Home » Forums » MAIN » Reading Registry

Reading Registry
Just getting stuck with reading registry values like a string in sztext
Take for instance the key:

HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition

I want to read the string value stored in 'SystemPartition' which isnt a subkey, but a key of type REG_SZ.... and im getting problems..
tried using RegQueryEx and stuff.. it returns 2 in eax.. and no value thats in the key i selected..

basically just to read values of a specific key in the registry.
not the whole key directory if possible.
Posted on 2005-02-06 05:14:42 by pwn
Reading Registry
this might be usefull: 



comment /

	;Valuename=NULL returns default value type and data



	invoke SetRegString, HKEY_LOCAL_MACHINE,

                        chr$("Software\MASM\Registry Test\"),

                        chr$("StringKeyName"), 

                        chr$("aaa") 



	invoke SetRegDword, HKEY_LOCAL_MACHINE, 

                        chr$("Software\MASM\Registry Test\"), 

                        chr$("DwordKeyName"), 

                        4500



	invoke GetRegString, addr szBigBuffer,

                        HKEY_LOCAL_MACHINE,

                        chr$("Software\MASM\Registry Test\"),

                        chr$("StringKeyName")



   	invoke GetRegDword, HKEY_LOCAL_MACHINE, 

                        chr$("Software\MASM\Registry Test\"), 

                        chr$("DwordKeyName"), 

                        addr dwValue

        invoke Reg_Delete_Value,HKEY_LOCAL_MACHINE,

        		chr$("Software\MASM\Registry Test\"),

        		chr$("DwordKeyName")             

	/



SetRegString    proto :dword, :dword, :dword, :dword

GetRegString    proto :dword, :dword, :dword, :dword

SetRegDword     proto :dword, :dword, :dword, :dword

GetRegDword     proto :dword, :dword, :dword, :dword

Reg_Delete_Value proto :dword, :dword, :dword



.data



.code



SetRegString  proc reg_HKEY:dword, lpszKeyName:dword, lpszValueName:dword, lpszString:dword

    local Disp: dword

    local pKey: dword

    local dwSize: dword

    invoke RegCreateKeyEx, reg_HKEY,

        lpszKeyName, NULL, NULL, 

        REG_OPTION_NON_VOLATILE, 

        KEY_ALL_ACCESS, NULL,

        addr pKey, addr Disp

    .if eax == ERROR_SUCCESS

        invoke lstrlen, lpszString

        mov dwSize, eax

        invoke RegSetValueEx, pKey, lpszValueName, 

            NULL, REG_SZ, 

            lpszString, dwSize 

        push eax

        invoke RegCloseKey, pKey

        pop eax

    .endif

    ret

SetRegString endp



Reg_Delete_Value  proc reg_HKEY:dword, lpszKeyName:dword, lpszValueName:dword

    local Disp: dword

    local pKey: dword

    invoke RegCreateKeyEx, reg_HKEY,

        lpszKeyName, NULL, NULL, 

        REG_OPTION_NON_VOLATILE, 

        KEY_ALL_ACCESS, NULL,

        addr pKey, addr Disp

    .if eax == ERROR_SUCCESS

        invoke RegDeleteValue,pKey,lpszValueName

        push eax

        invoke RegCloseKey, pKey

        pop eax

    .endif

    ret

Reg_Delete_Value endp



; -------------------------------------------------------------------------



GetRegString proc lpszBuffer:dword, reg_HKEY:dword, lpszKeyName:dword, lpszValueName:dword

    local TType: dword

    local pKey: dword

    local dwSize: dword

    mov TType, REG_SZ

    invoke RegOpenKey, reg_HKEY, lpszKeyName, addr pKey

    invoke RegQueryValueEx, pKey, lpszValueName, NULL, NULL, NULL, addr dwSize

    invoke RegCreateKeyEx, reg_HKEY, lpszKeyName, NULL, NULL, REG_OPTION_NON_VOLATILE, 

        KEY_ALL_ACCESS, NULL, addr pKey, addr TType

    .if eax == ERROR_SUCCESS

        mov eax, REG_DWORD

        mov TType, eax

        inc dwSize

        invoke RegQueryValueEx, pKey, lpszValueName, 

            NULL, addr TType, 

            lpszBuffer, addr dwSize

        push eax

        invoke RegCloseKey, pKey

        pop eax

    .endif

    ret

GetRegString endp



; -------------------------------------------------------------------------



SetRegDword proc reg_HKEY:dword, lpszKeyName:dword, lpszValueName:dword, lpdwValue:dword

    local Disp: dword

    local pKey: dword

    local dwValue: dword

    push lpdwValue

    pop dwValue

    DW_SIZE equ 4

    invoke RegCreateKeyEx, reg_HKEY,

        lpszKeyName, NULL, NULL, 

        REG_OPTION_NON_VOLATILE, 

        KEY_ALL_ACCESS, NULL,

        addr pKey, addr Disp

    .if eax == ERROR_SUCCESS

        invoke RegSetValueEx, pKey, lpszValueName, 

        NULL, REG_DWORD_LITTLE_ENDIAN, 

        addr dwValue, DW_SIZE

        push eax

        invoke RegCloseKey, pKey

        pop eax

    .endif

    ret

SetRegDword endp



; -------------------------------------------------------------------------



GetRegDword proc reg_HKEY:dword, lpszKeyName:dword, lpszValueName:dword, lpdwValue:dword

    local Temp: dword

    local pKey: dword

    local DWordSize: dword

    DW_SIZE EQU 4

    mov DWordSize, DW_SIZE

    invoke RegCreateKeyEx, reg_HKEY, 

        lpszKeyName, NULL, NULL, 

        REG_OPTION_NON_VOLATILE, 

        KEY_ALL_ACCESS, NULL,

        addr pKey, addr Temp

    .if eax == ERROR_SUCCESS

        mov eax, REG_DWORD

        mov Temp, eax

        invoke RegQueryValueEx, pKey, lpszValueName, 

            NULL, addr Temp, 

            lpdwValue, addr DWordSize 

        push eax

        invoke RegCloseKey, pKey

        pop eax

    .endif

    ret

GetRegDword endp
Posted on 2005-02-06 08:04:10 by diablo2oo2
Reading Registry
nice code very helpful easy crackmes thx.
Posted on 2005-02-06 15:48:12 by pwn