'I can't get an application to run on Windows startup ASM (Registry)
I am trying to translate a code made in C into assembly (FASM) but I can't get it to work. The code tries to create an entry in the registry so that when the machine starts it is executed.
Code in C that works perfectly:
#include <windows.h>
#include <string.h>
int main(int argc, char* argv[]) {
HKEY hkey = NULL;
const char* exe = "C:\\2022-05-14-program\\init.exe";
// startup
LONG res = RegOpenKeyEx(HKEY_CURRENT_USER, (LPCSTR)"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0 , KEY_WRITE, &hkey);
if (res == ERROR_SUCCESS) {
// create new registry key
RegSetValueEx(hkey, (LPCSTR)"hack", 0, REG_SZ, (unsigned char*)exe, strlen(exe));
RegCloseKey(hkey);
}
return 0;
}
Code in assembly (FASM) that does not work:
.data
hkey dd 0
exe db 'C:\2022-05-14-program\init.exe'
cad db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
name db 'hack2',0
KEY_WRITE = 0x00020006
HKEY_CURRENT_USER = 80000001h
REG_SZ = 1
start :
push hkey ; Address of DWORD for the handle value.
push KEY_WRITE
push 0
push cad
push HKEY_CURRENT_USER
push [RegOpenKeyEx]
push 30 ; Equivalent "SIZE" in fasm?
push exe
push REG_SZ
push 0
push name
push [hkey] ; The actual handle value (not its address!)
call [RegSetValueEx]
push [hkey]
call [RegCloseKey]
push 0 ; Errorlevel.
call [ExitProcess]
.end start
I can see that in the C code it loads perfectly but in the assembly code it doesn't. For this I used the following PowerShell command:
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
Compiles perfectly but no log entry is generated, I hope someone helps me.
Solution 1:[1]
Instead of push [RegOpenKeyEx] you should call [RegOpenKeyEx].
Also look at your data in debugger. Windows API expects single backslash in path, check whether your assembler uses \ as an escape character, like C does.
I have tried it in my toolchain and it worked:
; Source saved as pabeni.asm
; Created with "euroasm.exe pabeni.asm"
; Debugged with "ollydbg.exe pabeni.exe"
; Checked with "regedt32.exe"
EUROASM
pabeni PROGRAM FORMAT=PE, ENTRY=start
[.data]
hkey dd 0
exe db 'C:\2022-05-14-program\init.exe'
cad db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
name db 'hack2',0
KEY_WRITE = 0x00020006
HKEY_CURRENT_USER = 80000001h
REG_SZ = 1
IMPORT RegOpenKeyExA,RegSetValueExA,RegCloseKey,LIB=Advapi32.dll
IMPORT ExitProcess,LIB=kernel32.dll
[.text]
start:
push hkey ; Address of DWORD for the handle value.
push KEY_WRITE
push 0
push cad
push HKEY_CURRENT_USER
call RegOpenKeyExA
push SIZE# exe ; 30 characters. Not zero-terminated.
push exe
push REG_SZ
push 0
push name
push [hkey] ; The actual handle value (not its address!)
call RegSetValueExA
push [hkey]
call RegCloseKey
push 0 ; Errorlevel.
call ExitProcess
ENDPROGRAM pabeni
Solution 2:[2]
I finally solved it, I attach the code:
.data
hkey dd 0
exe db 'C:\2022-05-14-program\init.exe',0
cad db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
name db 'hackoll'
start :
push hkey ; Address of DWORD for the handle value.
push KEY_WRITE
push 0
push cad
push HKEY_CURRENT_USER
call [RegOpenKeyEx]
push exe
call[lstrlen]
push eax
push exe
push REG_SZ
push 0
push name
push [hkey] ; The actual handle value (not its address!)
call [RegSetValueEx]
push [hkey]
call [RegCloseKey]
push 0 ; Errorlevel.
call [ExitProcess]
.end start
Thank you all very much for your enormous effort in helping :)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | pabeni |