English
Assembler Forum

Problemchen with ZwOpenKey

 
Hello...

stand time again on the Hose.
with folgendem ASM View source (windows2000/XP) goes me ZwOpenKey into pants. What do I do wrong?
CompileMarkSeparation
.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;                                  I N C L U D E   F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
include masm32includew2k
tstatus.inc
include masm32includew2k
tdll.inc
includelib masm32libw2k
tdll.lib
;für Test
include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc
include masm32includedebug.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
includelib masm32libdebug.lib
.data
COUNTED_ANSI_STRING dw 0,0,0,0
ANSI db "RegistryMachineSoftwareMister Root",0
Object_Attrib dd 24,0,0,64,0,0
LSA_Unicode dw 0,518,0,0
Unicode db 0 dup(518)
ACCESS_RIGHTS dd 1
KeyHandle dd 0
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;                                         C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
start:
invoke RtlInitAnsiString,addr COUNTED_ANSI_STRING,addr ANSI
PrintDec eax," Rückgabe von RtlInitAnsiString "
lea ebx,COUNTED_ANSI_STRING
mov ax,[ebx+0]
PrintDec ax," Länge des Strings "
mov ax,[ebx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ebx+4]
PrintStringByAddr eax
lea ebx,LSA_Unicode
mov ax,518
mov [ebx+2],ax
lea eax,Unicode
mov [ebx+4],eax
invoke RtlAnsiStringToUnicodeString,addr LSA_Unicode,addr COUNTED_ANSI_STRING,NULL
PrintDec eax," Rückgabe von RtlAnsiStringToUnicodeString "
lea ebx,LSA_Unicode
mov ax,[ebx+0]
PrintDec ax," Länge des Strings "
mov ax,[ebx+2]
PrintDec ax," Länge des Bereichs "
lea ebx,Object_Attrib
PrintDec ebx," Adresse der Object_Attributes Struktur"
Lea eax,LSA_Unicode
PrintDec eax," Adresse der LSA_Unicode Struktur "
mov [ebx+8],eax
invoke ZwOpenKey,addr KeyHandle,ACCESS_RIGHTS,addr Object_Attrib
PrintDec eax," Rückgabe von ZwOpenKey "
PrintDec KeyHandle,"Handle des Schlüssels "
invoke ZwClose,KeyHandle
PrintDec eax," Rückgabe von ZwClose"
invoke ExitProcess,0
end href='./../../Function-References/XProfan/start/'>start

here the working Profan-View source moreover:
CompileMarkSeparation
Def @RtlInitUnicodeString(2) !"NTDLL","RtlInitAnsiString"
Def @RtlInitUnicodeString(2) !"NTDLL","RtlInitUnicodeString"
Def @RtlAnsiStringToUnicodeString(3) !"NTDLL","RtlAnsiStringToUnicodeString"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
DEF @FormatMessage(7) !"KERNEL32","FormatMessageA"
Def @RtlInitAnsiString(2) !"NTDLL","RtlInitAnsiString"
Def @ZwOpenKey(3) !"NTDLL","ZwOpenKey"
Def @ZwClose(1) !"NTDLL","ZwClose"
Def @ZwQueryValueKey(6) !"NTDLL","ZwQueryValueKey"
Declare LSA_Unicode#,ANSI$,Unicode#,Fehler&,Ansi#
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare KeyHandle&,Status_Block&,Object_Attributes#,Key_Infos#,Needed&
Windowstyle 31
Window Title "Registryschlüssel read with Kernel Mode APIs"
Window 0,0-640,440
LET ANSI$="\Registry\Machine\software\Mister Root"
Dim Ansi#,8
DIM Unicode#,514
DIM LSA_Unicode#,8
WORD LSA_Unicode#,0=0
WORD LSA_Unicode#,2=512
LONG LSA_Unicode#,4=UNICODE#
@RtlInitAnsiString(Ansi#,@ADDR(ANSI$))
LET Fehler&=@RtlAnsiStringToUnicodeString(LSA_Unicode#,Ansi#,0)
Print @Char$(UNICODE#,0,@LEN(ANSI$)*2)
DIM Object_Attributes#,24
Clear Object_Attributes#
Long Object_Attributes#,0=24
Long Object_Attributes#,4=0
Long Object_Attributes#,8=LSA_Unicode#
Long Object_Attributes#,12=$40
LET FEHLER&=@ZwOpenKey(@ADDR(KeyHandle&),$30019,Object_Attributes#)
Let Fehler&=-2147483646
LET AHRÜCKGABE&=@LsaNtStatusToWinError(Fehler&)
Fehlercode_bestimmen
PRINT "ZwOpenKey: "+AHGETERROR_Buffer$
PRINT "ZwClose: "+AHGETERROR_Buffer$
Dispose Unicode#
Dispose LSA_Unicode#
Dispose Key_Infos#

