Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C++ register string value error


  • Please log in to reply
27 replies to this topic

#1 KaZu

KaZu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 03:46 AM

Hello all, I got some problem with these functions: RegCreateKey, RegSetValueEx,RegQueryValueEx,RegOpenKeyEx and I dont need a URL to msdn. The problem is that its working 2/3 :-).
Output in the register should be like this:
Name: Test
Type: REG_SZ
Data: C:\WINDOWS\system32\test.exe

But I get this:
Name: Test
Type: REG_SZ
Data: [][][][][][][][][][][][][][]

My code is below, do anyone see the problem?
hope you dont mind to help me :-).
//KaZu



#include <windows.h>
#include <stdio.h>
#include <winuser.h>

#define BUFSIZE 120
int test_key(void);
int create_key(char *);
int main(void)
{
char *path = new char[40];
path ="C:\\WINDOWS\\system32\\test.exe";

int test,create; // just holders to get the return value from functions

test=test_key(); /*check if key is available for opening*/

if (test==2)/*create key*/
{
//*the path in which the file needs to be*/
create=create_key(path);
}


int test_key(void) // function to check if we could open the register and check the value for specified name
{
int check;
HKEY hKey;
char path[BUFSIZE];
DWORD buf_length=BUFSIZE;
int reg_key;

reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEX("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),0,KEY_QUERY_VALUE,&hKey); // Open register
if(reg_key!=ERROR_SUCCESS)// If the value isnt ERROR_SUCCESS it have failed and returns a error, set the check = 1
{
check=1;
return check;
}

reg_key=RegQueryValueEx(hKey,TEXT("test"),NULL,NULL,(LPBYTE)path,&buf_length); // Get value for"test"

if((reg_key!=0)||(buf_length>BUFSIZE))
check=2;

if(reg_key==0)
check=0;

RegCloseKey(hKey); // Just close the key
return check;
}


int create_key(char *path)
{
int reg_key,check;
HKEY hkey;

reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),&hkey); // Create a key
if(reg_key==0)
{
RegSetValueEx((HKEY)hkey,TEXT("test"),0,REG_SZ,((LPBYTE)path),(sizeof(path))+1); // Set the value
check=0;
return check;
}
if(reg_key!=0)
check=1;

RegCloseKey(hkey); // close the key
return check;
}

Edited by KaZu, 11 May 2009 - 03:48 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 12:30 PM

You're mixing ANSI and Unicode. Use wchar_t for your character arrays.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 01:06 PM

int create_key(wchar_t *);

wchar_t *path = new wchar_t[40];
path ="C:\\WINDOWS\\system32\\test.exe"; <-- some error here now

int create_key(wchar_t *path)

whats the problem?

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:14 PM

Posted 11 May 2009 - 01:48 PM

whats the problem?


How are we supposed to know? We're not the ones sitting in front of your keyboard and monitor. A monitor, I might add, that maybe has an error message on it? :thumbsup:

#5 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 01:52 PM

Im sorry for the bad information, It was just a question to Billy, but I fixed some of that now I changed it to:

wchar_t *path = new wchar_t[40];
path = L"C:\\WINDOWS\\system32\\test.exe";

Now the value in data is "C:" of some reason, I want the whole path :S

#6 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 01:56 PM

Here is the new code if it helps and you get any ideas.

#include <windows.h>
#include <stdio.h>
#include <winuser.h>


#define BUFSIZE 120
int test_key(void);
int create_key(wchar_t *);
int main(void)
{

wchar_t *path = new wchar_t[40];
path = L"C:\\WINDOWS\\system32\\test.exe";




int test,create;
test=test_key();/*check if key is available for opening*/

if (test==2)/*create key*/
{
//*the path in which the file needs to be*/
create=create_key(path);
}
}

int test_key(void)
{
int check;
HKEY hKey;
//char path[BUFSIZE];
wchar_t path[BUFSIZE];
DWORD buf_length=BUFSIZE;
int reg_key;

reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),0,KEY_QUERY_VALUE,&hKey);
if(reg_key!=ERROR_SUCCESS)
{
check=1;
return check;
}

reg_key=RegQueryValueEx(hKey,TEXT("test"),NULL,NULL,(LPBYTE)path,&buf_length);

if((reg_key!=0)||(buf_length>BUFSIZE))
check=2;
if(reg_key==0)
check=0;

RegCloseKey(hKey);
return check;
}

int create_key(wchar_t *path)
{
int reg_key,check;

HKEY hkey;

reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),&hkey);
if(reg_key==0)
{
RegSetValueEx((HKEY)hkey,TEXT("test"),0,REG_SZ,((LPBYTE)path),(sizeof(path))+1);
check=0;
return check;
}
if(reg_key!=0)
check=1;

RegCloseKey(hkey);
return check;
}

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 02:23 PM

Here is the new code if it helps and you get any ideas.

