flat assembler
Message board for the users of flat assembler.

Index > Windows > RegDeleteTree at WinXP x64

Author
Thread Post new topic Reply to topic
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Code:
include '%fasm%/win32ax.inc'
section '.code' executable
start:
        invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,'Software\a',NULL,KEY_WOW64_64KEY+KEY_ENUMERATE_SUB_KEYS,o
@@:
        invoke RegEnumKey,[o],NULL,a,MAX_PATH
        cmp eax,NULL
        jne @f
        invoke MessageBox,NULL,'',a,MB_OK
        invoke RegDeleteKeyEx,[o],a,KEY_WOW64_64KEY,NULL
        jmp @r
@@:
        invoke RegCloseKey,[o]
exit:
        invoke ExitProcess,NULL
 
        KEY_WOW64_64KEY = 0x0100
 
section '.data' readable writeable
 
        a rb MAX_PATH
        o dd NULL
 
section '.idata' import readable
 
        library advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL'
        import advapi32,RegCloseKey,'RegCloseKey',RegEnumKey,'RegEnumKeyA',RegOpenKeyEx,'RegOpenKeyExA',RegDeleteKeyEx,'RegDeleteKeyExA'
        import kernel32,ExitProcess,'ExitProcess'
        import user32,MessageBox,'MessageBoxA'    


Please, help me assembly recursive delete keys. Confused
And any good modes to work with registry, I need access to reg under 32 code application, but shwapi has some problem.

_________________
Memory=8388608
Post 07 Aug 2013, 16:54
View user's profile Send private message ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2915
Location: [RSP+8*5]
bitRAKE
On first look you are not passing address in RegOpenKeyEx - last parameter should be "ADDR o". I've not tested the code though.

_________________
¯\(°_o)/¯ unlicense.org
Post 07 Aug 2013, 17:35
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
I need delete like this:
HKEY_LOCAL_MACHINE\Software\a\New Key #1\New Key #1
HKEY_LOCAL_MACHINE\Software\a\New Key #1\New Key #2
HKEY_LOCAL_MACHINE\Software\a\New Key #2\New Key #1\New Key #1\New Key #1
Post 07 Aug 2013, 18:32
View user's profile Send private message ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2915
Location: [RSP+8*5]
bitRAKE
Did you try RegDeleteTree?

Oh, looks like WinXP doesn't have that function. On my machine it works to delete all keys under \a\*, but it does not delete the values under \a\*. Could enumerate HKEY_LOCAL_MACHINE\Software until "a" is found and then delete that key?
Code:
    invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,'Software',NULL,KEY_WOW64_64KEY+KEY_ENUMERATE_SUB_KEYS,o
@@: invoke RegEnumKey,[o],NULL,a,MAX_PATH
    cmp eax,NULL
    jne @f
    cmp word [a],'a'
    jne @B
    invoke RegDeleteKeyEx,[o],a,KEY_WOW64_64KEY,NULL
@@: invoke RegCloseKey,[o]    
...seems to work.
(Don't have WinXP64 here to test.)

_________________
¯\(°_o)/¯ unlicense.org
Post 07 Aug 2013, 18:55
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Thanks! Smile

Quote:
The subkey to be deleted must not have subkeys.

msdn.microsoft.com/en-us/library/windows/desktop/ms724847(v=vs.85).aspx
Post 07 Aug 2013, 19:42
View user's profile Send private message ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2915
Location: [RSP+8*5]
bitRAKE
How does this work?
See Below.
Very Happy

_________________
¯\(°_o)/¯ unlicense.org


Last edited by bitRAKE on 08 Aug 2013, 03:42; edited 1 time in total
Post 07 Aug 2013, 20:51
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Thank You! Smile !!!

This work! But if the key doesn't exist this tool hung up with loop Embarassed
Post 08 Aug 2013, 01:44
View user's profile Send private message ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2915
Location: [RSP+8*5]
bitRAKE
Yeah, I forgot about the index:
Code:
include 'win32ax.inc'
section '.code' executable 
start: 


    invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,_,NULL,KEY_WOW64_64KEY+KEY_ENUMERATE_SUB_KEYS,o
    lea edi,[a]
    mov al,'\'
    stosb
    xor esi,esi
@@: invoke RegEnumKey,[o],esi,edi,MAX_PATH
    inc esi
    cmp eax,NULL
    jne @f

    ; find root, string compare
    cmp word [edi],'a'
    jne @B

    call Recurse

    invoke RegDeleteKeyEx,[o],edi,KEY_WOW64_64KEY,NULL
@@: invoke RegCloseKey,[o]


exit:   invoke ExitProcess,NULL


Recurse:
    push edi esi [o]
    ;mov al,0
    or ecx,-1
    repnz scasb
    invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,_,NULL,KEY_WOW64_64KEY+KEY_ENUMERATE_SUB_KEYS,o
    mov byte[edi-1],'\'
    xor esi,esi
@@: invoke RegEnumKey,[o],esi,edi,MAX_PATH
    inc esi
    test eax,eax
    jnz @f
    call Recurse
    invoke RegDeleteKeyEx,[o],edi,KEY_WOW64_64KEY,NULL
    jmp @B
@@: invoke RegCloseKey,[o]
    mov byte[edi-1],0
    pop [o] esi edi
    retn

        KEY_WOW64_64KEY = 0x0100 
  
section '.data' readable writeable 
  
        _ db 'Software'
        a rb MAX_PATH
        o dd NULL 
  
section '.idata' import readable 
  
library advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL'
import advapi32,RegCloseKey,'RegCloseKey',RegEnumKey,'RegEnumKeyA',RegOpenKeyEx,'RegOpenKeyExA',RegDeleteKeyEx,'RegDeleteKeyExA'
import kernel32,ExitProcess,'ExitProcess'
import user32,MessageBox,'MessageBoxA'    
That was embarrassing. Embarassed

(It can be optimized, but I'll leave that to the future.)

_________________
¯\(°_o)/¯ unlicense.org
Post 08 Aug 2013, 03:41
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.