While 0=0

    Waitinput

wend

End

Proc Fehlercode_bestimmen

    DIM AHGETERROR_Buffer#,32000
    @FormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Error Code in Landesspezifische Message circa.
    Let AHGETERROR_Buffer$=@trim$(@STRING$(AHGETERROR_Buffer#,0))
    Dispose AHGETERROR_Buffer#

Endproc

 
10/28/06  
 




Frank
Abbing
Meldet by me -2147483646. What exactly fit because not. i want I do not The whole APIs reinzuziehen must. Mister Root Have so did i not installs, bad?
 
10/28/06  
 




Frank
Abbing
mov ax,518

Should not 512 heissen?
 
10/28/06  
 



Aua, is correct Yes! The Registrykey, the there opened go should, must present his. usually must there 0 stand - in the Profanversion skin the too so there.
The problem lying well with ZwOpenKey. I mehme at times, I have of Profan irgenwas wrong transfer....
 
10/28/06  
 




Frank
Abbing
DIM Object_Attributes#,24
Clear Object_Attributes#
Long Object_Attributes#,0=24
Long Object_Attributes#,4=0
Long Object_Attributes#,8=LSA_Unicode#
Long Object_Attributes#,12=$40

this part missing. sees me important from.
 
10/28/06  
 



I Have a couple Bytes dazugegeben - on the 518 liegts well not.
 
10/28/06  
 




Frank
Abbing
well, at least that here: Long Object_Attributes#,8=LSA_Unicode#
 
10/28/06  
 



[quote:621fb5c12d=Frank Abbing]DIM Object_Attributes#,24
Clear Object_Attributes#
Long Object_Attributes#,0=24
Long Object_Attributes#,4=0
Long Object_Attributes#,8=LSA_Unicode#
Long Object_Attributes#,12=$40

this part missing. sees me important from.[/quote:621fb5c12d]
These structure Have I Object_Attrib called. I take too on, that I there somewhere Mist built have.
 
10/28/06  
 



[quote:d53730bdc1=Frank Abbing]well, at least that here: Long Object_Attributes#,8=LSA_Unicode#[/quote:d53730bdc1]
have I so attempts:
CompileMarkSeparation
lea ebx,Object_Attrib
PrintDec ebx," Adresse der Object_Attributes Struktur"
Lea eax,LSA_Unicode
PrintDec eax," Adresse der LSA_Unicode Struktur "
mov [ebx+8],eax
/pre>
 
10/28/06  
 



somehow stand I on the Schlau...
probably make I with the Declaration the variables irgeneinen stupid Anfängerfehler, whom I do not erkenne. who can me help (here once more what, what not goes... )
CompileMarkSeparation
.386
.model flat, stdcall
option casemap:none
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;                                  I N C L U D E   F I L E S
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;für Test
include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc
include masm32includedebug.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
includelib masm32libdebug.lib
;include masm32includew2k
tdef.inc
include masm32includew2k
tstatus.inc
include masm32includew2k
tdll.inc
includelib masm32libw2k
tdll.lib
IFNDEF UNICODE_STRING
UNICODE_STRING STRUCT
_Length		WORD	?		; len of string in bytes (not chars)
MaximumLength	WORD	?		; len of Buffer in bytes (not chars)
Buffer			PWSTR	?		; pointer to string
UNICODE_STRING ENDS
PUNICODE_STRING	typedef	PTR UNICODE_STRING

