Making a registry key

Expand Post »

Is there someone who can help me with this ?
I also put some comments with some questions as well.

Thanks.

Assembly Syntax (Toggle Plain Text)
; crypt3.asm This is supposed to making a registry key, but isn't.
;            Compiles OK, but not working at present.
;            Help from Paul Brennick,
.386               
.model flat, stdcall
option casemap:none
 
include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
include     \masm32\include\user32.inc
include     \masm32\include\advapi32.inc
includelib  \masm32\lib\user32.lib
includelib  \masm32\lib\kernel32.lib
includelib  \masm32\lib\advapi32.lib
 
GetKey          PROTO
GenKey          PROTO :DWORD
EncryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
 
.DATA
    ; This is a very simple pseudo-encrypted block, it is not meant to
    ; be secure in any way and is very easy to decrypt by anyone at all.
    ; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
    ; It is used in GetKey to generate an encryption key for passwords
    ; but I didn't want to just leave it in ansi so everyone could see.
    ; It requires Key# 152715150 to decrypt it
 
 
    mark1       db "Start" ; see where this is at and what's in here
                    ; 52 characters
    cryptdata   DB  05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
                DB  09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
                DB  02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
                DB  0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
                DB  020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
                DB  080h,070h
 
    mark2       db "End"
    ValueOK     db "Registry key added OK",0  
    Sample      db "BOX",0
.CODE
 
start:
 
call    GetKey
invoke  ExitProcess,0
 
GetKey PROC
 
    LOCAL   KSRegKey[256] :BYTE
    LOCAL   KeyString[64] :BYTE
    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
    LOCAL   uDataCode :DWORD
    LOCAL   cbRead :DWORD
 
    ;invoke  RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
    ;int 3
 
     ; Key we're trying to make
     ; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId
 
    invoke  RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
            REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition
 
  .IF EAX == ERROR_SUCCESS
   invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
  .ENDIF
 
    ;int 3
    or      eax, eax
    jz      @F
    xor     eax, eax
    dec     eax
    ret
@@:
    mov     DWORD PTR [cbRead], 64
 
    ; what is this doing ?
    invoke  RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
            ADDR KeyString, ADDR cbRead
 
    invoke  RegCloseKey, [hRegKey]
    invoke  GenKey, ADDR KeyString
    ;int 3
    xor     eax, eax
    RET
 
GetKey ENDP
 
GenKey PROC uses edi esi lpKeyString:DWORD
 
    invoke  lstrlen, [lpKeyString] ; return length in bytes of the string
    mov     edi, 0
    mov     ecx, eax
    mov     esi, [lpKeyString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx]
    add     edi, eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    clc
    ret
 
GenKey ENDP
 
EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
 
    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 6
    xor     eax, [CryptKey]
    ror     eax, 5
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret
 
EncryptString ENDP
 
DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD
 
    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 5
    xor     eax, [CryptKey]
    ror     eax, 6
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret
 
DecryptString ENDP
 
END start
; crypt3.asm This is supposed to making a registry key, but isn't.
;            Compiles OK, but not working at present.
;            Help from Paul Brennick,
.386               
.model flat, stdcall
option casemap:none

include     \masm32\include\windows.inc
include     \masm32\include\kernel32.inc
include     \masm32\include\user32.inc
include     \masm32\include\advapi32.inc
includelib  \masm32\lib\user32.lib
includelib  \masm32\lib\kernel32.lib
includelib  \masm32\lib\advapi32.lib

GetKey          PROTO
GenKey          PROTO :DWORD
EncryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD
DecryptString   PROTO :DWORD, :DWORD, :DWORD, :DWORD

.DATA
    ; This is a very simple pseudo-encrypted block, it is not meant to
    ; be secure in any way and is very easy to decrypt by anyone at all.
    ; It says "SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId"
    ; It is used in GetKey to generate an encryption key for passwords
    ; but I didn't want to just leave it in ansi so everyone could see.
    ; It requires Key# 152715150 to decrypt it


    mark1       db "Start" ; see where this is at and what's in here
                    ; 52 characters
    cryptdata   DB  05Ah,04Fh,0C4h,0D8h,052h,053h,0ECh,0FAh,044h,04Bh
                DB  09Ah,0B6h,018h,00Fh,0AEh,0AEh,030h,039h,0F0h,0DEh
                DB  02Eh,00Dh,080h,0AEh,012h,037h,0F0h,0F6h,016h,035h
                DB  0ACh,0BAh,020h,039h,0E4h,0BAh,018h,037h,09Ah,0AEh
                DB  020h,0D1h,0E8h,094h,022h,019h,0A2h,0B6h,014h,043h
                DB  080h,070h

    mark2       db "End"
    ValueOK     db "Registry key added OK",0  
    Sample      db "BOX",0
.CODE

start:

call    GetKey
invoke  ExitProcess,0

GetKey PROC

    LOCAL   KSRegKey[256] :BYTE
    LOCAL   KeyString[64] :BYTE
    LOCAL   hRegKey :DWORD
    LOCAL   Disposition :DWORD
    LOCAL   uDataCode :DWORD
    LOCAL   cbRead :DWORD

    ;invoke  RtlSecureZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  RtlZeroMemory, ADDR KSRegKey, sizeof KSRegKey
    invoke  DecryptString, OFFSET cryptdata, 152715150, ADDR KSRegKey, 13
    ;int 3

     ; Key we're trying to make
     ; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion",0,"ProductId

    invoke  RegCreateKeyEx, HKEY_LOCAL_MACHINE, ADDR KSRegKey, NULL, NULL,\
            REG_OPTION_NON_VOLATILE, KEY_READ, NULL, ADDR hRegKey, ADDR Disposition

  .IF EAX == ERROR_SUCCESS
   invoke MessageBox, 0, ADDR ValueOK, ADDR Sample,MB_ICONINFORMATION
  .ENDIF

    ;int 3
    or      eax, eax
    jz      @F
    xor     eax, eax
    dec     eax
    ret
@@:
    mov     DWORD PTR [cbRead], 64

    ; what is this doing ?
    invoke  RegQueryValueEx, [hRegKey], ADDR KSRegKey+42, NULL, ADDR uDataCode,\
            ADDR KeyString, ADDR cbRead

    invoke  RegCloseKey, [hRegKey]
    invoke  GenKey, ADDR KeyString
    ;int 3
    xor     eax, eax
    RET

GetKey ENDP

GenKey PROC uses edi esi lpKeyString:DWORD

    invoke  lstrlen, [lpKeyString] ; return length in bytes of the string
    mov     edi, 0
    mov     ecx, eax
    mov     esi, [lpKeyString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx]
    add     edi, eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    clc
    ret

GenKey ENDP

EncryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD

    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 6
    xor     eax, [CryptKey]
    ror     eax, 5
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret

EncryptString ENDP

DecryptString PROC uses edi esi lpDataString:DWORD, CryptKey:DWORD, lpOutString:DWORD, cbdata:DWORD

    mov     ecx, [cbdata]
    mov     edi, [lpOutString]
    mov     esi, [lpDataString]
@@:
    push    ecx
    dec     ecx
    mov     eax, [esi+ecx*4]
    rol     eax, 5
    xor     eax, [CryptKey]
    ror     eax, 6
    mov     [edi+ecx*4], eax
    pop     ecx
    dec     ecx
    or      ecx, ecx
    jnz     @B
    ret

DecryptString ENDP

END start

Similar Threads

about registry key . . . in Visual Basic 4 / 5 / 6
I want to manipulate the registry key values through a vb.net application in VB.NET
Prevent a registry key from deletion in C#
Problems with opening and editing a registry key with C++ in C++
deleting registry key for error code 19 in Windows NT / 2000 / XP

deutsch

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

8 posts
since Mar 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Assembly Forum Timeline: Assembly Project

Next Thread in Assembly Forum Timeline: QuickSort in MIPS64

DaniWeb Message

Cancel Changes

User Name
Password