How can I change a registry key from within the debugger?


If you are using a debugger based on the Windows debugging engine, you can use the !dreg command to dump a registry key, but what if you want to modify a registry key?

I don't know how often it happens to you, but it happens to us a lot here inside Microsoft: You are given a remote debugging connection to a process that is running on some computer to which you have no physical access. You therefore cannot just run regedit and do your registry work there. You may also be in a situation where you don't want to run regedit because running another process would interfere with the issue you are debugging.¹

One way to set a registry key from inside the debugger is to simulate a call to the Reg­Set­Value­Ex function.

Or you can think outside the box: Use the .shell command and shell out to reg.exe.

0:001> .shell reg add hkcu\Software\Contoso /v UseWarpCore /t REG_DWORD /d 1

This assumes that the debugger was created without the -noshell option. Otherwise, you're back to simulating the call.

¹ Usually because you are debugging some focus-related problem, and running regedit changes focus. Or, if you work in my building, because you are debugging Explorer itself and therefore cannot launch any new programs.

Comments (19)
  1. Paul says:

    What about using the Connect Network Registry feature in Regedit?

    1. That requires admin privileges on the machine being debugged, which is often not available (or would take time to obtain).

  2. skSdnW says:

    Do you have any tips for debugging Explorer? You can enable multi-process on systems that support it if you are working on the file explorer part and on older systems you could force early shell extension unloading. For deskbands etc. things are not so simple. I tend to open cmd.exe and Process Explorer before I begin but sometimes pressing Alt+Tab locks everything up (only if you use WinDbg?) and the only solution is Ctrl+Alt+Del and logging off.

    1. Nick says:

      Alt+Esc is still helpful here: it doesn’t have a UI that has to render (like Alt+Tab does).

      1. skSdnW says:

        The problem is that you (at least in my case) are fighting muscle memory. On Windows 8 doing something that breaks into the debugger while on the start screen is also the death of that logon session.

        1. Nick says:

          I know those feelings! I launched Cortana a lot trying to get to the Charms after Windows 10 came out. I think I finally stopped doing that… just as they changed the keyboard shortcut for Cortana.

  3. henke37 says:

    Or you could try the remote registry feature that won’t create any new windows on the remote computer. Should be just as invasive as shelling out to reg.exe

  4. sense says:

    >Or, if you work in my building, because you are debugging Explorer itself and therefore cannot launch any new programs.
    You can use task manager to run something. And you can use Ctrl+Alt+Del to run task manager.

    1. MikeF says:

      Thank you. However, I am certain Raymond is aware of this option. The key word is remote, as in remote debugging session.

  5. Azarien says:

    “You are given a remote debugging connection to a process that is running on some computer to which you have no physical access.” – this is where Remote Desktop is very helpful. And one reason why Home editions suck.

    1. You don’t have remote desktop access either, because that would require them to give you their password.

      1. SimonRev says:

        Does this mean that they are permitting unauthenticated debugging on that machine? Otherwise how do you connect to the remote debugger without any authentication?

        1. You grant permission to connect to the remote debugger to the Windows development team. That way, any developer can connect to debug your system. There is a degree of trust that no Windows developer is going to connect to your machine maliciously. We try not to hire those types of people.

          1. smf says:

            “We try not to hire those types of people.”

            How?

          2. ErikF says:

            My guess is that they try not to hire those types of people the same way that every other company does: criminal background checks and reference checks, as well as the interview process itself.

      2. Ben Voigt (Visual Studio and Development Technologies MVP with C++ focus) says:

        Does a debugger with .shell support lack anything needed to either (1) create a remote assistance request, allowing Remote Desktop without knowing the Windows login password, or (2) download and run VNC, potentially specifying a reverse connection back to your listening VNC client, or (3) start videochat-of-your-choice with screen sharing and remote control enabled.

        1. Of course, all of those things would disrupt the debugging session if you’re trying to debug a UI issue.

  6. Killer{R} says:

    /*Or, if you work in my building, because you are debugging Explorer itself and therefore cannot launch any new programs.*/
    Hint: ‘Desktops’ utility is great helper for debugging Explorer.

    1. “Yeah, I’m not going to debug this issue that you ran into because you need to install this random tool first.”

Comments are closed.

Skip to main content