RegEnumValue problems!!!

[dedndave]

well - if they are unassigned, they do not actually exist in the registry files
(i think they have the data type REG_NONE)
however, programs like regedit always report they are present

just look for it with RegQueryValue and use the return code
if it tells you the value is not present, use "(value not set)", like regedit does

[dedndave]

Windows Registry Guide ~ 5 Mb
a great book - it is written for XP, but works pretty well for win 2k and 32-bit vista, too (even 95 and 98, really)

http://www.4shared.com/file/214069638/11c5b172/WRG.html

[Gunner]

   Dave,... RegEnumValue doesnt enumerate default itens except for those with ValueData set to something. Are you sure that those items exist? How do i enumerate those? Can you help out? Thanks
   Bests and later-ons.

After you enumerate all the values in a key, just call RegGetValue with lpValue set to NULL and it will give you the value of the "Default Value" which technically is an unnamed value.  Not all keys have that set to something.

[xandaz]

    Thanks a lot guys. I'll post later what i've done.
    Best regards from X.

[xandaz]

   Hey guys. It seems to be working more or less fine tho it desnt enumerate a lot of keys. I don't know if theres some user previledge problems i must deal with. Here it goes guys.
   Best regards. X.

[dedndave]

i haven't dug into your code too deeply
but, i would use RegEnumKeyEx
http://msdn.microsoft.com/en-us/library/ms724862%28v=VS.85%29.aspx
you might want to read the Community Content at the bottom of the description, too   :P
i don't know if you are on a 64-bit machine or not
it is important to understand wow64 virtualization
http://msdn.microsoft.com/en-us/library/aa965884%28v=VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/ms724072%28v=VS.85%29.aspx
i noticed that after the RegEnumKey function, you do not check the returned value as you do after RegEnumValue
(test for ERROR_MORE_DATA and ERROR_NO_MORE_ITEMS)

unrelated to that problem....
i saw this table

Code Select Expand

SystemKeys      dd      HKEY_CLASSES_ROOT
                db      'HKEY_CLASSES_ROOT',0
                dd      HKEY_CURRENT_USER
                db      'HKEY_CURRENT_USER',0
                dd      HKEY_LOCAL_MACHINE
                db      'HKEY_LOCAL_MACHINE',0
                dd      HKEY_USERS
                db      'HKEY_USERS',0
                dd      HKEY_PERFORMANCE_DATA
                db      'HKEY_PERFORMANCE_DATA',0
                dd      HKEY_CURRENT_CONFIG
                db      'HKEY_CURRENT_CONFIG',0
                dd      HKEY_DYN_DATA
                db      'HKEY_DYN_DATA',0

i would probably do something like this
it's slightly larger, but makes it easier to index into the SystemKeys table
because each entry is always 2 dwords

Code Select Expand

SystemKeys      dd      HKEY_CLASSES_ROOT,SysKeyString01
                dd      HKEY_CURRENT_USER,SysKeyString02
                dd      HKEY_LOCAL_MACHINE,SysKeyString03
                dd      HKEY_USERS,SysKeyString04
                dd      HKEY_PERFORMANCE_DATA,SysKeyString05
                dd      HKEY_CURRENT_CONFIG,SysKeyString06
                dd      HKEY_DYN_DATA,SysKeyString07

SysKeyString01  db      'HKEY_CLASSES_ROOT',0
SysKeyString02  db      'HKEY_CURRENT_USER',0
SysKeyString03  db      'HKEY_LOCAL_MACHINE',0
SysKeyString04  db      'HKEY_USERS',0
SysKeyString05  db      'HKEY_PERFORMANCE_DATA',0
SysKeyString06  db      'HKEY_CURRENT_CONFIG',0
SysKeyString07  db      'HKEY_DYN_DATA',0

[xandaz]

   yeah dave. It's a very good tip. Type followed by a string pointer. Thanks. Maybe i'll use RegEnumKeyEx. I'm thinking the answer may be in RegCreateKeyEx to open the keys. I'm digging into it now. Hold on guys.... Woooowooooowoooow
   lol and bests

[dedndave]

as for the tables, you could omit the key constants and organize them in order of value
you could then calculate the string pointer index from the value

Code Select Expand

HKEY_CLASSES_ROOT                EQU 80000000h
HKEY_CURRENT_USER                EQU 80000001h
HKEY_LOCAL_MACHINE               EQU 80000002h
HKEY_USERS                       EQU 80000003h
HKEY_PERFORMANCE_DATA            EQU 80000004h
HKEY_CURRENT_CONFIG              EQU 80000005h
HKEY_DYN_DATA                    EQU 80000006h
HKEY_CURRENT_USER_LOCAL_SETTINGS EQU 80000007h

HKEY_PERFORMANCE_TEXT            EQU 80000050h
HKEY_PERFORMANCE_NLSTEXT         EQU 80000060h
the last 2 are new for win7 - and you may not even care about them   :P

something like this

Code Select Expand

SystemKeys     dd SysKeyString00
               dd SysKeyString01
               dd SysKeyString02
               dd SysKeyString03
               dd SysKeyString04
               dd SysKeyString05
               dd SysKeyString06
               dd SysKeyString07

SysKeyString00 db 'HKEY_CLASSES_ROOT',0
SysKeyString01 db 'HKEY_CURRENT_USER',0
SysKeyString02 db 'HKEY_LOCAL_MACHINE',0
SysKeyString03 db 'HKEY_USERS',0
SysKeyString04 db 'HKEY_PERFORMANCE_DATA',0
SysKeyString05 db 'HKEY_CURRENT_CONFIG',0
SysKeyString06 db 'HKEY_DYN_DATA',0
SysKeyString07 db 'HKEY_CURRENT_USER_LOCAL_SETTINGS',0

        mov     eax,SystemKeyValue
        mov     eax,SystemKeys[4*(eax-HKEY_CLASSES_ROOT)]
;EAX = string address

or

        mov     eax,SystemKeyValue
        mov     eax,SystemKeys[4*eax-4*HKEY_CLASSES_ROOT]
;EAX = string address

oh
and, if you look at the community content, you will see this blog link
http://www.sepago.de/e/holger/2010/07/20/how-long-can-a-registry-key-name-really-be
he failed to mention which OS's it was tested under,
but it would seem prudent to provide at least 257 bytes for the key name buffer
260 makes a nice length because it helps to keep other data 4-aligned

[xandaz]

   also i still dont know why some values dont enumerate. For example HKEY_LOCAL_MACHINE\Software\WinRar for example doesnt enumerate file associations. Do you know why? Thanks. Bye

[dedndave]

it could be a permissions issue
do you have these problems in HKEY_CURRENT_USER ?
that is one where you should be able to read everything

no WinRar, here

[xandaz]

   Well dave. It enumerate a few values but far from doing it all. Maybe it has nothing to do with RegEnumValue. Maybe its something else. I'll look into it. Hey btw.
if i do RegOpenKey,HKEY_CLASSES_ROOT,'HKEY_CLASSES_ROOT\.376',addr hKey will it work alright or should i omit HKEY_CLASSES_ROOT in lpSubKey? I'm saying this because i did it like this Bye and thanks a lot

[xandaz]

   Preciselly what i was talking about. It's working now. Thanks a lot and here it goes an almost final version.
   Thanks guys you're the  best.