Discussion:
Ping Rudy: lpSecurityAttributes
(too old to reply)
T
2020-04-02 08:29:10 UTC
Permalink
Hi Rudy,

https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regcreatekeyexw

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa379560(v=vs.85)

How would you assembly code?

lpSecurityAttributes

A pointer to a SECURITY_ATTRIBUTES structure that
determines whether the returned handle can be
inherited by child processes. If lpSecurityAttributes
is NULL, the handle cannot be inherited.

c++

typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;


Currently, randomly, when I make the above call,
my program just exists without an error code and
I don't get my new key. I am suspicious that
sending lpSecurityAttributes a 0x0000 is not the
right thing to do.

Many thanks,
-T
T
2020-04-02 10:14:19 UTC
Permalink
Post by T
Hi Rudy,
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regcreatekeyexw
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa379560(v=vs.85)
How would you assembly code?
     lpSecurityAttributes
     A pointer to a SECURITY_ATTRIBUTES structure that
     determines whether the returned handle can be
     inherited by child processes. If lpSecurityAttributes
     is NULL, the handle cannot be inherited.
     c++
     typedef struct _SECURITY_ATTRIBUTES {
         DWORD  nLength;
         LPVOID lpSecurityDescriptor;
         BOOL   bInheritHandle;
     } SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
Currently, randomly, when I make the above call,
my program just exists without an error code and
I don't get my new key.  I am suspicious that
sending lpSecurityAttributes a 0x0000 is not the
right thing to do.
Many thanks,
-T
Hi Rudy,

I was just to on the M$ forum, that sending it a NULL,
caused the function to create default security descriptions,
which was what I am after.

-T
R.Wieser
2020-04-02 11:03:43 UTC
Permalink
T,
Post by T
I was just to on the M$ forum, that sending it a NULL,
caused the function to create default security descriptions,
Which, by the way, is true for most all functions using security
descriptors.
Post by T
Currently, randomly, when I make the above call,
my program just exists without an error code and
I don't get my new key.
Outof pure curiosity, what was than the cause of the above ?

Regards,
Rudy Wieser
T
2020-04-02 11:43:26 UTC
Permalink
Post by R.Wieser
T,
Post by T
I was just to on the M$ forum, that sending it a NULL,
caused the function to create default security descriptions,
Which, by the way, is true for most all functions using security
descriptors.
Post by T
Currently, randomly, when I make the above call,
my program just exists without an error code and
I don't get my new key.
Outof pure curiosity, what was than the cause of the above ?
Regards,
Rudy Wieser
That is what I am trying to figure out. When I call
RegCreateKeyEx and sometimes it works and sometimes
it does not. When it does not work, my program
exits without an error code. Reproduces in W10 and W7
R.Wieser
2020-04-02 12:13:47 UTC
Permalink
T
Post by T
When it does not work, my program
exits without an error code.
That normally means you tried to read or write into memory you do not own.
And in your case that probably means that one of the by-pointer arguments is
not supplied as such.

The below works for me:

lea eax,[@@hKey] ;a DWORD
lea edx,[@@lDisp] ;a DWORD
call RegCreateKeyExA, HKEY_LOCAL_MACHINE, offset @@TXT_Key, \
0, 0, 0, KEY_ALL_ACCESS, 0, eax, edx

(offset @@TXT_Key : pointer to a zero-terminated string)

Hope that helps.

Regards,
Rudy Wieser
T
2020-04-02 12:31:44 UTC
Permalink
Post by R.Wieser
T
Post by T
When it does not work, my program
exits without an error code.
That normally means you tried to read or write into memory you do not own.
And in your case that probably means that one of the by-pointer arguments is
not supplied as such.
0, 0, 0, KEY_ALL_ACCESS, 0, eax, edx
Hope that helps.
Regards,
Rudy Wieser
Hmmmmm. I will check! I wonder if a C-string is not
terminated properly with a null and I am careening.
T
2020-04-02 22:19:11 UTC
Permalink
Post by R.Wieser
T
Post by T
When it does not work, my program
exits without an error code.
That normally means you tried to read or write into memory you do not own.
And in your case that probably means that one of the by-pointer arguments is
not supplied as such.
0, 0, 0, KEY_ALL_ACCESS, 0, eax, edx
Hope that helps.
Regards,
Rudy Wieser
Hmmmmm.  I will check!  I wonder if a C-string is not
terminated properly with a null and I am careening.
Figured out the ghost problem. You called it. Details
tomorrow.
T
2020-04-03 21:41:10 UTC
Permalink
Post by R.Wieser
Post by T
When it does not work, my program
exits without an error code.
That normally means you tried to read or write into memory you do not own.
And in your case that probably means that one of the by-pointer arguments is
not supplied as such.
Hi Rudy,

You called it again. Dang you are good at this stuff!

