Hello
I have a problem with RegEnumValue.

	invoke RegEnumValue, hKey, dwIndex, addr regName, addr szName, 0, 0, addr regData, addr szData
.if eax==ERROR_NO_MORE_ITEMS
.break
.else
invoke MessageBox, 0, addr regData, addr regName, MB_OK
.endif
inc dwIndex


I add a BINARY key in the register.




When I enumerate all the key, there is a problem with the binary key :



Normally the message should be empty because there is no value in the binary key.
Why its take the value of key of the top ?!
Thanx
Posted on 2005-09-17 05:53:02 by kaos
may be you use invoke MessageBox, 0, addr regData, addr regName, MB_OK is wrong, because this function only dispaly strings, if first value is 0, then it will nothing to dispaly.
Posted on 2005-09-18 09:51:28 by jhkdiy
It will display something. 0 for hwnd is alright.

I am not sure why it is not working. Really sorry.
Posted on 2005-09-18 11:00:03 by roticv
Ok, now i use MessageBox and WriteFile :
invoke MessageBox, 0, addr regData, addr regName, MB_OK
invoke WriteFile, FHandle, addr regData, 1000, addr Bytes, 0


I add a new BINARY key :



if I use : Inc dwIndex
invoke RegEnumValue, hKey, dwIndex, addr regName, addr szName, 0, 0, addr regData, addr szData


In message box :


And in the txt file :
Helloogram files\reg firewall\regprot.exe /start


Now if i remplace dwIndex by 5 :
invoke RegEnumValue, hKey, 5, addr regName, addr szName, 0, 0, addr regData, addr szData


In message box :


In the txt file :
Hello


Why with inc dwIndex there is a problem ? plz help, thx
Posted on 2005-09-18 11:02:33 by kaos
What's the initial value of dwIndex? Is it 0?
Posted on 2005-09-18 12:27:08 by roticv
my code :
.386
.model flat, stdcall
option casemap :none

include \masm32\include\advapi32.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\windows.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib

.data
subKey db "Software\Microsoft\Windows\CurrentVersion\Run", 0

.data?
hKey dd ?
dwIndex dd ?
regName db 260 dup (?)
regData db 260 dup (?)
szName dd ?
szData dd ?

.code
start:
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE, addr subKey, 0, KEY_ALL_ACCESS, addr hKey
mov dwIndex, 0
.while TRUE
mov szName, 256
mov szData, 256
invoke RegEnumValue, hKey, dwIndex, addr regName, addr szName, 0, 0, addr regData, addr szData
.if eax == ERROR_NO_MORE_ITEMS
.break
.else
invoke MessageBox, 0, addr regData, addr regName, MB_OK
.endif
inc dwIndex
.endw
invoke RegCloseKey, hKey
invoke ExitProcess, 0
END start
Posted on 2005-09-18 13:08:39 by kaos

binary data in the registry is not an asciiz string. So you will have to check the content of szData (which should be a DWORD!). If it is 0, no data has been read and the buffer may contain the data read previously.

Posted on 2005-09-19 01:02:39 by japheth