Here is function to read the value in a specific registry subkey :
include ReadRegistryString.inc
.data
subkey db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
ValName db 'ProductName',0
.data?
buffer db 128 dup(?)
.code
ReadRegString PROC hKey:DWORD,pSubkey:DWORD,val:DWORD,buff:DWORD
LOCAL Handle:DWORD
LOCAL buffSize:DWORD
mov buffSize,128
invoke RegOpenKeyEx,hKey,pSubkey,0,\
KEY_QUERY_VALUE,ADDR Handle
test eax,eax
jnz _exit
xor ecx,ecx
invoke RegQueryValueEx,Handle,val,ecx,\
ecx,buff,ADDR buffSize
invoke RegCloseKey,Handle
test eax,eax
setz al
_exit:
ret
ReadRegString ENDP
start:
invoke ReadRegString,HKEY_LOCAL_MACHINE,\
ADDR subkey,ADDR ValName,ADDR buffer
invoke StdOut,ADDR buffer
invoke ExitProcess,0
END start
The code above retrieves the operating system from the registry.
Cool stuff, thanks Vortex!
Hi Quin,
Thanks. New upload at the top. With thanks to Timo, I fixed an error. This line is inserted :
mov buffSize,128
Hello,
Here is the 64-bit version :
include ReadRegistryString.inc
.data
subkey db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
ValName db 'ProductName',0
.data?
buffer db 128 dup(?)
.code
ReadRegString PROC hKey:QWORD,pSubkey:QWORD,val:QWORD,buff:QWORD PARMAREA=6*SIZEOF QWORD
LOCAL Handle:QWORD
LOCAL buffSize:QWORD
LOCAL _val:QWORD
LOCAL _buff:QWORD
mov _val,val
mov _buff,buff
mov buffSize,128
invoke RegOpenKeyEx,hKey,pSubkey,0,\
KEY_QUERY_VALUE,ADDR Handle
test rax,rax
jnz _exit
invoke RegQueryValueEx,Handle,_val,0,\
0,_buff,ADDR buffSize
invoke RegCloseKey,Handle
test rax,rax
setz al
_exit:
ret
ReadRegString ENDP
start:
sub rsp,4*8+8
invoke ReadRegString,HKEY_LOCAL_MACHINE,\
ADDR subkey,ADDR ValName,ADDR buffer
invoke StdOut,ADDR buffer
invoke ExitProcess,0
END start