#include <windows.h>
#include <stdio.h>
#include <winuser.h>


#define BUFSIZE 120
int test_key(void);
int create_key(wchar_t *);
int main(void)
{

wchar_t *path = new wchar_t[40];
path = L"C:\\WINDOWS\\system32\\test.exe";




int test,create;
test=test_key();/*check if key is available for opening*/

if (test==2)/*create key*/
{
//*the path in which the file needs to be*/
create=create_key(path);
}
}

int test_key(void)
{
int check;
HKEY hKey;
//char path[BUFSIZE];
wchar_t path[BUFSIZE];
DWORD buf_length=BUFSIZE;
int reg_key;

reg_key=RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),0,KEY_QUERY_VALUE,&hKey);
if(reg_key!=ERROR_SUCCESS)
{
check=1;
return check;
}

reg_key=RegQueryValueEx(hKey,TEXT("test"),NULL,NULL,(LPBYTE)path,&buf_length);

if((reg_key!=0)||(buf_length>BUFSIZE))
check=2;
if(reg_key==0)
check=0;

RegCloseKey(hKey);
return check;
}

int create_key(wchar_t *path)
{
int reg_key,check;

HKEY hkey;

reg_key=RegCreateKey(HKEY_LOCAL_MACHINE,TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),&hkey);
if(reg_key==0)
{
RegSetValueEx((HKEY)hkey,TEXT("test"),0,REG_SZ,((LPBYTE)path),(sizeof(path))+1);
check=0;
return check;
}
if(reg_key!=0)
check=1;

RegCloseKey(hkey);
return check;
}

What is sizeof(path) ? It sure isn't the length of the array.....

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 02:24 PM

wchar_t *path = new wchar_t[40];
path = L"C:\\WINDOWS\\system32\\test.exe";

This code is invalid and causes a memory leak.

Needs to be replaced with:
wchar_t *path = L"C:\\WINDOWS\\system32\\test.exe";
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 03:03 PM

I fixed the L problem, the sizeof should take out this parameter of the function: RegSetValueEx

last paramter:

cbData [in]

The size of the information pointed to by the lpData parameter, in bytes. If the data is of type REG_SZ, REG_EXPAND_SZ, or REG_MULTI_SZ, cbData must include the size of the terminating null character or characters.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 03:12 PM

What is sizeof(path) ? Remember, arrays in C(++) are merely pointers to their first element. Sizeof() does NOT return the length of the array for string. It returns the size of the pointer type, which on 32 bit architectures is 4. This is why you are getting 2 characters of output.. each wchar_t character is two bytes wide, and RegSetValueEx is assuming the string is 4 bytes long. To get the length of the string, you need to use wcslen(), and you need to multiply it by the size of a wchar_t in order to get things in bytes.

Therefore:
wcslen(path)*sizeof(wchar_t)
is the value you are looking for, not sizeof(path)

C arrays have no direct way of accessing an array's length. wcslen() simply searches for the NULL at the end of the NULL terminated string.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 03:23 PM

Thanks alot for the info and now my program is working. And again, thanks billy3

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 04:21 PM

No problem :thumbsup:

However... I have a question for you.....

Can you tell me what the problem with this code is?

wchar_t *path = new wchar_t[40];
path = L"C:\\WINDOWS\\system32\\test.exe";


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 11 May 2009 - 04:40 PM

Hehe I can see that it allocate memory and should be used with delete ;)

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:14 PM

Posted 11 May 2009 - 05:14 PM

Yep :thumbsup:

What did this line do?
path = L"C:\\WINDOWS\\system32\\test.exe";

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 KaZu

KaZu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 12 May 2009 - 01:20 AM

The first, I mixed up Unicode and ANSI code, had to use wchar_t for my arrays as you said.

So just to say other words. Because I have wchar_t array itīs not right to set a string value direct to it, so I use the L or TEXT macro to fix this problem(tell the compiler that the string is a wide character value. This is right? :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users