Okay. The problem was me trying to be responsible and
clean up after myself with nf-winbase-localfree.

I either did not understand what nf-winbase-localfree
did or I tripped across a bug in Kernel32.dll or both.

Local Free:

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-localfree

This created a situation you described where I was writing
to memory that was not my own. This exited my program
without an error message.

Removing nf-winbase-localfree from my RegCloseKey sub
cured the issue.

Thank you!!!!!

-T
R.Wieser
2020-04-04 07:34:35 UTC
Permalink
T,
Post by T
You called it again. Dang you are good at this stuff!
:-) Actually, I assumed it had something to do with your "RegCreateKeyExA"
call declaration, but just (non-intentional) stated it vague enough that it
applied elsewhere too. In other words, I got lucky.
Post by T
I either did not understand what nf-winbase-localfree
did
...
Post by T
Removing nf-winbase-localfree from my RegCloseKey sub cured the issue.
Which means you are now likely "bleeding resources" (filling up memory)...
:-(

I assume you used "LocalAlloc" somewhere earlier? If so I suggest you
display the resulting handle value (in EAX), and check if you still have the
same value just before the "LocalFree" call. They should (ofcourse) be the
same.

Also, check if you are not perhaps trying to use that memory after you
free'd it ...

Regards,
Rudy Wieser
T
2020-04-05 01:01:10 UTC
Permalink
Post by R.Wieser
T,
Post by T
You called it again. Dang you are good at this stuff!
:-) Actually, I assumed it had something to do with your "RegCreateKeyExA"
call declaration, but just (non-intentional) stated it vague enough that it
applied elsewhere too. In other words, I got lucky.
Post by T
I either did not understand what nf-winbase-localfree
did
...
Post by T
Removing nf-winbase-localfree from my RegCloseKey sub cured the issue.
Which means you are now likely "bleeding resources" (filling up memory)...
:-(
I assume you used "LocalAlloc" somewhere earlier? If so I suggest you
display the resulting handle value (in EAX), and check if you still have the
same value just before the "LocalFree" call. They should (ofcourse) be the
same.
Also, check if you are not perhaps trying to use that memory after you
free'd it ...
Regards,
Rudy Wieser
First thing I do is call RegOpenKey. I do
my business, then I call RegCloseKey.

Don't know what LocalAlloc is, so I am
no using it. The Rakuy module for calling
system API's may though.
R.Wieser
2020-04-05 06:12:20 UTC
Permalink
T,
Post by T
First thing I do is call RegOpenKey. I do
my business, then I call RegCloseKey.
In that case I have no idea how that "LocalFree" crept in there ...
Post by T
Don't know what LocalAlloc is, so I am
no using it.
Its used to request some memory from the system (at runtime), so you can put
your own data (strings, etc) into it. (as opposed to declaring variables
at design time).

But yes. If you try to free some memory you did not request first than that
is quite likely the cause of those
crashes.
Post by T
The Rakuy module for calling
system API's may though.
It might, and is not even unlikely. But it than normally manages them
silently (within itself).

Regards,
Rudy Wieser
T
2020-04-05 12:27:40 UTC
Permalink
Post by R.Wieser
T,
Post by T
First thing I do is call RegOpenKey. I do
my business, then I call RegCloseKey.
In that case I have no idea how that "LocalFree" crept in there ...
I put it there. I thought I was being responsible.
Post by R.Wieser
Post by T
Don't know what LocalAlloc is, so I am
no using it.
Its used to request some memory from the system (at runtime), so you can put
your own data (strings, etc) into it. (as opposed to declaring variables
at design time).
But yes. If you try to free some memory you did not request first than that
is quite likely the cause of those
crashes.
Post by T
The Rakuy module for calling
system API's may though.
It might, and is not even unlikely. But it than normally manages them
silently (within itself).
That is what it seems to me
Post by R.Wieser
Regards,
Rudy Wieser
R.Wieser
2020-04-05 15:11:17 UTC
Permalink
T,
Post by T
I put it there. I thought I was being responsible.
In that case, what did you think you where free'ing ?

And just in case: yes, you should close the registry handles you've opened
(using RegCloseKey). :-)

Regards,
Rudy Wieser

T
2020-04-05 01:22:20 UTC
Permalink
Post by T
You called it again. Dang you are good at this stuff!
:-) Actually, I assumed it had something to do with your "RegCreateKeyExA"
call declaration, but just (non-intentional) stated it vague enough that it
applied elsewhere too. In other words, I got lucky.
I don't think you realize the talent you have.

:-)
Loading...