Hi to all!

How to enumerate all values in some registry key?
E.g. how to see what programs run when Windows starts in key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ ?

Thanks to everybody,
Mike
Posted on 2002-08-12 08:27:57 by Mike
Posted on 2002-08-12 08:30:47 by bazik
Sorry, bazik, program that you recommend

******************************
.386
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive

include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
include \MASM32\INCLUDE\advapi32.inc

includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
includelib \MASM32\LIB\advapi32.lib

.DATA
IndexNum dd 0
szRegPath db 256 dup(?),0
Error db "ERROR",0
szKeyName db "\", 0 ;Software\Microsoft\Windows\CurrentVersion\Run\",0

TType dd ?
pKey dd ?
lpszBuffer dd ?

.data?
szTopKey dd ?

.CODE
main:

mov szTopKey, HKEY_LOCAL_MACHINE
call EnumReg

invoke ExitProcess ,0

EnumReg proc

firstrun:
mov TType, REG_SZ
invoke RegCreateKeyExA,szTopKey,offset szKeyName,0,0,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,0,offset pKey,offset TType
cmp eax,ERROR_SUCCESS
jnz @Error

@loop:
invoke RegEnumKeyA,pKey,IndexNum,offset szRegPath,256
cmp eax,ERROR_NO_MORE_ITEMS
je @endloop
invoke RegCloseKey, pKey

invoke MessageBox,0,offset szRegPath,offset szRegPath,+MB_YESNO
cmp eax,IDNO
je @endloop
inc IndexNum
jmp @loop

@endloop:
invoke RegCloseKey, pKey
mov IndexNum, 0
ret

@Error:
invoke RegCloseKey, pKey
invoke MessageBox,0,offset Error,offset Error,0
ret

EnumReg endp

end main
******************************

shows me: Software, System, Enum ... etc. (those are registry keys)
but I need see (for key Software\Microsoft\Windows\CurrentVersion\Run\)
internat.exe "internat.exe"
LoadPowerProfile "....."
ScanRegistry "..."
SystemTray "...."
etc.

Mike
Posted on 2002-08-12 11:29:22 by Mike
Right, this is the first time I've ever done anything with the registry, but based purely on the post Bazik put out, and my ability to read (the win32.hlp file), I managed to figure out this:


mov buf_size, 256
invoke RegEnumValue,pKey, 1, offset szRegPath, offset buf_size, 0, 0, 0, 0


Put something like this in your code (in the appropriate place), and it will do what you want.

It may not be the case that the code Bazik posted a link to did exactly what you want, but its pretty damn close. Sometimes we don't provide ready made source code exactly like you need it, sometimes you need to put a bit of effort in too.

Mirno
Posted on 2002-08-12 12:16:04 by Mirno
Thanks to all, especially to Mirno.
This program can show what modules run when Windpows starts.

***********************************
.386
.model flat, stdcall
option casemap :none

include \MASM32\INCLUDE\windows.inc
include \MASM32\INCLUDE\user32.inc
include \MASM32\INCLUDE\kernel32.inc
include \MASM32\INCLUDE\advapi32.inc
include \MASM32\INCLUDE\masm32.inc

includelib \MASM32\LIB\user32.lib
includelib \MASM32\LIB\kernel32.lib
includelib \MASM32\LIB\advapi32.lib
includelib \MASM32\LIB\masm32.lib


.data
szKey db "Software\Microsoft\Windows\CurrentVersion\Run", 0

.data?
szBuf db 260 dup (?)
szBuf1 db 260 dup (?)
digitBuffer db 16 dup (?)
dwIndex dd ?
buf_size dd ?
nResult dd ?
hKey dd ?
MaxValLen dd ?

.code
start:
mov dwIndex, 0
invoke RegOpenKey, HKEY_LOCAL_MACHINE, ADDR szKey, ADDR hKey
.while TRUE
mov buf_size, 256
invoke RegEnumValue, hKey, dwIndex, offset szBuf, offset buf_size, 0, 0, 0, 0
mov nResult,eax
.if nResult==ERROR_SUCCESS
invoke RegQueryInfoKey, hKey,0,0,0,0,0,0,0,0,addr MaxValLen,0,0 ; Get maximal length
invoke RegQueryValueEx, hKey, offset szBuf, 0, 0, offset szBuf1, addr MaxValLen
invoke MessageBox, 0, ADDR szBuf1, ADDR szBuf, MB_OK
.else
.if nResult!=259 ; No more data
invoke dwtoa, nResult, offset digitBuffer ; Otherwise say about error
invoke MessageBox, 0, ADDR digitBuffer, 0, MB_OK
.endif
.break
.endif
inc dwIndex
.endw
invoke RegCloseKey, hKey
invoke ExitProcess,eax

end start
***********************************

Regards,
Mike
Posted on 2002-08-13 04:40:08 by Mike