Hello there, I need to save a registry key with all its subkeys onto a specified file. I've written this code:

...
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib
...

.data
sSubKey db "Software\Microsoft\Keyboard",0
sRegFile db "C:\mykey.reg",0
...

.data?
hCurKey dd ?
...

.code
start:

...
invoke RegOpenKeyEx, HKEY_CURRENT_USER, ADDR sSubKey, 0, KEY_ALL_ACCESS, ADDR hCurKey
invoke RegSaveKey, hCurKey, ADDR sRegFile, NULL
invoke RegCloseKey, hCurKey
...
invoke ExitProcess, NULL

end start

BUT... the result is an empty file! The file C:\mykey.reg is 0 bytes sized. Where is the problem? Please help me!
Thanks in advance!!

PS: the functions returns ERROR_SUCCESS!
PS2: I run my prog on winXP as administrator
PS3: sorry for my bad english :-S
Posted on 2003-04-08 07:14:46 by Benji
Hello, thats my first help i do !!! *hhihihi*
And im Very proud !!!!!!!

To Set a value you can use RegSetValueEx
look at this little sample:

subkey DB "Software\Microsoft\Windows", 0
valuestring DB "ultra-key", 0
h_regkey DWORD 0

INVOKE RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR subkey, NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, ADDR h_regkey, NULL
INVOKE lstrlen, ADDR buff
INVOKE RegSetValueEx, h_regkey, ADDR valuestring, NULL, 1, ADDR buff, EAX

Im very glad because I able to help for the first time *SUPER-MEGA-TERA-LOL*

Greets Forginforcer !
Posted on 2003-04-08 07:23:25 by Forginforcer
I need TO SAVE a key with all its subkeys, not TO SET a value!
I need to use RegSaveKey api function to save the key onto a file, but the created file contains no data! It's absolutely empty! :-(
I've tested the program with softice debugger and it seems that all works fine, the function returns the constant ERROR_SUCCESS in eax and the program flow continues without errors... but, as I've already said, the file is created but it is empty! I run the program under winXP pro as administrator, therefore I think I have all privileges to access the system registry... thus WHERE IS the problem?? There is an error somewhere? If yes, please help me!
Here is the code I've assembled, absolutely trivial code... damn :(


.386
.model flat, stdcall
option casemap :none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\advapi32.inc
includelib \masm32\lib\advapi32.lib

.data
sSubKey db "Software\Microsoft\Keyboard",0
sRegFile db "C:\mykey.reg",0

.data?
hCurKey dd ?

.code
start:
invoke RegOpenKeyEx, HKEY_CURRENT_USER, ADDR sSubKey, 0, KEY_ALL_ACCESS, ADDR hCurKey
invoke RegSaveKey, hCurKey, ADDR sRegFile, NULL
invoke RegCloseKey, hCurKey
invoke ExitProcess, NULL
end start
Posted on 2003-04-09 02:47:37 by Benji
who can help me?
please, it's very important, thanks
Posted on 2003-04-09 06:24:52 by Benji
Uuups, i think you have to program a routine that search all keys etc. and save the vaule.

Sorry, I cant help
Posted on 2003-04-09 06:31:24 by Forginforcer
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/regsavekey.asp

this function exists just to avoid the routine :alright:
but if doesn't work... sigh :(
Posted on 2003-04-09 06:47:31 by Benji
try CreateFile, CreatePipe, CreateProcess, RegCreateKeyEx, or RegSaveKeyEx as the last parameter at invoke RegSaveKey, hCurKey, ADDR sRegFile,

I still a novice, its just an idea
Posted on 2003-04-09 06:51:06 by Forginforcer
Why would you do that? The last parameter is a pointer to a SECURITY_ATTRIBUTES structure (or NULL, if you want to use default security).
Posted on 2003-04-09 06:53:59 by f0dder
Forginforcer, I don't understand, I want only to use RegSaveKey... I want to know why it doesn't work!

invoke RegSaveKey, hCurKey, ADDR sRegFile, NULL
Posted on 2003-04-09 07:00:28 by Benji
Maybe, I understand something wrong.
I only tryed to tell you, that your SECURITY_ATTRIBUTES is set with NULL. I show you, that htere is an atribut CreateFile.

Good luck !
Posted on 2003-04-09 07:35:06 by Forginforcer
Hello,

have you tryed this :

change


invoke RegOpenKeyEx, HKEY_CURRENT_USER, ADDR sSubKey, 0, KEY_ALL_ACCESS, ADDR hCurKey


by:


invoke RegOpenKeyEx, HKEY_CURRENT_USER, ADDR sSubKey, 0, KEY_ALL_ACCESS, OFFSET hCurKey



The other point that i see that could be the source of your failure, is that the file already exist. From
the msdn ling you give :


lpFile
Pointer to a null-terminated string containing the name of the file in which the specified key and subkeys are saved. If the file already exists, the function fails.


Regards
etherlord
Posted on 2003-04-09 07:37:21 by etherlord
forginforcer, CreateProcess (etc) aren't attributes, they're functions. Have a look in PlatformSDK.

etherlord, addr vs. offset will give assemble-time problems.
Posted on 2003-04-09 07:41:26 by f0dder
Hello,

Originally posted by f0dder


interesting....that may explain some trouble i had a while ago.... what kind
of trouble this may raise ? (complete failure of the function ?)

regards
etherlord
Posted on 2003-04-09 07:52:31 by etherlord
simple an assemble-time error.
OFFSET can be used wherever - but will not work with LOCAL variables.
ADDR can only be used in invoke, but will handle LOCAL variables correctly.

address of local variables are not known at assemble-time, so the ADDR macro will do "lea eax, / push eax" to take care of this. If you try to use OFFSET with a local variable it should b0rk, the same if you use ADDR outside an invoke call.
Posted on 2003-04-09 07:57:58 by f0dder
etherlord, first of all when you use "invoke" you must write "ADDR" instead of "OFFSET", there are many samples in the masm32 help.
second: the file doesn't already exist. I already wrote:

I've tested the program with softice debugger and it seems that all works fine, the function returns the constant ERROR_SUCCESS in eax and the program flow continues without errors... but, as I've already said, the file is created but it is empty!
Posted on 2003-04-09 08:17:57 by Benji
Misconception.

in invoke you can use both addr and offset. addr i suppose is a macro.

For example:

invoke function,addr buffer

becomes

lea eax,buffer
push eax
call function

invoke function,offset buffer

becomes

push offset buffer
call function

*note: offset does not work on local variables. Basically using offset and addr means the same except in some cases.
Posted on 2003-04-09 08:52:59 by roticv
roticv, that's true, you have reason! sorry :-)
but my program doesn't work neither with ADDR nor with OFFSET, what can I do?
Posted on 2003-04-09 10:01:36 by Benji
After fooling around abit, I found out the following:

There is nothing saved in mykey.reg because there is *nothing* in HKEY_CURRENT_USER\Software\Microsoft\Keyboard except the default value which is not set. Thus i can conclude that you are doing it correctly, but doing it on the wrong key. :grin:
Posted on 2003-04-09 10:37:36 by roticv
After more fooling around, I becomed puzzled. I tried on other keys but it seemed not to work... This is weird
Posted on 2003-04-09 10:52:40 by roticv
roticv:

From MSDN: "The RegSaveKey function saves the specified key and all of its subkeys and values to a new file."

On this computer, at least, the key he used doesn't have any value, but it does have a subkey "Native Media Players"
Posted on 2003-04-09 10:55:02 by Knightmare