flat assembler
Message board for the users of flat assembler.

Index > Windows > Reading a REG_DWORD from the registry..

Author
Thread Post new topic Reply to topic
jochenvnltn



Joined: 15 Jul 2011
Posts: 96
jochenvnltn 19 Dec 2016, 15:48
Hello Everyone.

Im writing a program that takes various settings from the registry and printing them to the screen.
ATM i seem to have problems with reading a REG_DWORD from the registry. (normal string works)

The code below works, but i can't seem to understand why its returning the wrong result.
Maybe some of you here can spot the error ?

Code:
include "win32ax.inc"

  lpSubKey             db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',0;
  lpValueName          db 'ConsentPromptBehaviorAdmin',0

  MainStr              db "The value is %d",0
  buf                  rb  256
  lpcbData             rb 1024

  lpType               dd REG_DWORD
  lpData               dd ?
  pKey                 dd ?

start:

  invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, lpSubKey, 0, KEY_READ, pKey;
  cmp eax,ERROR_SUCCESS
  jne finish

  invoke RegQueryValueEx,[pKey],lpValueName,0,lpType,lpData,lpcbData
  invoke RegCloseKey,[pKey]

  cinvoke wsprintf,buf,MainStr,lpData

  invoke MessageBox,0,buf,lpSubKey,MB_OK; a MessageBox for now ..

finish:
  invoke ExitProcess,0
.end start
    
Post 19 Dec 2016, 15:48
View user's profile Send private message MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 19 Dec 2016, 15:57
Firstly, your data buffer is only 4 bytes long so you might consider putting lpcbData as only 4 to match, or alternatively define lpData as "lpData rb 1024"

Secondly, when you print the value with wsprintf you are in fact printing the address of lpData, not the contents. Try using "cinvoke wsprintf,buf,MainStr,[lpData]"
Post 19 Dec 2016, 15:57
View user's profile Send private message Visit poster's website Reply with quote
jochenvnltn



Joined: 15 Jul 2011
Posts: 96
jochenvnltn 19 Dec 2016, 16:05
revolution wrote:
Firstly, your data buffer is only 4 bytes long so you might consider putting lpcbData as only 4 to match, or alternatively define lpData as "lpData rb 1024"

Secondly, when you print the value with wsprintf you are in fact printing the address of lpData, not the contents. Try using "cinvoke wsprintf,buf,MainStr,[lpData]"



With:
lpcbData rb 4
cinvoke wsprintf,buf,MainStr,[lpData]

The return value = 0

With:
lpData rb 1024
lpcbData rb 4
cinvoke wsprintf,buf,MainStr,lpData

Im getting the wrong value again .. Sad
Post 19 Dec 2016, 16:05
View user's profile Send private message MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 19 Dec 2016, 16:19
lpcbData must define the length, so you have to use an initialised value. "lpcbData dd 4". dd not rb
Post 19 Dec 2016, 16:19
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 19 Dec 2016, 16:20
Note that you don't get to define the lpType, it comes from the registry. So "lpType dd ?" is all that is needed for reading values. The API fills in the type.
Post 19 Dec 2016, 16:20
View user's profile Send private message Visit poster's website Reply with quote
jochenvnltn



Joined: 15 Jul 2011
Posts: 96
jochenvnltn 19 Dec 2016, 16:32
revolution wrote:
Note that you don't get to define the lpType, it comes from the registry. So "lpType dd ?" is all that is needed for reading values. The API fills in the type.


Works now !! Thanks Revolution!!

Code:
include "win32ax.inc"

  lpSubKey             db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System',0;
  lpValueName          db 'ConsentPromptBehaviorAdmin',0

  MainStr              db "The value is %d",0
  buf                  rb  256
  lpcbData             dd  4

  lpType               dd ?
  lpData               dd ?
  pKey                 dd ?

start:

  invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE, lpSubKey, 0, KEY_READ, pKey;
  cmp eax,0
  jne finish

  invoke RegQueryValueEx,[pKey],lpValueName,0,lpType,lpData,lpcbData
  invoke RegCloseKey,[pKey]

  cinvoke wsprintf,buf,MainStr,[lpData]

  invoke MessageBox,0,buf,lpSubKey,MB_OK; a MessageBox for now ..

finish:
  invoke ExitProcess,0
.end start

    
Post 19 Dec 2016, 16:32
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.