flat assembler
Message board for the users of flat assembler.

Index > Windows > RegQueryValueEx - how to read registry? please!

Author
Thread Post new topic Reply to topic
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 18 Nov 2009, 16:28
Code:
start:
        invoke RegQueryValueEx,HKEY_LOCAL_MACHINE,lpValueName,NULL,KEY_READ,lpData,lpcbData
        invoke MessageBox,NULL,lpData,lpcbData,,MB_OK
        invoke RegCloseKey,lpValueName
        invoke ExitProcess,0

section '.data' data readable writeable
        lpValueName db 'SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir',0
        lpData dd ?
        lpcbData dd ?
    

Why not work?

_________________
Windows 9, FL Studio 19
Post 18 Nov 2009, 16:28
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 18 Nov 2009, 16:58
you need to define your "lpData" variable as a buffer big enough to hold the output string (and you should then rename it "data" or "buffer", since it's not going to be a "long pointer to data"), and lpcbData needs to hold the size of your buffer.
Post 18 Nov 2009, 16:58
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 18 Nov 2009, 18:10
pData db 2048 dup (?)
pcbData db 2048 dup (?)

or addr pData ?
Post 18 Nov 2009, 18:10
View user's profile Send private message Reply with quote
SFeLi



Joined: 03 Nov 2004
Posts: 138
SFeLi 18 Nov 2009, 18:15
Also, there is an extra comma in the MessageBox call. And maybe you need to open a key before closing it? And maybe you’re even closing it incorrectly? lpType = KEY_READ: and maybe you need to… RTFM?
Post 18 Nov 2009, 18:15
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 18 Nov 2009, 18:56
i found for masm32 example
http://freetek.netfirms.com/ASM/RegQueryValueEx.html

i try:
Code:
include '%fasm%\win32ax.inc'
entry start

data import
        library Advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL'
        import Advapi32,RegQueryValueExA,'RegQueryValueExA',RegCloseKey,'RegCloseKey',RegOpenKeyExA,'RegOpenKeyExA'
        import user32,MessageBox,'MessageBoxA'
        import kernel32,ExitProcess,'ExitProcess'
end data

;section '.code' code readable writeable executable
start:
        invoke  RegOpenKeyExA,HKEY_LOCAL_MACHINE,addr RegSubKey,0,KEY_READ,addr hSubKey
        invoke  RegQueryValueExA,hSubKey,addr RegValue,NULL,addr RegType,addr RegBuffer, addr RegSize

        invoke MessageBox,NULL,RegBuffer,RegBuffer,,MB_OK
        invoke  RegCloseKey,hSubKey
exit:
        invoke ExitProcess,0

;section '.data' data readable writeable executable

RegSubKey       db      "SOFTWARE\Microsoft\Windows\CurrentVersion",0
RegValue        db      "ProductId",0
RegBuffer       db      256 dup(?)
RegSize         dd      256

;section '.idata' data readable writeable executable

RegType         dw           ?
hSubKey         dd    0x40000   ; HINSTANCE = 0x40000
    

don't shown "55274-640-8935532-23075" Sad
what the problem?
what is ' HINSTANCE ? ' in fasm?
Post 18 Nov 2009, 18:56
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 18 Nov 2009, 19:03
Try something like that:
Code:
my_key_str db 'Software\MyApplicationLousyName\',0
my_key_hndl dd ?
my_value_str db 'MyValueLousyName',0
dword_type dd REG_DWORD
output dd ?
value_size dd ?

invoke RegOpenKey,HKEY_CURRENT_USER,my_key_str,my_key_hndl
invoke RegQueryValueEx,[my_key_hndl],my_value_str,NULL,dword_type,output,value_size
invoke RegCloseKey,[my_key_hndl]
    


My Windows coding is a little rusty so proceed with caution, LOL.
Post 18 Nov 2009, 19:03
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 19 Nov 2009, 00:28
be patient :)

output dd ? -- is it addres?

i need invoke MessageBox,NULL,regData...
i do not see regdata here now :'(
Post 19 Nov 2009, 00:28
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 19 Nov 2009, 11:45
As the name implies, output holds the dword (since we're using REG_DWORD) you're reading from the registry.
Of course you can't use MessageBoxA right away, since the dword should first be converted to ASCII (using wsprintf with a %u for instance).

It seems you want to read a string from the registry, so try this instead:
Code:
sz_type dd REG_SZ
output rb 512

invoke RegQueryValueEx,[my_key_hndl],my_value_str,NULL,sz_type,output,value_size
    

Now, you should be able to use MessageBoxA.
Of course before calling RegQueryValueEx, you should always make sure "output" is clean by zeroing it out first.


Your turn
Image
Post 19 Nov 2009, 11:45
View user's profile Send private message Reply with quote
SFeLi



Joined: 03 Nov 2004
Posts: 138
SFeLi 19 Nov 2009, 12:29
ManOfSteel, value_size must be dd 4 for the first version of your code and dd 512 for the last.
Post 19 Nov 2009, 12:29
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 19 Nov 2009, 13:19
Um, yes. You're totally right. I forgot to add a line:
Code:
mov [value_size],512
invoke RegQueryValueEx, ...
    

I do that because I usually have many RegQueryValueEx (for reading my application's settings) and the values I read are of varying sizes. So I only have to use a single variable.
Post 19 Nov 2009, 13:19
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 19 Nov 2009, 14:59
Good picture! Very Happy
Thanks!


from my last code i wait any output
在知識產權辯論中贏得一芽第一誰
to test that it's realy works.

