Assembly

Assembly RSS

Making a registry key

•

Join Date: Mar 2006

Posts: 8

Reputation: deutsch is an unknown quantity at this point

Solved Threads: 0

deutsch

Offline

Newbie Poster

Making a registry key

Apr 6th, 2006

Is there someone who can help me with this ?
I also put some comments with some questions as well.

Thanks.

 Help with Code Tags 
 Assembly Syntax (Toggle Plain Text) 
; crypt3.asm This is supposed to making a registry key, but isn't.
;            Compiles OK, but not working at present.
;            Help from Paul Brennick,
.386               
.model flat, stdcall
option casemap:none
 
include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
include     \masm32\include\user32.inc
include     \masm32\include\advapi32.inc
includelib  \masm32\lib\user32.lib
includelib  \masm32\lib\kernel32.lib
includelib  \masm32\lib\advapi32.lib
 
GetKey          PROTO
GenKey          PROTO :DWORD
EncryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
 
.DATA
    ; This is a very simple pseudo-encrypted block, it is not meant to
    ; be secure in any way and is very easy to decrypt by anyone at all.
    ; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
    ; It is used in GetKey to generate an encryption key for passwords
    ; but I didn't want to just leave it in ansi so everyone could see.
    ; It requires Key# 152715150 to decrypt it
 
 
    mark1       db "Start" ; see where this is at and what's in here
                    ; 52 characters
    cryptdata   DB  05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
                DB  09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
                DB  02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
                DB  0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
                DB  020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
                DB  080h,070h
 
    mark2       db "End"
    ValueOK     db "Registry key added OK",0  
    Sample      db "BOX",0
.CODE
 
start:
 
call    GetKey
invoke  ExitProcess,0
 
GetKey PROC
 
    LOCAL   KSRegKey[256] :BYTE
    LOCAL   KeyString[64] :BYTE
    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
    LOCAL   uDataCode :DWORD
    LOCAL   cbRead :DWORD
 
    ;invoke  RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
    ;int 3
 
     ; Key we're trying to make
     ; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId
 
    invoke  RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
            REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
 
  .IF EAX == ERROR_SUCCESS
   invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
  .ENDIF
 
    ;int 3
    or      eax, eax
    jz      @F
    xor     eax, eax
    dec     eax
    ret
@@:
    mov     DWORD PTR [cbRead], 64
 
    ; what is this doing ?
    invoke  RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
            ADDR KeyString, ADDR cbRead
 
    invoke  RegCloseKey, [hRegKey]
    invoke  GenKey, ADDR KeyString
    ;int 3
    xor     eax, eax
    RET
 
GetKey ENDP
 
GenKey PROC uses edi esi lpKeyString:DWORD
 
    invoke  lstrlen, [lpKeyString] ; return length in bytes of the string
    mov     edi, 0
    mov     ecx, eax
    mov     esi, [lpKeyString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx]
    add     edi, eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    clc
    ret
 
GenKey ENDP
 
EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
 
    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 6
    xor     eax, [CryptKey]
    ror     eax, 5
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret
 
EncryptString ENDP
 
DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
 
    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 5
    xor     eax, [CryptKey]
    ror     eax, 6
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret
 
DecryptString ENDP
 
END start
; crypt3.asm This is supposed to making a registry key, but isn't.
;            Compiles OK, but not working at present.
;            Help from Paul Brennick,
.386               
.model flat, stdcall
option casemap:none

include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
include     \masm32\include\user32.inc
include     \masm32\include\advapi32.inc
includelib  \masm32\lib\user32.lib
includelib  \masm32\lib\kernel32.lib
includelib  \masm32\lib\advapi32.lib

GetKey          PROTO
GenKey          PROTO :DWORD
EncryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD

.DATA
    ; This is a very simple pseudo-encrypted block, it is not meant to
    ; be secure in any way and is very easy to decrypt by anyone at all.
    ; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
    ; It is used in GetKey to generate an encryption key for passwords
    ; but I didn't want to just leave it in ansi so everyone could see.
    ; It requires Key# 152715150 to decrypt it


    mark1       db "Start" ; see where this is at and what's in here
                    ; 52 characters
    cryptdata   DB  05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
                DB  09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
                DB  02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
                DB  0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
                DB  020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
                DB  080h,070h

    mark2       db "End"
    ValueOK     db "Registry key added OK",0  
    Sample      db "BOX",0
.CODE

start:

call    GetKey
invoke  ExitProcess,0

GetKey PROC

    LOCAL   KSRegKey[256] :BYTE
    LOCAL   KeyString[64] :BYTE
    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
    LOCAL   uDataCode :DWORD
    LOCAL   cbRead :DWORD

    ;invoke  RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
    ;int 3

     ; Key we're trying to make
     ; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId

    invoke  RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
            REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition

  .IF EAX == ERROR_SUCCESS
   invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
  .ENDIF

    ;int 3
    or      eax, eax
    jz      @F
    xor     eax, eax
    dec     eax
    ret
@@:
    mov     DWORD PTR [cbRead], 64

    ; what is this doing ?
    invoke  RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
            ADDR KeyString, ADDR cbRead

    invoke  RegCloseKey, [hRegKey]
    invoke  GenKey, ADDR KeyString
    ;int 3
    xor     eax, eax
    RET

GetKey ENDP

GenKey PROC uses edi esi lpKeyString:DWORD

    invoke  lstrlen, [lpKeyString] ; return length in bytes of the string
    mov     edi, 0
    mov     ecx, eax
    mov     esi, [lpKeyString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx]
    add     edi, eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    clc
    ret

GenKey ENDP

EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD

    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 6
    xor     eax, [CryptKey]
    ror     eax, 5
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret

EncryptString ENDP

DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD

    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 5
    xor     eax, [CryptKey]
    ror     eax, 6
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret

DecryptString ENDP

END start