows Startup

Looking over pagedfrg.exe in a pe file hacking tool reveals that a device driver (pagedfrg.sys) and a system service exe (pgdfgsvc.exe) are stored in the resource section of that utility. Either of those files could accomplish the task.

Using Regmon to monitor the registry activity of pagedfrg.exe after selecting the "defrag at next boot" option reveals the following activities:

143 304.01150513 pagedfrg.exe:1472 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"
144 304.01153564 pagedfrg.exe:1472 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"

155 320.61981201 pagedfrg.exe:1472 SetValue HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute SUCCESS "autocheck autochk *"

So it appears that

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

is the registry key to focus on - plug that key into google web and google groups and start reading. YMMV.


I'm on Windows XP (no SP packages, crash my system for some reason), and have not installed that software, but I'm not finding a BootExecute folder anywhere in the Control folder. Either it's installed with the program and launched by something else, or an update from Windows I haven't gotten. Just my little heads up.

Share this post


Link to post
Share on other sites
It's not a folder, it's a key in

HKLM\System\CurrentControlSet\Control\Session Manager

The entry type is REG_MULTI_SZ. After selecting the "run at next boot" option from pagedfrg the value of this entry is

autocheck autochk *
pgdfgsvc C 1 -o

which tells me that the application invoked at boot is the service app stored in the resource section of pagedfrg.exe. This machine is running XP sp2.

@VeryBoringNickName - check out google groups too.

Share this post


Link to post
Share on other sites
Quote:
Original post by LessBread
It's not a folder, it's a key in

HKLM\System\CurrentControlSet\Control\Session Manager

The entry type is REG_MULTI_SZ. After selecting the "run at next boot" option from pagedfrg the value of this entry is

autocheck autochk *
pgdfgsvc C 1 -o

which tells me that the application invoked at boot is the service app stored in the resource section of pagedfrg.exe. This machine is running XP sp2.

@VeryBoringNickName - check out google groups too.


I feel stupid, forgot that if it's a file there's no slash at the end... It's just that you said "in," so I expected a folder. Thanks for the clarification.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!