ENDIF

UNICODE_NULL	equ 0
OBJECT_ATTRIBUTES STRUCT		; sizeof = 18h
dwLength					DWORD			? ; original name Length
RootDirectory				HANDLE			?
ObjectName					PUNICODE_STRING	?
Attributes					DWORD			?
SecurityDescriptor			PVOID			? ; Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService	PVOID			? ; Points to type SECURITY_QUALITY_OF_SERVICE
OBJECT_ATTRIBUTES ENDS
.data
MsgCaption      db "Iczelions tutorial no.2",0
MsgBoxText      db "Win32 Assembly is Great!",0
KeyHandle dd 0
Disposition dd 0
LSA_Unicode dw 512,514,0,0
COUNTED_ANSI_STRING dw 0,0,0,0
ANSI db "RegistryMachineSoftwareMister Root",0
ACCESS_RIGHTS dd 196633
Unicode db 518 dup(?)
.data?
POBJECT_ATTRIBUTES OBJECT_ATTRIBUTES <>
;::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;                                         C O D E
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.code
start:
invoke RtlInitAnsiString,addr COUNTED_ANSI_STRING,addr ANSI
PrintDec eax," Rückgabe von RtlInitAnsiString "
lea ecx,COUNTED_ANSI_STRING
mov ax,[ecx+0]
PrintDec ax," Länge des Strings "
mov ax,[ecx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ecx+4]
PrintStringByAddr eax
lea ecx,LSA_Unicode
lea eax,Unicode
mov [ecx+4],eax
invoke RtlAnsiStringToUnicodeString,addr LSA_Unicode,addr COUNTED_ANSI_STRING,0
PrintDec eax," Rückgabe von RtlAnsiStringToUnicodeString "
lea ecx,LSA_Unicode
mov ax,[ecx+0]
PrintDec ax," Länge des Strings "
mov ax,[ecx+2]
PrintDec ax," Länge des Bereichs "
mov eax,[ecx+4]
PrintDec eax," Adresse des Unicode-Strings "
mov POBJECT_ATTRIBUTES.dwLength,24
mov POBJECT_ATTRIBUTES.RootDirectory,NULL
lea ecx,LSA_Unicode
mov POBJECT_ATTRIBUTES.ObjectName,ecx
mov POBJECT_ATTRIBUTES.Attributes,64
mov POBJECT_ATTRIBUTES.SecurityDescriptor,NULL
mov POBJECT_ATTRIBUTES.SecurityQualityOfService,NULL
lea  ecx,POBJECT_ATTRIBUTES
PrintDec ecx," Adresse der Object_Attributes Struktur"
lea eax,LSA_Unicode
PrintDec eax," Adresse der LSA_Unicode Struktur "
mov [ecx+8],eax
invoke ZwOpenKey,addr KeyHandle,ACCESS_RIGHTS,addr POBJECT_ATTRIBUTES
;invoke ZwCreateKey,addr KeyHandle,ACCESS_RIGHTS,addr POBJECT_ATTRIBUTES,0,0,0,addr Disposition
PrintDec eax," Rückgabe von ZwOpenKey "
PrintDec KeyHandle,"Handle des Schlüssels "
invoke ZwClose,KeyHandle
PrintDec eax," Rückgabe von ZwClose"
invoke MessageBox, NULL,addr MsgBoxText, addr MsgCaption, MB_OK
invoke ExitProcess,=s2>0
end start
 
10/29/06  
 



Please clutching one stupid MASM Beginner, the first a day with the Language bypassing, something under The poor - Yes?
 
10/29/06  
 



who me tommorrow The OBJECT_ATTRIBUTES structure once more distinguished. would be Yes laughed, if I not on The row get.
 
10/30/06  
 




Answer


Topictitle, max. 100 characters.
 

Systemprofile:

no Systemprofil laid out. [anlegen]

XProfan:

 Posting  Font  Smilies  ▼ 

Please register circa a Posting To verfassen.
 

Topic-Options

9.168 Views

Untitledvor 0 min.
iF11/28/14
funkheld12/29/13
p.specht09/14/13

Themeninformationen

this Topic has 3 subscriber:

unbekannt (11x)
Frank Abbing (6x)
iF (1x)


Admins  |  AGB  |  Applications  |  Authors  |  Chat  |  Privacy Policy  |  Download  |  Entrance  |  Help  |  Merchantportal  |  Imprint  |  Mart  |  Interfaces  |  SDK  |  Services  |  Games  |  Search  |  Support

One proposition all XProfan, The there's!


My XProfan
Private Messages
Own Storage Forum
Topics-Remember-List
Own Posts
Own Topics
Clipboard
Log off
 Deutsch English Français Español Italia
Translations

Privacy Policy


we use Cookies only as Session-Cookies because of the technical necessity and with us there no Cookies of Drittanbietern.

If you here on our Website click or navigate, stimmst You ours registration of Information in our Cookies on XProfan.Net To.

further Information To our Cookies and moreover, How You The control above keep, find You in ours nachfolgenden Datenschutzerklärung.


all rightDatenschutzerklärung
i want none Cookie