General question about accessing the system registry

Started by Shooter, December 19, 2010, 10:44:34 PM

Previous topic - Next topic

Shooter

I'm trying to read the ComputerName from the system registry, but it keeps coming back as Not Found. Do I need to load the hive, or do something extravagant first before RegOpenKeyEx,HKEY_LOCAL_MACHINE,addr lpszSubKey,0,KEY_QUERY_VALUE,addr hKey?

Thanks,
-Shooter
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

Gunner

What OS? 

Also, show some code so we can figure it out... what is the value of lpszSubKey
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

Shooter

Quote from: Gunner on December 19, 2010, 10:55:16 PM
What OS? 

Also, show some code so we can figure it out... what is the value of lpszSubKey

Windows XP (version and type need to be a little loose for what I have in mind, but mine is Pro SP3.)

    lpszSubKey DB  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName",0
    lpszValueName   DB  "ComputerName",0


See attached.

-Shooter
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

dedndave

#3
it's not extravagant - a little tedious, perhaps   :P

       .DATA
VBufLen  dd sizeof Buffer
szSubkey db 'SOFTWARE\Microsoft\Windows\CurrentVersion',0
szValue  db 'Version',0

       .DATA?
hKey    dd ?
ValType dd ?
Buffer  db 1024 dup(?)

       .CODE

       INVOKE  RegOpenKeyEx,HKEY_LOCAL_MACHINE,addr szSubkey,NULL,KEY_QUERY_VALUE,addr hKey

that should return a 0 in eax and place a handle in hKey
if eax is not 0, you can call GetLastError to get the error code

once the subkey is open, you can read a value
the problem here is, you have no way of knowing the length of the required buffer
you can assign an oversize buffer
or, you can make an attempt with the buffer size set to 0
the function will return, telling you how many bytes you need
you may then allocate space with an Alloc or on the stack
assigning a large buffer is easier   :P
to make the example simple, we'll just use a 1 Kb buffer
       INVOKE  RegQueryValueEx,hKey,addr szValue,NULL,addr ValType,addr Buffer,addr VBufLen

Shooter

So you need a pointer to the Buffer Length in RegQueryValueEx, not just SizeOf RegQueryValueEx?

-Shooter
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

dedndave

oh - and it helps if you...
        INCLUDE    \masm32\include\advapi32.inc
        INCLUDELIB \masm32\lib\advapi32.lib

dedndave

yes - it recieves the length required
it is an input/ouput parm

Gunner

Quote from: dedndave on December 19, 2010, 11:12:21 PM

the problem here is, you have no way of knowing the length of the required buffer
you can assign an oversize buffer
or, you can make an attempt with the buffer size set to 0
the function will return, telling you how many bytes you need
you may then allocate space with an Alloc or on the stack
assigning a large buffer is easier   :P
to make the example simple, we'll just use a 1 Kb buffer
       INVOKE  RegQueryValueEx,hKey,addr szValue,NULL,addr ValType,addr Buffer,addr VBufLen

Actually, we do know the size of the value...  well, we can get the size of the value....
invoke RegQueryValueEx, hSourceKey, addr ValueName, NULL, NULL, NULL, addr DefValueLen
.if eax == ERROR_SUCCESS
invoke HeapAlloc, hMainHeap, HEAP_ZERO_MEMORY, DefValueLen


if lpData is NULL, RegQueryValueEx will return ERROR_SUCCESS and store the size of the value in lpcbData!  :bg
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

Gunner

Quote from: Shooter on December 19, 2010, 11:17:02 PM
So you need a pointer to the Buffer Length in RegQueryValueEx, not just SizeOf RegQueryValueEx?

-Shooter
Yes, otherwise how does the os know how much to read/write..
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

Gunner

If you have a fast connection, I would recommend downloading the PSDK from MS or bookmark MSDN otherwise you will not get far working with the registry or programming for that matter....
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

Shooter

Quote from: dedndave on December 19, 2010, 11:19:37 PM
yes - it recieves the length required
it is an input/ouput parm

Hmm, seems like an extra step rather that just stating the length of it, but alas, I didn't design the call so I reckon I'll have to keep it in mind when I get past this first error.

Thanks, Dave.

And yep, already had those includes.   :bg

-Shooter

Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

Shooter

Quote from: Gunner on December 19, 2010, 11:24:03 PM
If you have a fast connection, I would recommend downloading the PSDK from MS or bookmark MSDN otherwise you will not get far working with the registry or programming for that matter....

I was looking for that to download just the other day, but all the links that I found were dead.  :(

Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

dedndave


Shooter

Dave,
I have a Win32 help file that contains that, but having a larger set of help files on hand is definitely a plus since I travel a lot  :bg (internet connections vary).

However, I'm almost back to my original question... do I have my Key setup wrong? Why would I be getting "ERROR_FILE_NOT_FOUND" when I copied it directly from Regedit?

-Shooter
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

dedndave

well - you are not following the steps   :P

step 1) open the key and subkey (HKEY_LOCAL_MACHINE and "SOFTWARE\Microsoft\Windows\CurrentVersion" in my example)
step 2) read the registry value under that key

which step is failing ?
are you getting a valid handle from RegOpenKeyEx ???
if not, use GetLastError to retrieve an error code

post your updated code