Hello Everyone!
This is my first time here, I hope I'm posting it in the right thread.
I'm trying to code a program that adds the value sequence InitialDir in HKEY_LOCAL_MACHINE\Software\Cthulhu\MyApplication\Settings. So It'll be: HKEY_LOCAL_MACHINE\Software\Cthulhu\MyApplication\Settings\InitialDir
To do it I did the following:
.data
SubKey db "Software\Cthulhu\MyApplication\Settings",0
SequenceName db "InitialDir",0
lpcbData dd MAX_PATH
.data?
HwndKey dd ?
DataBuf db ?
.code
inicio:
push offset HwndKey
push KEY_QUERY_VALUE
push NULL
push offset SubKey
push HKEY_LOCAL_MACHINE
call RegOpenKeyExA
cmp eax,ERROR_SUCCESS
jnz the_end
;Until here everything works right.
;The RegOpenKeyExA finds my SubKey and returns 0
;(ERROR_SUCCESS) in eax so
;it doesn't jump to the end routine.
VerifyValue:
push lpcbData
push offset DataBuf
push 1 ;Type = Null Terminated String
push NULL
push offset SequenceName
push HwndKey
call RegQueryValueExA
cmp eax,ERROR_SUCCESS
jnz the_end
;Here is the problem, the RegQueryValueExA API never
;returns ERROR_SUCCESS in eax and when I debugged
;it with OllyDbg I saw the following message
;On the StatusBar:
;Access violation in KERNEL32 ignored on request
the_end:
push 0
call ExitProcess
Can anyone help me to find my mistake?
Thanks in advance!
Cthulhu
This is my first time here, I hope I'm posting it in the right thread.
I'm trying to code a program that adds the value sequence InitialDir in HKEY_LOCAL_MACHINE\Software\Cthulhu\MyApplication\Settings. So It'll be: HKEY_LOCAL_MACHINE\Software\Cthulhu\MyApplication\Settings\InitialDir
To do it I did the following:
.data
SubKey db "Software\Cthulhu\MyApplication\Settings",0
SequenceName db "InitialDir",0
lpcbData dd MAX_PATH
.data?
HwndKey dd ?
DataBuf db ?
.code
inicio:
push offset HwndKey
push KEY_QUERY_VALUE
push NULL
push offset SubKey
push HKEY_LOCAL_MACHINE
call RegOpenKeyExA
cmp eax,ERROR_SUCCESS
jnz the_end
;Until here everything works right.
;The RegOpenKeyExA finds my SubKey and returns 0
;(ERROR_SUCCESS) in eax so
;it doesn't jump to the end routine.
VerifyValue:
push lpcbData
push offset DataBuf
push 1 ;Type = Null Terminated String
push NULL
push offset SequenceName
push HwndKey
call RegQueryValueExA
cmp eax,ERROR_SUCCESS
jnz the_end
;Here is the problem, the RegQueryValueExA API never
;returns ERROR_SUCCESS in eax and when I debugged
;it with OllyDbg I saw the following message
;On the StatusBar:
;Access violation in KERNEL32 ignored on request
the_end:
push 0
call ExitProcess
Can anyone help me to find my mistake?
Thanks in advance!
Cthulhu
Hello Cthulhu, welcome to the board.
I see the following on your code:
DataBuf db ?
You are expecting a buffer of number MAX_PATH bytes to recive the value, but it is currently one byte.
Change it to:
DataBuf db MAX_PATH dup (NULL)
I hope it works.
Best Regards,
I see the following on your code:
DataBuf db ?
You are expecting a buffer of number MAX_PATH bytes to recive the value, but it is currently one byte.
Change it to:
DataBuf db MAX_PATH dup (NULL)
I hope it works.
Best Regards,
Hello Pelaillo!
Thanks for the answering my post. Unfortunantelly it din't work. It gives the same message in OllyDbg Status Bar and it still doesn't read the value from the registry.
I'm attaching the files I created during my test.
Maybe it helps anyone to help me.....
[]'s
Cthulhu
Thanks for the answering my post. Unfortunantelly it din't work. It gives the same message in OllyDbg Status Bar and it still doesn't read the value from the registry.
I'm attaching the files I created during my test.
Maybe it helps anyone to help me.....
[]'s
Cthulhu
Hello Cthulhu,
You must create registry entry if it doesn't exist before trying to open it. See RegCreateKeyEx in SDK
best regards,
czDrillard
You must create registry entry if it doesn't exist before trying to open it. See RegCreateKeyEx in SDK
best regards,
czDrillard
Hello czDrillard!
Thanks for trying to help me. But I already created the Registry entry. In the zip file that I attached has a file Called Cthulhu.Reg that puts the entry on registry.
I already solved the problem :grin:
I found the answers at http://board.anticrack.de
The problem was here:
.data?
HwndKey dd ?
DataBuf db ? --> this must be changed to DataBuf db 100 dup (?)
And I needed to include another variable:
lptype dd ? --> This will hold the DataType
VerifyValue:
push lpcbData
push offset DataBuf
push 1 --> this must be changed to:
push offset lpType
push NULL
push offset SequenceName
push HwndKey
call RegQueryValueExA
cmp eax,ERROR_SUCCESS
jnz the_end
So the problem was setting a buffer with enough space to hold the value and the DataType parameter cannot be a hardcoded value it MUST be a variable who'll receive the value.
Thanks again Pelaillo and czDrillard for giving some help!
Best regards!
Cthulhu
Thanks for trying to help me. But I already created the Registry entry. In the zip file that I attached has a file Called Cthulhu.Reg that puts the entry on registry.
I already solved the problem :grin:
I found the answers at http://board.anticrack.de
The problem was here:
.data?
HwndKey dd ?
DataBuf db ? --> this must be changed to DataBuf db 100 dup (?)
And I needed to include another variable:
lptype dd ? --> This will hold the DataType
VerifyValue:
push lpcbData
push offset DataBuf
push 1 --> this must be changed to:
push offset lpType
push NULL
push offset SequenceName
push HwndKey
call RegQueryValueExA
cmp eax,ERROR_SUCCESS
jnz the_end
So the problem was setting a buffer with enough space to hold the value and the DataType parameter cannot be a hardcoded value it MUST be a variable who'll receive the value.
Thanks again Pelaillo and czDrillard for giving some help!
Best regards!
Cthulhu