windows registry

[Danesh]

Hi all,

I have almost no experience using Windows XP Registry. I want to first get and then change the value subkey "test" under the key, lets say "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009". Can anybody help to find out how?
Should I first open the key and then how get it and then write new value? I have found registry functions of Windows API but I don't know how to
translate address above to call the functions.

Regards,

Danesh

[zooba]

You could have suggested almost any other registry key and gotten a straight answer easily. By suggesting one related to networking drivers that under no circumstances should you need to change, you're simply asking to not get an answer.

I just spent 30 seconds and found one example that comes with MASM32. If I'd gone to Google I would have been even quicker. Why don't you try one of those?

Cheers,

Zooba :U

[Danesh]

Zooba,

You could give me any clue about it and yes, this is about network configurations. However, it is absolutely not your business why I intend to change these keys or not, but you better know that I am aware of that posts which are related to hacking and/or any harmful program are not allowed in this forum. In more detail, these keys are about MAC address and I wish to be able to get them for my code to be able to read that and change it if
necessary. The reason of this, again is not your business.

Regards,

Danesh

[Draakie]

LOL  :P

Danesh - it would help to be polite. I understand your quick defensive posture - but please realize Zooba
was only sincerely trying to help. MAC spoofing is as old as the hills and as Zooba correctly pointed out
there are millions of examples floating around - should be a quick and easy conversion to ASM.

PPS : This from http://windowsir.blogspot.com/ .........

The MAC Daddy
I received a question in my inbox today regarding locating a system's MAC address within an image of a system, and I thought I'd share the response I provided...

"The path to the key that tells you which NICs are/were in use on the system is:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards Beneath this key, you will see a set of subkeys, each with different numbers;on my system, I see "10", "12", and "2".  Each of these keys contains values; Description and ServiceName. The ServiceName value contains the GUIDfor the interface. Using the GUIDs, go to:HKLM\SYSTEM\ControlSet00x\Services\Tcpip\Parameters \Interfaces*Be sure to use the ControlSet marked as "Current".Beneath this key, you'll see subkeys with names that are GUIDs.  You're interested in the GUIDs you found beneath the previous key.  Within each key,you will find the values associated with that interface. By default, Windows does not retain the MAC address in the Registry.  I'm aware that there are sites out there that say that it does, but they are incorrect...at least, with regards to this key.  If you *do* find an entry within the "Interfaces" key above that contains a value such as "NetworkAddress", it is either specific to the NIC/vendor, or it's being used to spoof the MAC address (this is a known method). Also check the following key for subkeys that contain a "NetworkAddress" value: HKLM\SYSTEM\ControlSet001\Control\Class    \{4D36E972-E325-11CE-BFC1-08002bE10318} Other places you can look for the MAC address:*Sometimes* (not in all cases) if you find the following key, you may find a valuenamed "MAC", as well: HKLM\SOFTWARE\Microsoft\Windows Genuine Advantage Another place to look is Windows shortcut (*.lnk) files...Windows File Analyzeris a GUI tool that parses directories worth of *.lnk files and one of the fields thatmay be populated is the MAC address of the system."I thought others might find this helpful as well...

PPPS: see also http://flipsidereality.com/blog/?cat=13

THEN when all your piglets are in a row - have a look at
http://www.masm32.com/board/index.php?topic=2061.msg16395   - from Shaka_Zulu

[zooba]

You could give me any clue about it

I believe I did. MASM32 comes with an example of exactly what you are after, MSDN has examples in C that are trivial to translate (since it is all API calls), Google will find exactly what you are after and a forum search for "windows registry" (taken from your topic title) finds 5 pages of results. Add that to the clues you already had and you should be fine.

Cheers,

Zooba :U

[Draakie]

Informative extra.....
PPPPS : MAC spoofing is and has been for quite some time a very unreliable/non-foolproof/stupid to even try/
           useless/accademic exercise only - method of trying to hide your identity. So can no longer be classified
          as an attempt at illicet activity...... BUT then again that's my humble opinion.