I am trying to translate a code made in C into assembly (FASM) but I can't get it to work. The code tries to create an entry in the registry so that when the machine starts it is executed.
Code in C that works perfectly:
#include <windows.h>
#include <string.h>
int main(int argc, char* argv[]) {
HKEY hkey = NULL;
const char* exe = "C:\\2022-05-14-program\\init.exe";
// startup
LONG res = RegOpenKeyEx(HKEY_CURRENT_USER, (LPCSTR)"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0 , KEY_WRITE, &hkey);
if (res == ERROR_SUCCESS) {
// create new registry key
RegSetValueEx(hkey, (LPCSTR)"hack", 0, REG_SZ, (unsigned char*)exe, strlen(exe));
RegCloseKey(hkey);
}
return 0;
}
Code in assembly (FASM) that does not work:
.data
hkey dd 0
exe db 'C:\2022-05-14-program\init.exe'
cad db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
name db 'hack2',0
KEY_WRITE = 0x00020006
HKEY_CURRENT_USER = 80000001h
REG_SZ = 1
start :
push hkey ; Address of DWORD for the handle value.
push KEY_WRITE
push 0
push cad
push HKEY_CURRENT_USER
push [RegOpenKeyEx]
push 30 ; Equivalent "SIZE" in fasm?
push exe
push REG_SZ
push 0
push name
push [hkey] ; The actual handle value (not its address!)
call [RegSetValueEx]
push [hkey]
call [RegCloseKey]
push 0 ; Errorlevel.
call [ExitProcess]
.end start
I can see that in the C code it loads perfectly but in the assembly code it doesn't. For this I used the following PowerShell command:
reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
Compiles perfectly but no log entry is generated, I hope someone helps me.
Instead of
push [RegOpenKeyEx]you shouldcall [RegOpenKeyEx].Also look at your data in debugger. Windows API expects single backslash in path, check whether your assembler uses \ as an escape character, like C does.
I have tried it in my toolchain and it worked: