First, let me clear off the background : I've to patch around 3000 puters
where I work by modifying a key in the registry (changing the timeout value
of the antivirus). Currently I've no way to use GPO to do this. As we'll
do it only once, and will have the GPO to do that soon, we don't
want to buy an expensive product for a one-shot use.

So I though I could as well make a little script, that will use
RegConnectRegistry to connect to the remote putter, but since a while
I'm blocked with this one, there is an error that keep coming up and I
haven't find any (usefull) info on that error on the web.

I'm constantly getting the RPC_X_NULL_REF_POINTER error
message on call. From what I've found, I suspect that I haven't
correctly declared something, but what ???

I've tryied it the follow way (extract of the code, I'm working with RadASM),
but in fact it didn't goes beyond the RegConnect part. Appart of that, the
code does nothing special...have used the dialog template to start with...


hInstance dd ?
pKey HWND ?
Disp dd ?
temp dd ?
phkResult HWND ?


DefaultKey db "SOFTWARE\\Network Associates\\TVD\\Shared Components\\On Access Scanner\\McShield\\Configuration",0
RegString db "ScannerThreadTimeout",0
RegString2 db "ScannerThreadTimeoutEx",0
STimeout1 dd 4a768h
STimeout2 dd 17318h
Putter db "\\UC03403",0

MsgBoxCaption db "Debug",0
MsgError1 db "Failed to connect: RPC_X_NULL_REF_POINTER",0

.if ax==IDC_BTN1
invoke RegConnectRegistry,addr Putter,HKEY_LOCAL_MACHINE,phkResult
invoke MessageBox, NULL, addr Putter, addr MsgBoxCaption, MB_OK
xor eax,eax
invoke RegOpenKeyEx,phkResult,addr DefaultKey,NULL,KEY_WRITE,pKey
mov temp,4
invoke RegSetValueEx, pKey, addr RegString, NULL, REG_DWORD_LITTLE_ENDIAN, addr STimeout1, temp
invoke RegSetValueEx, pKey, addr RegString2, NULL, REG_DWORD_LITTLE_ENDIAN , addr STimeout2, temp
invoke MessageBox, NULL, addr MsgError1, addr MsgBoxCaption, MB_OK
invoke RegCloseKey,pKey
invoke RegCloseKey,phkResult
invoke MessageBox, NULL, addr MsgDone, addr MsgBoxCaption, MB_OK


I'm working on Windows NT 4 with sp.

Anyone got an idea on what cause the trouble, or what I've missed in my code ?

Posted on 2003-02-21 02:27:50 by etherlord
Your key looks suspicious. Did you copy the string from C code? C (or C++) uses \ as an escape character in strings. If you copy the string verbatim, you will double the number of \ in the string.

The computer name looks OK. It's what you type in an address bar.
Posted on 2003-02-22 00:18:04 by tenkey
Firstly, the key string won't work. You would write it with double slashes only in C++, because there you prefix
escape sequences with a doubleslash inside strings. So, just write it with single slashes in ASM.

Secondly, you can't just connect to a remote computer's registry, because ... well wouldn't you agree that
this would be more than a serious security problem?! :eek: :eek: :eek:
The target machine(s) must have the Remote Registry Service running. I don't know if this is the cause of the
RPC_X_NULL_REF_POINTER, but you have to at least meet this condition.

You can find much more about it inside the MSDN archive. I hope that it doesn't make your project impossible,
but it'll make things clear:


aweX <-
Posted on 2003-02-22 01:51:31 by aweX

tenkey : mmm...no, I wasn't so sure so I tryed the two ways
of writting it, none of them change anything, but you are
right on one point, I was doing C before :)

awex : ok, now I've changed that, but no change at all. And
about the remote connection restriction, I'm aware of
them, currently it work on my network, I've tryed to
do the modification manually before trying to do it by
asm. Using an autorised account, it work well manually.
I though of that also at first, but was not the case...

anyway, thanks for the replies, will try to sort it out....

Posted on 2003-02-24 02:30:47 by etherlord
Hi all,

Well, it look like instead of spitting on msdn I should have read more carefully
the sentence.....

the trouble was that I was not correctly passing the pointer, so if someone else
got the same error, here's what have been modified in regard of previous
code :

invoke RegConnectRegistry, offset NetName, HKEY_LOCAL_MACHINE,offset phkResult

Posted on 2003-03-06 04:39:51 by etherlord