在汇编语言中使用Windows注册表功能 [英] Using Windows Registry Functions in Assembly Language

问题描述

我正在尝试使用Windows注册表功能在汇编语言的"Software \ Microsoft \ Windows \ CurrentVersion \ Run"项中创建注册表项.我的程序崩溃并显示Windows错误消息.这是代码:

I am trying to use the Windows registry functions to create a registry key in the 'Software\Microsoft\Windows\CurrentVersion\Run' key in assembly language. My program crashes and displays a Windows error message. Here is the code:

includelib \Masm64\Lib\Kernel32.lib
includelib \Masm64\Lib\Advapi32.lib
extrn ExitProcess : proc
extrn RegCreateKeyExA : proc

dseg segment para 'DATA'
rhdl dd 0
sbky db 'Software\Microsoft\Windows\CurrentVersion\Run\startupprogram.exe', 0
dseg ends

cseg segment para 'CODE'
start proc                   ;Use link.exe to define entry point
sub rsp, 28h

push 0
push qword ptr [rhdl]
push 0
push 0
push 0
xor r9d, r9d
xor r8d, r8d
lea rdx, [sbky]
mov rcx, 8000001h
call RegCreateKeyExA

xor ecx, ecx        ; exit code = 0
call ExitProcess
start endp
cseg ends
end

感谢您的帮助.也许我没有理会Windows调用约定?

I would appreciate your help. Perhaps I have disregarded the Windows calling convention?

推荐答案

在Win64 x64调用约定中，您必须为在寄存器中传递的四个参数保留堆栈槽:

In the Win64 x64 calling convention you have to reserve stack slots for the four arguments passed in the registers:

来自 http://msdn.microsoft.com/en-us/library/ms235286.aspx :

调用者负责为被调用者分配参数空间，并且即使被调用者没有那么多参数，也必须始终为4个寄存器参数分配足够的空间.

The caller is responsible for allocating space for parameters to the callee, and must always allocate sufficient space for the 4 register parameters, even if the callee doesn’t have that many parameters.

因此，RegCreateKeyExA()函数将您压入堆栈的最后四件事视为为四个寄存器参数保留的位置，然后尝试从第一个push 0获取其他参数，然后将任意随机垃圾放入内存中.您使用sub rsp,28h保留的堆栈区域.

So the RegCreateKeyExA() function is treating the last four things you pushed onto the stack as locations reserved for the four register arguments, then is trying to get the other arguments from the first push 0 then whatever random garbage is in the area of the stack you reserved with the sub rsp,28h.

尝试:

push 0
push qword ptr [rhdl]
push 0
push 0
push 0
sub rsp, 20h   ; reserve slots for arguments passed in regs
xor r9d, r9d
xor r8d, r8d
lea rdx, [sbky]
mov rcx, 8000001h
call RegCreateKeyExA

这篇关于在汇编语言中使用Windows注册表功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！