There is a problem with one/both RegCloseKey statements.
Maybe:
1. Their order should be reversed
2. Something else is needed in the code
What I want Ollydbg to do is go to my breakpoints and stop so I can see what's going on.
Then go one instruction at a time. This computer F-keys does their own thing.
Thanks.
; creatsub.asm Create a subkey of an existing registry key
; Help from AsmER,
; SLOW and EASY with this code !!!
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
include \masm32\macros\macros.asm
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\advapi32.lib
.DATA
APPKey BYTE "Marzipan", 0
SecondKey BYTE "basement", 0
Opened_Key BYTE "Registry Key sucessfully opened.",0
No_Key BYTE "Registry Key not present!",0
Key_Closed BYTE "Sub_Key creation suceeded.",0
Problem BYTE "Problem closing Registry Key !",0
Sample BYTE "Sample",0 ; title of message box
.DATA?
RegH PHKEY ? ; Handle for registry key DON'T use ADDR with these!
SubRegKey PHKEY ?
.CODE
Start:
jmp Next
Fill db "db eax",0
Next:
invoke RegOpenKey, HKEY_CURRENT_USER, ADDR APPKey, ADDR RegH ;to get handle of already created
;registry key.
.IF EAX == ERROR_SUCCESS
invoke MessageBox, 0, ADDR Opened_Key, ADDR Sample,MB_ICONINFORMATION
.ELSE
invoke MessageBox, 0, ADDR No_Key, ADDR Sample,MB_ICONINFORMATION
invoke ExitProcess, 0 ; exit, we have a problem
.ENDIF
invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey ;to create or open
;already existing sub reg. key
invoke RegCloseKey, RegH ; close handle for reg. key
int 3
invoke RegCloseKey, SubRegKey ; close handle for reg. key
int 3
.IF EAX == ERROR_SUCCESS
invoke MessageBox, 0, ADDR Key_Closed, ADDR Sample,MB_ICONINFORMATION
.ELSE ; something's amiss
invoke MessageBox, 0, ADDR Problem, ADDR Sample,MB_ICONINFORMATION
.ENDIF
invoke ExitProcess, 0
END Start
Either set up Olly as your JIT debugger (there's menu options to do this) and run normally. Then when it crashes choose 'Debug'.
Alternatively, open it in Olly and hit Run. When it reaches the first int3 it will stop :U
BTW:
invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey ;to create or open
should be
invoke RegCreateKey, RegH, ADDR SecondKey, ADDR SubRegKey ;to create or open
Cheers,
Zooba
Quote from: zooba on March 15, 2006, 08:08:05 PM
invoke RegCreateKey, RegH, ADDR SecondKey, SubRegKey ;to create or open
should be
invoke RegCreateKey, RegH, ADDR SecondKey, ADDR SubRegKey ;to create or open
Cheers,
Zooba
Doing your suggestion knocked out my regedit again.
Stand in the corner for 5 minutes. :-)
I don't understand how this could have knocked out your regedit, unless you're modifying different values than you're showing in your example code.
According to MSDN, an address is expected there. You've correctly used the address in your RegOpenKey statement, so I don't see the trouble here. Also, you really should be using Reg(Open|Create)Ex, since the non-ex versions are for compatibility only.
olly code window , right click, select goto expression, type in RegCloseKey, set a breakpoint, run your program, start tracing.. f8 single step trace in olly.. have fun, and read the manual, and like before read the documentation on the registry on msdn, you're going round in circles
Do not create a key that is a direct subkey of HKEY_CURRENT_USER, use the Software hive to hold any of your keys..
APPKey BYTE "Software\skywalker\Marzipan", 0
Windows expects certain values as principle keys and Marzipan is not one of them, the HKEY_CURRENT_USER\Software hive is set aside to store your values and you should be using it.
If regedit will not open the registry hive file then try the "simple registry browser" in WinExplorer (http://www.masmforum.com/simple/index.php?topic=3803.0), you have source level control of that application (I have supplied the source code with the distribution) and it will allow you to browse the registry and find the problem, it will also demonstrate how to properly use the registry, there are examples of just about every registry function in WinExplorer, key creation, modification, reading, enumeration and information queries.
Quote from: donkey on March 16, 2006, 09:49:30 AM
Do not create a key that is a direct subkey of HKEY_CURRENT_USER, use the Software hive to hold any of your keys..
APPKey BYTE "Software\skywalker\Marzipan", 0
Windows expects certain values as principle keys and Marzipan is not one of them, the HKEY_CURRENT_USER\Software hive is set aside to store your values and you should be using it.
If regedit will not open the registry hive file then try the "simple registry browser" in WinExplorer (http://www.masmforum.com/simple/index.php?topic=3803.0), you have source level control of that application (I have supplied the source code with the distribution) and it will allow you to browse the registry and find the problem, it will also demonstrate how to properly use the registry, there are examples of just about every registry function in WinExplorer, key creation, modification, reading, enumeration and information queries.
Your recommendation is different than what MS documentation says.
Quote from: zooba on March 16, 2006, 07:41:51 AM
I don't understand how this could have knocked out your regedit, unless you're modifying different values than you're showing in your example code.
According to MSDN, an address is expected there. You've correctly used the address in your RegOpenKey statement, so I don't see the trouble here. Also, you really should be using Reg(Open|Create)Ex, since the non-ex versions are for compatibility only.
The code I posted is what I compiled. We'll get this figured out at some point.
I forgot who told me this, but I do take notes.
I need to know what's the truth here so I can be sucessful in learning.
Thanks.
RegH PHKEY ? ; Handle for registry key DON'T use ADDR with these!
Quote from: skywalkerYour recommendation is different than what MS documentation says.
Absolutely not, MSDN and Microsoft have always been very clear about the structure of the registry and where applications should store data...
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/categories_of_data.asp
Quote from: skywalker on March 15, 2006, 08:31:19 PM
Doing your suggestion knocked out my regedit again.
Stand in the corner for 5 minutes. :-)
Clearly you need to supply a
POINTER, and you didn't do so in your original code ::)
Quote from: Ghirai on March 16, 2006, 01:56:04 PM
Quote from: skywalker on March 15, 2006, 08:31:19 PM
Doing your suggestion knocked out my regedit again.
Stand in the corner for 5 minutes. :-)
Clearly you need to supply a POINTER, and you didn't do so in your original code ::)
No one has been able to spot the problem, but I found the answer to how to use RegCreateKeyEx properly
from another gentleman along with some other APIs I need.
Interestingly, his source quoted Hutch as a big help to him.
It does use the older assembly style, but it's helped me understand it better since it shows more steps.
Outta here.
Could you share?
Quote from: zooba on March 18, 2006, 07:24:06 AM
Could you share?
What difference does it make if he shares or not, these are extremely simple APIs to use. This whole waste of thread should have been a no-brainer from the beginning.
I want to know what I did wrong that knocked out his regedit... umm... so I... err... don't ever do it again... :wink :bdg
Just kidding, I'll be good :U
Quote from: donkey on March 18, 2006, 07:38:01 AM
Quote from: zooba on March 18, 2006, 07:24:06 AM
Could you share?
What difference does it make if he shares or not, these are extremely simple APIs to use. This whole waste of thread should have been a no-brainer from the beginning.
100% agree with you there, a simple look at existing code, and / or reading the information on msdn would have given him all the information he needed, and posting the same thing on many boards just shows that he is unwilling to learn