flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
f0dder 18 Nov 2009, 16:58
you need to define your "lpData" variable as a buffer big enough to hold the output string (and you should then rename it "data" or "buffer", since it's not going to be a "long pointer to data"), and lpcbData needs to hold the size of your buffer.
|
|||
![]() |
|
semiono 18 Nov 2009, 18:10
pData db 2048 dup (?)
pcbData db 2048 dup (?) or addr pData ? |
|||
![]() |
|
SFeLi 18 Nov 2009, 18:15
Also, there is an extra comma in the MessageBox call. And maybe you need to open a key before closing it? And maybe you’re even closing it incorrectly? lpType = KEY_READ: and maybe you need to… RTFM?
|
|||
![]() |
|
semiono 18 Nov 2009, 18:56
i found for masm32 example
http://freetek.netfirms.com/ASM/RegQueryValueEx.html i try: Code: include '%fasm%\win32ax.inc' entry start data import library Advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL' import Advapi32,RegQueryValueExA,'RegQueryValueExA',RegCloseKey,'RegCloseKey',RegOpenKeyExA,'RegOpenKeyExA' import user32,MessageBox,'MessageBoxA' import kernel32,ExitProcess,'ExitProcess' end data ;section '.code' code readable writeable executable start: invoke RegOpenKeyExA,HKEY_LOCAL_MACHINE,addr RegSubKey,0,KEY_READ,addr hSubKey invoke RegQueryValueExA,hSubKey,addr RegValue,NULL,addr RegType,addr RegBuffer, addr RegSize invoke MessageBox,NULL,RegBuffer,RegBuffer,,MB_OK invoke RegCloseKey,hSubKey exit: invoke ExitProcess,0 ;section '.data' data readable writeable executable RegSubKey db "SOFTWARE\Microsoft\Windows\CurrentVersion",0 RegValue db "ProductId",0 RegBuffer db 256 dup(?) RegSize dd 256 ;section '.idata' data readable writeable executable RegType dw ? hSubKey dd 0x40000 ; HINSTANCE = 0x40000 don't shown "55274-640-8935532-23075" ![]() what the problem? what is ' HINSTANCE ? ' in fasm? |
|||
![]() |
|
ManOfSteel 18 Nov 2009, 19:03
Try something like that:
Code: my_key_str db 'Software\MyApplicationLousyName\',0 my_key_hndl dd ? my_value_str db 'MyValueLousyName',0 dword_type dd REG_DWORD output dd ? value_size dd ? invoke RegOpenKey,HKEY_CURRENT_USER,my_key_str,my_key_hndl invoke RegQueryValueEx,[my_key_hndl],my_value_str,NULL,dword_type,output,value_size invoke RegCloseKey,[my_key_hndl] My Windows coding is a little rusty so proceed with caution, LOL. |
|||
![]() |
|
semiono 19 Nov 2009, 00:28
be patient :)
output dd ? -- is it addres? i need invoke MessageBox,NULL,regData... i do not see regdata here now :'( |
|||
![]() |
|
ManOfSteel 19 Nov 2009, 11:45
As the name implies, output holds the dword (since we're using REG_DWORD) you're reading from the registry.
Of course you can't use MessageBoxA right away, since the dword should first be converted to ASCII (using wsprintf with a %u for instance). It seems you want to read a string from the registry, so try this instead: Code: sz_type dd REG_SZ output rb 512 invoke RegQueryValueEx,[my_key_hndl],my_value_str,NULL,sz_type,output,value_size Now, you should be able to use MessageBoxA. Of course before calling RegQueryValueEx, you should always make sure "output" is clean by zeroing it out first. Your turn ![]() |
|||
![]() |
|
SFeLi 19 Nov 2009, 12:29
ManOfSteel, value_size must be dd 4 for the first version of your code and dd 512 for the last.
|
|||
![]() |
|
ManOfSteel 19 Nov 2009, 13:19
Um, yes. You're totally right. I forgot to add a line:
Code: mov [value_size],512 invoke RegQueryValueEx, ... I do that because I usually have many RegQueryValueEx (for reading my application's settings) and the values I read are of varying sizes. So I only have to use a single variable. |
|||
![]() |
|
semiono 19 Nov 2009, 14:59
Good picture!
