Go to breakpoint, then go one instruction at a time

[skywalker]

There is a problem with one/both RegCloseKey statements.
Maybe:

1. Their order should be reversed
2. Something else is needed in the code

What I want Ollydbg to do is go to my breakpoints and stop so I can see what's going on.
Then go one instruction at a time. This computer F-keys does their own thing.

Thanks. 

; creatsub.asm  Create a subkey of an existing registry key
;               Help from AsmER,
;               SLOW and EASY with this code !!!
.386

.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE

    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\advapi32.inc

    include \masm32\macros\macros.asm

    includelib  \masm32\lib\kernel32.lib
    includelib  \masm32\lib\user32.lib
    includelib  \masm32\lib\advapi32.lib

.DATA

APPKey        BYTE "Marzipan", 0
SecondKey     BYTE "basement", 0
Opened_Key    BYTE "Registry Key sucessfully opened.",0
No_Key        BYTE "Registry Key not present!",0
Key_Closed    BYTE "Sub_Key creation suceeded.",0
Problem       BYTE "Problem closing Registry Key !",0
Sample       BYTE  "Sample",0               ; title of message box

.DATA?

RegH         PHKEY      ? ; Handle for registry key DON'T use ADDR with these!
SubRegKey    PHKEY      ?

.CODE

Start:

jmp Next

Fill   db   "db eax",0

Next:

invoke RegOpenKey, HKEY_CURRENT_USER, ADDR APPKey, ADDR RegH   ;to get handle of already created
                                                               ;registry key.

.IF EAX == ERROR_SUCCESS

invoke MessageBox, 0, ADDR Opened_Key, ADDR Sample,MB_ICONINFORMATION

.ELSE

invoke MessageBox, 0, ADDR No_Key, ADDR Sample,MB_ICONINFORMATION
invoke ExitProcess, 0  ; exit, we have a problem

.ENDIF

invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey  ;to create or open    
                                                   ;already existing sub reg. key

invoke RegCloseKey,  RegH      ; close handle for reg. key
int 3
invoke RegCloseKey,  SubRegKey ; close handle for reg. key
int 3
.IF EAX == ERROR_SUCCESS

invoke MessageBox, 0, ADDR Key_Closed, ADDR Sample,MB_ICONINFORMATION

.ELSE ; something's amiss

invoke MessageBox, 0, ADDR Problem, ADDR Sample,MB_ICONINFORMATION

.ENDIF

invoke ExitProcess, 0

END Start

[zooba]

Either set up Olly as your JIT debugger (there's menu options to do this) and run normally. Then when it crashes choose 'Debug'.

Alternatively, open it in Olly and hit Run. When it reaches the first int3 it will stop :U

BTW:

Code Select Expand

invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey  ;to create or open

should be

Code Select Expand

invoke RegCreateKey, RegH, ADDR SecondKey, ADDR SubRegKey  ;to create or open

Cheers,

Zooba

[skywalker]

Code Select Expand

invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey  ;to create or open

should be

Code Select Expand

invoke RegCreateKey, RegH, ADDR SecondKey, ADDR SubRegKey  ;to create or open

Cheers,

Zooba

Doing your suggestion knocked out my regedit again.

Stand in the corner for 5 minutes. :-)

[zooba]

I don't understand how this could have knocked out your regedit, unless you're modifying different values than you're showing in your example code.

According to MSDN, an address is expected there. You've correctly used the address in your RegOpenKey statement, so I don't see the trouble here. Also, you really should be using Reg(Open|Create)Ex, since the non-ex versions are for compatibility only.

[evlncrn8]

olly code window , right click, select goto expression, type in RegCloseKey, set a breakpoint, run your program, start tracing.. f8 single step trace in olly.. have fun, and read the manual, and like before read the documentation on the registry on msdn, you're going round in circles

[donkey]

Do not create a key that is a direct subkey of HKEY_CURRENT_USER, use the Software hive to hold any of your keys..

APPKey  BYTE "Software\skywalker\Marzipan", 0

Windows expects certain values as principle keys and Marzipan is not one of them, the HKEY_CURRENT_USER\Software hive is set aside to store your values and you should be using it.

If regedit will not open the registry hive file then try the "simple registry browser" in WinExplorer, you have source level control of that application (I have supplied the source code with the distribution) and it will allow you to browse the registry and find the problem, it will also demonstrate how to properly use the registry, there are examples of just about every registry function in WinExplorer, key creation, modification, reading, enumeration and information queries.

[skywalker]

Do not create a key that is a direct subkey of HKEY_CURRENT_USER, use the Software hive to hold any of your keys..

APPKey  BYTE "Software\skywalker\Marzipan", 0

Windows expects certain values as principle keys and Marzipan is not one of them, the HKEY_CURRENT_USER\Software hive is set aside to store your values and you should be using it.

If regedit will not open the registry hive file then try the "simple registry browser" in WinExplorer, you have source level control of that application (I have supplied the source code with the distribution) and it will allow you to browse the registry and find the problem, it will also demonstrate how to properly use the registry, there are examples of just about every registry function in WinExplorer, key creation, modification, reading, enumeration and information queries.

Your recommendation is different than what MS documentation says.

[skywalker]

I don't understand how this could have knocked out your regedit, unless you're modifying different values than you're showing in your example code.

According to MSDN, an address is expected there. You've correctly used the address in your RegOpenKey statement, so I don't see the trouble here. Also, you really should be using Reg(Open|Create)Ex, since the non-ex versions are for compatibility only.

The code I posted is what I compiled. We'll get this figured out at some point.

I forgot who told me this, but I do take notes.
I need to know what's the truth here so I can be sucessful in learning.

Thanks.

RegH         PHKEY      ? ; Handle for registry key DON'T use ADDR with these!

[donkey]

Your recommendation is different than what MS documentation says.

Absolutely not, MSDN and Microsoft have always been very clear about the structure of the registry and where applications should store data...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/categories_of_data.asp

[Ghirai]

Doing your suggestion knocked out my regedit again.

Stand in the corner for 5 minutes. :-)

Clearly you need to supply a POINTER, and you didn't do so in your original code ::)

[skywalker]

Doing your suggestion knocked out my regedit again.

Stand in the corner for 5 minutes. :-)

Clearly you need to supply a POINTER, and you didn't do so in your original code ::)

No one has been able to spot the problem, but I found the answer to how to use RegCreateKeyEx properly
from another gentleman along with some other APIs I need.

Interestingly, his source quoted Hutch as a big help to him.

It does use the older assembly style, but it's helped me understand it better since it shows more steps.

Outta here.

[zooba]

Could you share?

[donkey]

Could you share?

What difference does it make if he shares or not, these are extremely simple APIs to use. This whole waste of thread should have been a no-brainer from the beginning.

[zooba]

I want to know what I did wrong that knocked out his regedit... umm... so I... err... don't ever do it again... :wink  :bdg

Just kidding, I'll be good :U

[evlncrn8]

Could you share?

What difference does it make if he shares or not, these are extremely simple APIs to use. This whole waste of thread should have been a no-brainer from the beginning.

100% agree with you there, a simple look at existing code, and / or reading the information on msdn would have given him all the information he needed, and posting the same thing on many boards just shows that he is unwilling to learn