Quote:
you should always make sure "output" is clean by zeroing it out first.

ok! thanks!

offtop: lstrcat
This function appends one string to another.
what is a way to get result of string1 minus string2 ?
Post 19 Nov 2009, 14:59
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 19 Nov 2009, 23:25
semiono wrote:
what is a way to get result of string1 minus string2 ?

I don't know if there's a Windows API/C function for that, but you can do it using pure assembly with cmp, jcc, mov and inc instructions.
Here's an 8 steps procedure that will remove *all* instances of str2 from str1. It should work and I think I've covered all the possibilities/exceptions, but you never know, sh*t happens.


    1. initialize counters, such as esi for str1, edi for str2 and ecx for buffer (e.g. mov esi,str1) ; zero terminate str1 and str2 ; zero the entire "buffer" out

    2. have we reached the end of str1? if yes {quit} ; if no {continue}

    3. compare byte at str1 counter with byte at str2 counter

    4. are they equal? if yes {go to 5} ; if no {move byte to buffer ; increment buffer counter ; increment str1 counter ; go to 2}

    5. increment str1 counter ; increment str2 counter

    6. have we reached the end of str2? if yes {reset str2 counter; go to 2} ; if no {continue}

    7. compare byte at str1 counter with byte at str2 counter

    8. are they equal? if yes {go to 5}, if no {reset str2 counter ; go to 2}


N.B.: "buffer" is where the result of str1-str2 will be stored (e.g. buffer rb 64)

Now all you have to do is convert that to assembly.
Post 19 Nov 2009, 23:25
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 20 Nov 2009, 17:54
great! Very Happy
Code:
        include '%fasm%\win32ax.inc'
        include '%fasm%\macro/if.inc'
entry start
section '.idata' import data readable writeable executable
        library advapi32,'ADVAPI32.DLL',kernel32,'KERNEL32.DLL',user32,'USER32.DLL'
                include '%fasm%\api\advapi32.inc'
                include '%fasm%\api\kernel32.inc'
                include '%fasm%\api\user32.inc'
; section '.data' data readable writeable executable
        lpSubKey     db 'SYSTEM\Setup',0
        lpFmt        db 'TYPE: [%u]',0dh,'DATA: [%08x]',0
        lpOut        rb 256
        lpcbData     dd 4
; section '.code' code readable writeable executable
start:
        invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpSubKey,NULL,KEY_READ,phkResult
               .if eax = NULL
        invoke RegQueryValueEx,[phkResult],lpValueName,NULL,lpType,lpData,lpcbData
               .if eax = NULL
        invoke wsprintf,lpOut,lpFmt,[lpType],[lpData]
        stdcall [MessageBox],NULL,lpOut,lpSubKey,MB_OK + MB_ICONASTERISK
               .else
        stdcall [MessageBox],NULL,NULL,NULL,NULL
               .endif
        invoke RegCloseKey,phkResult
               .else
        stdcall [MessageBox],NULL,'ERROR_FILE_NOT_FOUND','',MB_OK
               .endif
exit:
        invoke ExitProcess,0
; section '.data?' readable writeable executable
        phkResult         dd ?
;       lpValueName       db ?
        lpValueName       db 'SystemSetupInProgress'
        lpData            dd ?
        lpType            dd ?    


Only dword work properlly...
It's could be better to design in reg_sz/expand_sz ...
Is wsprintf enaugh function for?
I have big problem with format-control specifications understanding...
:\
Post 20 Nov 2009, 17:54
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 20 Nov 2009, 20:35
semiono wrote:
Only dword work properlly...

You tried reading a string? Interesting. The question is: why did your code *not crash*?
I guess you were lucky and the API either failed or it overwrote unused space and the buffer overflow didn't screw anything up.

Both your lpType and lpData are invalid.
lpType should be lpType dd REG_SZ and lpData should be lpData rb size_of_your_buffer.


As for wsprintf, I suggested it for conversions between decimal and ASCII. If you're reading a string, RegQueryValueEx will return... a string, so no need for any conversion. Just print it with MessageBox.
Of course you can still use wsprintf for strings (%s, IIRC) but it's quite useless.


BTW, MessageBoxA is a USER32 API so what's wrong with using
Code:
invoke MessageBox,NULL,message,caption,MB_something
    

?
Post 20 Nov 2009, 20:35
View user's profile Send private message Reply with quote
SFeLi



Joined: 03 Nov 2004
Posts: 138
SFeLi 21 Nov 2009, 05:07
ManOfSteel, you’re wrong about lpType:
MSDN wrote:

lpType
[out] Pointer to a variable that receives a code indicating the type of data stored in the specified value. For a list of the possible type codes, see Registry Value Types. The lpType parameter can be NULL if the type code is not required.
Post 21 Nov 2009, 05:07
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 198
Location: section '.code' executable
semiono 21 Nov 2009, 10:08
> The lpType parameter can be NULL if the type code is not required.

i found example in google Smile
lpData dd ?
lpType dd ?
i need it so as something to dir data then i don't know before what is data the tipe is presents
Post 21 Nov 2009, 10:08
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 21 Nov 2009, 10:22
@SFeLi: yes, you may be right. Rusty as I said. Smile
Post 21 Nov 2009, 10:22
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 21 Nov 2009, 10:26
@semiono: your buffer should be big enough to hold the data.
Post 21 Nov 2009, 10:26
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.