32bit masm app reading from 64bit registry

Started by ChillyWilly, January 22, 2010, 12:04:39 AM

Previous topic - Next topic

ChillyWilly

is it possible? i sent my friend an app that works fine on my 32bit  machine, but on his 64bit it errors reading the key

using this
GetString proc  lpszKey:DWORD,lpszValueName:DWORD,lpszBuffer:DWORD
LOCAL dwStrLength:DWORD
LOCAL phkResult :DWORD
LOCAL RType:DWORD
LOCAL lpcbData :DWORD
local szbuf[256]:BYTE

invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpszKey,0,KEY_READ,addr phkResult

.if eax==ERROR_SUCCESS
mov RType,REG_SZ
mov     lpcbData, 250
invoke RegQueryValueEx,phkResult,lpszValueName,NULL, addr RType, lpszBuffer,addr lpcbData
.if eax==ERROR_SUCCESS
.else
invoke lstrcat,lpszBuffer,CTEXT("RegKey Does Not Exist")
.endif

.else
invoke lstrcat,lpszBuffer,CTEXT("Error Opening RegKey!")
.endif
invoke RegCloseKey, phkResult
ret
GetString endp


sinsi

You might also need admin access when using HKEY_LOCAL_MACHINE on vista/win7
Light travels faster than sound, that's why some people seem bright until you hear them.

ChillyWilly

im using a manifest.xml to prompt for admin access and still nada

dedndave

i think the registry gets virtualized - you have to access it through the a "wow64" hive (or something like that)
so, HKEY_LOCAL_MACHINE becomes wow64\HKEY_LOCAL_MACHINE

i had to do it once - that worked for what i was doing because i was only reading the registry
you may have to jump through hoops if you want to write to it and have it stick after a re-boot

evlncrn8

actually, its done using a flag in the access rights..


KEY_WOW64_32KEY (0x0200)


Indicates that an application on 64-bit Windows should operate on the 32-bit registry view. For more information, see Accessing an Alternate Registry View.

This flag must be combined using the OR operator with the other flags in this table that either query or access registry values.

    Windows 2000:  This flag is not supported.

KEY_WOW64_64KEY (0x0100)


Indicates that an application on 64-bit Windows should operate on the 64-bit registry view. For more information, see Accessing an Alternate Registry View.

This flag must be combined using the OR operator with the other flags in this table that either query or access registry values.

    Windows 2000:  This flag is not supported.

source : http://msdn.microsoft.com/en-us/library/ms724878%28VS.85%29.aspx

ChillyWilly

testing on win7 home premium 64bit I tried using the samDesired parameter of KEY_WOW64_64KEY
heres the code so you can get a good example of what im trying to achieve
.386
.model flat, stdcall
option casemap:none

GetString proto :DWORD,:DWORD ,:DWORD
CTEXT MACRO y:VARARG
LOCAL sym, dummy
dummy EQU $;; MASM error fix
CONST segment
IFIDNI <y>,<>
sym db 0
ELSE
sym db y,0
ENDIF
CONST ends
EXITM <OFFSET sym>
ENDM

include windows.inc
include kernel32.inc
include user32.inc
include advapi32.inc

includelib user32.lib
includelib kernel32.lib
includelib advapi32.lib

.data
szKey     db "SOFTWARE\Microsoft\Windows NT\CurrentVersion",0

.data?
buffstuff db 1024 dup(?)

.code
start:




invoke GetString,addr szKey,CTEXT("ProductName"),addr buffstuff
invoke MessageBox, NULL,addr buffstuff,CTEXT('Result'), MB_OK
invoke ExitProcess,NULL


GetString proc  lpszKey:DWORD,lpszValueName:DWORD,lpszBuffer:DWORD
LOCAL dwStrLength:DWORD
LOCAL phkResult :DWORD
LOCAL RType:DWORD
LOCAL lpcbData :DWORD
local szbuf[256]:BYTE

invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,lpszKey,0,KEY_READ or KEY_WOW64_64KEY ,addr phkResult

.if eax==ERROR_SUCCESS
mov RType,REG_SZ
mov     lpcbData, 250
invoke RegQueryValueEx,phkResult,lpszValueName,NULL, addr RType, lpszBuffer,addr lpcbData
.if eax==ERROR_SUCCESS
.else
invoke lstrcat,lpszBuffer,CTEXT("RegKey Does Not Exist")
.endif

.else
invoke lstrcat,lpszBuffer,CTEXT("Error Opening RegKey!")
.endif
invoke RegCloseKey, phkResult
ret
GetString endp
end start

Gunner

Chilly, in response to http://www.masm32.com/board/index.php?topic=13209.0

here is the code I used for that

EnumExtensions32 proc uses ebx edi esi
LOCAL FileExt[50]:BYTE
LOCAL lpcBuffer:DWORD
LOCAL FTime:FILETIME
LOCAL   hKey:DWORD

    invoke  RegOpenKeyEx, HKEY_CLASSES_ROOT, NULL, NULL,KEY_ENUMERATE_SUB_KEYS or KEY_WOW64_32KEY, addr hKey
xor ebx, ebx
inc ebx ; Skip * key
xor edi, edi
GetNextExtension:
lea esi, FileExt
push NULL
push 50
push esi
call memfill

mov lpcBuffer, 50

; Enumerate each key in HCR
lea eax, FTime
push eax
push NULL
push NULL
push NULL
lea ecx, lpcBuffer
push ecx
push esi
push ebx
push hKey
call RegEnumKeyEx
cmp eax, ERROR_NO_MORE_ITEMS
je EnumDone

; Get only extensions
mov al, byte ptr [esi]
cmp     al, '.'
;jne NextExt
jne EnumDone

; Make sure not a .??_ file
mov al, byte ptr [esi + 3]
cmp     al, '_'
je NextExt


NextExt:
inc ebx
jmp GetNextExtension

EnumDone:
lea esi, FileExt
push NULL
push 50
push esi
call memfill

        push    esi
        push    ebx
        call    dwtoa
       
        push    0
        push    offset szMainCaption1
        push    esi
        push    0
        call    MessageBox

ret
EnumExtensions32 endp


I do a lot of Registry access with many of my programs, I will take a closer look at your code in a bit to see if I notice anything
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

ChillyWilly

RegOpenKeyEx seems to be failing

if im doing formatmessage right it seems to be returning "access is denied" even though app is running as admin

change my .else to this:

.else
invoke ShowErrorMessage,0,eax
invoke lstrcat,lpszBuffer,CTEXT("Error Opening RegKey!")
.endif



ShowErrorMessage hWnd,dwError
  local lpBuffer:DWORD
lea eax,[lpBuffer]
invoke FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,[dwError],LANG_NEUTRAL,eax,0,0
invoke MessageBox,[hWnd],[lpBuffer],NULL,MB_ICONERROR+MB_OK
invoke LocalFree,[lpBuffer]
ret
ShowErrorMessage endp


dedndave

it may be the stack alignment - there is concurrently another thread on that issue

ChillyWilly



GregL

The stack alignment issue in the other thread pertains to 64-bit programs.

tofu-sensei

Quote from: ChillyWilly on January 23, 2010, 09:15:19 PM
testing on win7 home premium 64bit I tried using the samDesired parameter of KEY_WOW64_64KEY
heres the code so you can get a good example of what im trying to achieve
this is working just fine for me if i remove the KEY_WOW64_64KEY flag...

sinsi

>this is working just fine for me if i remove the KEY_WOW64_64KEY flag

Same here, even without admin.
Light travels faster than sound, that's why some people seem bright until you hear them.