flat assembler
Message board for the users of flat assembler.
Index
> Windows > [SOLVED] Problem with RegQueryValueEx |
Author |
|
upsurt 03 Dec 2014, 23:42
Another test gives a better result, but still wrong. And I think it is NOT to way to do it.
>> lpFmt db lpcbData dup ('[%hs]',0,0) Code: include "win32ax.inc" .data lpSubKey db 'SOFTWARE\VMware, Inc.\Installer\VMware Workstation',0 lpValueName db 'uninstaller',0 phkResult dd ? lpType dd REG_SZ lpData db ? lpcbData dd $ - lpData lpFmt db lpcbData dup ('[%hs]',0,0) lpOut db ? ;MAX_PATH dup(0) NULL equ 0 KEY_WOW64_64KEY equ 0x0100 KEY_WOW64_32KEY equ 0x0200 ;winerror.h ERROR_SUCCESS equ 0 ERROR_FILE_NOT_FOUND equ 2 ERROR_ACCESS_DENIED equ 5 ERROR_INVALID_HANDLE equ 6 ERROR_MORE_DATA equ 234 .code start: invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpSubKey,0,KEY_QUERY_VALUE+KEY_WOW64_32KEY,phkResult cmp eax,ERROR_SUCCESS jne finish invoke RegQueryValueEx,[phkResult],lpValueName,0,NULL,lpType,lpData,lpcbData cmp eax,ERROR_SUCCESS jne close_key invoke wsprintf,lpOut,lpFmt,lpData invoke MessageBox,0,lpOut,lpSubKey,MB_OK close_key: invoke RegCloseKey,[phkResult] finish: invoke ExitProcess,0 .end start
|
||||||||||
03 Dec 2014, 23:42 |
|
revolution 04 Dec 2014, 00:42
Your buffers are only one byte in length. You will need to make them longer.
Code: lpData rb 1024 ;make enough space to store the result ;... lpOut rb 1024 ;reserve space for the formatted output |
|||
04 Dec 2014, 00:42 |
|
upsurt 04 Dec 2014, 08:36
Thank you.
But now I get only an '-' back. (And with a different lpValueName I may get different char) In OllyDbg it shows me 'C:\P- am Files (x86)\VMware\VMware Player\'
Last edited by upsurt on 04 Dec 2014, 08:41; edited 1 time in total |
||||||||||
04 Dec 2014, 08:36 |
|
revolution 04 Dec 2014, 08:41
Yup, looks like you are overwriting the output buffer with the DWORD 0x0000002d (45 decimal). So I expect your pointer to the result_length is within the result_string buffer.
|
|||
04 Dec 2014, 08:41 |
|
revolution 04 Dec 2014, 08:44
My guess is that your buffer is only 4 bytes in length and your length pointer comes immediately after that. But you have placed a larger value in the length than 4 so you tried to cheat the system by faking the buffer length. Amirite?
|
|||
04 Dec 2014, 08:44 |
|
upsurt 04 Dec 2014, 09:44
It looks like you're right, 0040103D points to '-'. But I don't get why?
|
|||
04 Dec 2014, 09:44 |
|
revolution 04 Dec 2014, 12:27
Show your code.
|
|||
04 Dec 2014, 12:27 |
|
upsurt 04 Dec 2014, 12:44
Thank you very much, revolution!
Code: LONG WINAPI RegQueryValueEx( _In_ HKEY hKey, _In_opt_ LPCTSTR lpValueName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPDWORD lpType, _Out_opt_ LPBYTE lpData, _Inout_opt_ LPDWORD lpcbData ); WRONG invoke RegQueryValueEx,[phkResult],lpValueName,0,NULL,lpType,lpData,lpcbData CORRECT invoke RegQueryValueEx,[phkResult],lpValueName,0,lpType,lpData,lpcbData Somehow I added 'lpReserved' twice (once as 0 and second time as NULL) and didn't notice. |
|||
04 Dec 2014, 12:44 |
|
upsurt 04 Dec 2014, 12:56
Here the working sample
Code: include "win32ax.inc" .data lpSubKey db 'SOFTWARE\VMware, Inc.\VMware Workstation',0 lpValueName db 'InstallPath',0 phkResult dd ? lpType dd REG_SZ lpData rb 1024 lpcbData dd $ - lpData KEY_WOW64_64KEY equ 0x0100 KEY_WOW64_32KEY equ 0x0200 ;winerror.h ERROR_SUCCESS equ 0 ERROR_FILE_NOT_FOUND equ 2 ERROR_ACCESS_DENIED equ 5 ERROR_INVALID_HANDLE equ 6 ERROR_MORE_DATA equ 234 .code start: invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpSubKey,0,KEY_QUERY_VALUE+KEY_WOW64_32KEY,phkResult cmp eax,ERROR_SUCCESS jne finish invoke RegQueryValueEx,[phkResult],lpValueName,0,lpType,lpData,lpcbData cmp eax,ERROR_SUCCESS jne close_key invoke MessageBox,0,lpData,lpSubKey,MB_OK close_key: invoke RegCloseKey,[phkResult] finish: invoke ExitProcess,0 .end start revolution, I really appreciate your patience and your support |
|||
04 Dec 2014, 12:56 |
|
revolution 04 Dec 2014, 14:33
upsurt wrote: Somehow I added 'lpReserved' twice (once as 0 and second time as NULL) and didn't notice. |
|||
04 Dec 2014, 14:33 |
|
upsurt 04 Dec 2014, 15:15
haha nice I was wondering what win32axp is good for ... now I know
I expected it has something to do with the args passed to a console application. thanks again |
|||
04 Dec 2014, 15:15 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.