flat assembler
Message board for the users of flat assembler.

Index > Windows > RegOpenKeyEx

Author
Thread Post new topic Reply to topic
Hutley



Joined: 12 Feb 2006
Posts: 6
Hutley
Look the code:
Code:
        invoke  RegOpenKeyEx,\
                HKEY_LOCAL_MACHINE,\
                subkey_,\
                0,\
                KEY_WRITE,\
                keyresult

        invoke  RegSetValueEx,\
                HKEY_LOCAL_MACHINE,\
                name_,\
                0,\
                REG_SZ,\
                windir,\
                windir_size   
    


When i use the RegOpenKey, and later i go use the RegSetValueEx, the variable name_ is erased, this made when the RegOpenKey is executed. I see this using the OllyDBG.
Please, how i resolve this? Sad
Post 13 Mar 2006, 02:03
View user's profile Send private message Reply with quote
AsmER



Joined: 25 Mar 2006
Posts: 64
Location: England
AsmER
Hi Hutley,

The problem is that you sending wrong value to RegSetValueEx.
You must call it like follows:

Code:
invoke  RegSetValueEx, [keyresult], name_, 0, REG_SZ, windir, windir_size      


and this should work. if not, tell me - and if possible I'd like to see your code to check that correct variables are send to the function.
[if you are familiar with MASM syntax you can read somethig about registry on masm forum, I anwsered somebody else on few questions about reg.:
http://www.masmforum.com/simple/index.php?PHPSESSID=868890d6653ac1780abf6efa35375426&topic=4159.0]

Regards, AsmER

_________________
;\\ http://theasmer.spaces.live.com \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Post 03 Apr 2006, 20:44
View user's profile Send private message Reply with quote
roxaz



Joined: 27 Jul 2008
Posts: 25
roxaz
it seems im stuck with RegOpenKeyEx.. Problem is that key is not opened. error code is 2 (directory not found).
Code:
regKey              db 'SOFTWARE\MyKey\',0  

proc RegSetIntVal
     result = 4
     key    = 0Ch
     val    = 10h

     ;Stack layout:
     ;val
     ;key
     ;ret
     ;result
     ;ebx

     sub esp, 4
     push ebx
     mov ebx, esp

     lea eax, [ebx+result]
     invoke [RegOpenKeyEx] HKEY_LOCAL_MACHINE, regKey, 0, KEY_ALL_ACCESS, eax  
     ...
endp
    

it would seem that it is missing what i am looking for, however this works perfectly:
Code:
    HKEY res;
   int ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\LeechMod\\", 0, KEY_ALL_ACCESS, &res);    


i dont rly get what is the difference between those two samples except programming language and environment they run in. asm code is being run from a dll hook, invoked when app initializes GUI, c++ sample is just an exe, however i dont think it matters... any ideas folks?
Post 01 Jan 2009, 13:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17662
Location: In your JS exploiting you and your system
revolution
Maybe the error code is true and "SOFTWARE\MyKey\" doesn't exist.
Post 01 Jan 2009, 13:32
View user's profile Send private message Visit poster's website Reply with quote
roxaz



Joined: 27 Jul 2008
Posts: 25
roxaz
if so, how could c++ app actualy open it?
Post 01 Jan 2009, 14:10
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17662
Location: In your JS exploiting you and your system
revolution
This line looks wrong to me:
Code:
invoke [RegOpenKeyEx] HKEY_LOCAL_MACHINE, regKey, 0, KEY_ALL_ACCESS, eax    


This would look a lot better I think:
Code:
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE, regKey, 0, KEY_ALL_ACCESS, eax    
Post 01 Jan 2009, 14:13
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17662
Location: In your JS exploiting you and your system
revolution
Note this from the Win32 docs: "RegOpenKeyEx function does not create the specified key if the key does not exist in the registry."

Also your two samples open different keys!
Post 01 Jan 2009, 14:17
View user's profile Send private message Visit poster's website Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
revolution wrote:
RegOpenKeyEx function does not create the specified key if the key does not exist in the registry

Exactly right.

You have to use RegCreateKeyEx to create the key, which takes nine parameters, before you can open the key.

The parameters for RegCreateKeyEX are:

1. The root key, i.e. HKEY_CURRENT_USER
2. The subkey, i.e. SOFTWARE/MyKey
3. Must be 0 (zero)
4. NULL works well
5. REG_OPTION_NON_VOLATILE is best
6. The security access type, i.e. KEY_ALL_ACCESS
7. The security attribute, NULL works here
8. A pointer to the key handle, i.e. &hKey
9. A long pointer to a DWORD, i.e. lpdwDisp

Code:
HKEY hKey;
       DWORD dwDisp = 0;
       LPDWORD lpdwDisp = &dwDisp;
       CString Hutleys_strExampleKey = "SOFTWARE\\MyKey";

       LONG iSuccess = RegCreateKeyEx( HKEY_CURRENT_USER, Hutleys_strExampleKey, 0L,NULL, 
REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey,lpdwDisp);

       if(iSuccess == ERROR_SUCCESS)
       {
            RegCloseKey(hKey);
       }

    

Sorry for the C example, but my assembly skills aren't sufficient for me to provide an example in assembly. I look forward to seeing the assembly version!
Post 02 Jan 2009, 04:54
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.