![]() Thanks! from my last code i wait any output 在知識產權辯論中贏得一芽第一誰 to test that it's realy works. Quote: you should always make sure "output" is clean by zeroing it out first. ok! thanks! offtop: lstrcat This function appends one string to another. what is a way to get result of string1 minus string2 ? |
|||
![]() |
|
ManOfSteel 19 Nov 2009, 23:25
semiono wrote: what is a way to get result of string1 minus string2 ? I don't know if there's a Windows API/C function for that, but you can do it using pure assembly with cmp, jcc, mov and inc instructions. Here's an 8 steps procedure that will remove *all* instances of str2 from str1. It should work and I think I've covered all the possibilities/exceptions, but you never know, sh*t happens. 1. initialize counters, such as esi for str1, edi for str2 and ecx for buffer (e.g. mov esi,str1) ; zero terminate str1 and str2 ; zero the entire "buffer" out 2. have we reached the end of str1? if yes {quit} ; if no {continue} 3. compare byte at str1 counter with byte at str2 counter 4. are they equal? if yes {go to 5} ; if no {move byte to buffer ; increment buffer counter ; increment str1 counter ; go to 2} 5. increment str1 counter ; increment str2 counter 6. have we reached the end of str2? if yes {reset str2 counter; go to 2} ; if no {continue} 7. compare byte at str1 counter with byte at str2 counter 8. are they equal? if yes {go to 5}, if no {reset str2 counter ; go to 2} N.B.: "buffer" is where the result of str1-str2 will be stored (e.g. buffer rb 64) Now all you have to do is convert that to assembly. |
|||
![]() |
|
semiono 20 Nov 2009, 17:54
great!
![]() Code: include '%fasm%\win32ax.inc' include '%fasm%\macro/if.inc' entry start section '.idata' import data readable writeable executable library advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL' include '%fasm%\api\advapi32.inc' include '%fasm%\api\kernel32.inc' include '%fasm%\api\user32.inc' ; section '.data' data readable writeable executable lpSubKey db 'SYSTEM\Setup',0 lpFmt db 'TYPE: [%u]',0dh,'DATA: [%08x]',0 lpOut rb 256 lpcbData dd 4 ; section '.code' code readable writeable executable start: invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpSubKey,NULL,KEY_READ,phkResult .if eax = NULL invoke RegQueryValueEx,[phkResult],lpValueName,NULL,lpType,lpData,lpcbData .if eax = NULL invoke wsprintf,lpOut,lpFmt,[lpType],[lpData] stdcall [MessageBox],NULL,lpOut,lpSubKey,MB_OK + MB_ICONASTERISK .else stdcall [MessageBox],NULL,NULL,NULL,NULL .endif invoke RegCloseKey,phkResult .else stdcall [MessageBox],NULL,'ERROR_FILE_NOT_FOUND','',MB_OK .endif exit: invoke ExitProcess,0 ; section '.data?' readable writeable executable phkResult dd ? ; lpValueName db ? lpValueName db 'SystemSetupInProgress' lpData dd ? lpType dd ? Only dword work properlly... It's could be better to design in reg_sz/expand_sz ... Is wsprintf enaugh function for? I have big problem with format-control specifications understanding... :\ |
|||
![]() |
|
ManOfSteel 20 Nov 2009, 20:35
semiono wrote: Only dword work properlly... You tried reading a string? Interesting. The question is: why did your code *not crash*? I guess you were lucky and the API either failed or it overwrote unused space and the buffer overflow didn't screw anything up. Both your lpType and lpData are invalid. lpType should be lpType dd REG_SZ and lpData should be lpData rb size_of_your_buffer. As for wsprintf, I suggested it for conversions between decimal and ASCII. If you're reading a string, RegQueryValueEx will return... a string, so no need for any conversion. Just print it with MessageBox. Of course you can still use wsprintf for strings (%s, IIRC) but it's quite useless. BTW, MessageBoxA is a USER32 API so what's wrong with using Code: invoke MessageBox,NULL,message,caption,MB_something ? |
|||
![]() |
|
SFeLi 21 Nov 2009, 05:07
ManOfSteel, you’re wrong about lpType:
MSDN wrote:
|
|||
![]() |
|
semiono 21 Nov 2009, 10:08
> The lpType parameter can be NULL if the type code is not required.
i found example in google ![]() lpData dd ? lpType dd ? i need it so as something to dir data then i don't know before what is data the tipe is presents |
|||
![]() |
|
ManOfSteel 21 Nov 2009, 10:22
@SFeLi: yes, you may be right. Rusty as I said.
![]() |
|||
![]() |
|
ManOfSteel 21 Nov 2009, 10:26
@semiono: your buffer should be big enough to hold the data.
|
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.