Functions to handle the registry

Started by Vortex, May 11, 2025, 12:34:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Vortex

May 11, 2025, 12:34:53 PM Last Edit: May 13, 2025, 09:16:54 AM by Vortex
Here is function to read the value in a specific registry subkey :

Code Select
include     ReadRegistryString.inc

.data

subkey      db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
ValName     db 'ProductName',0

.data?

buffer      db 128 dup(?)

.code

ReadRegString PROC hKey:DWORD,pSubkey:DWORD,val:DWORD,buff:DWORD

LOCAL Handle:DWORD
LOCAL buffSize:DWORD

    mov     buffSize,128
    invoke  RegOpenKeyEx,hKey,pSubkey,0,\
            KEY_QUERY_VALUE,ADDR Handle
    test    eax,eax
    jnz     _exit
   
    xor     ecx,ecx
    invoke  RegQueryValueEx,Handle,val,ecx,\
            ecx,buff,ADDR buffSize
           
    invoke  RegCloseKey,Handle
    test    eax,eax
    setz    al

_exit:

    ret

ReadRegString ENDP

start:

    invoke  ReadRegString,HKEY_LOCAL_MACHINE,\
            ADDR subkey,ADDR ValName,ADDR buffer

    invoke  StdOut,ADDR buffer

    invoke  ExitProcess,0

END start
The code above retrieves the operating system from the registry.
Code it... That's all...

Quin

#1
May 11, 2025, 03:56:47 PM
Cool stuff, thanks Vortex!
Use the assembly, Luke.

Vortex

#2
May 13, 2025, 09:17:48 AM
Hi Quin,

Thanks. New upload at the top. With thanks to Timo, I fixed an error. This line is inserted :

Code Select
    mov     buffSize,128
Code it... That's all...

Vortex

#3
May 13, 2025, 02:07:13 PM
Hello,

Here is the 64-bit version :

Code Select
include     ReadRegistryString.inc

.data

subkey      db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
ValName     db 'ProductName',0

.data?

buffer      db 128 dup(?)

.code

ReadRegString PROC hKey:QWORD,pSubkey:QWORD,val:QWORD,buff:QWORD PARMAREA=6*SIZEOF QWORD

LOCAL Handle:QWORD
LOCAL buffSize:QWORD
LOCAL _val:QWORD
LOCAL _buff:QWORD

    mov     _val,val
    mov     _buff,buff
    mov     buffSize,128

    invoke  RegOpenKeyEx,hKey,pSubkey,0,\
            KEY_QUERY_VALUE,ADDR Handle
    test    rax,rax
    jnz     _exit
   
    invoke  RegQueryValueEx,Handle,_val,0,\
            0,_buff,ADDR buffSize
           
    invoke  RegCloseKey,Handle
    test    rax,rax
    setz    al

_exit:

    ret

ReadRegString ENDP

start:

    sub     rsp,4*8+8
    invoke  ReadRegString,HKEY_LOCAL_MACHINE,\
            ADDR subkey,ADDR ValName,ADDR buffer

    invoke  StdOut,ADDR buffer

    invoke  ExitProcess,0

END start
Code it... That's all...
Print
Go Up Pages1
User actions