I am trying to make my FASM application add itself to the system start up by adding an entry in "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
I am using the following API's:
RegOpenKeyExA
RegSetValueExA
RegCloseKey
In advapi32.dll
When my code is ran, the entry is never created. Here is my code:
format PE GUI 4.0
include "Win32A.Inc"
entry start
section ".idata" import data readable writable
library kernel32, "kernel32.dll",\
advapi32, "advapi32.dll"
import kernel32,\
lstrlen, "lstrlenA",\
ExitProcess, "ExitProcess"
import advapi32,\
RegOpenKeyExA, "RegOpenKeyExA",\
RegSetValueEx, "RegSetValueExA",\
RegCloseKey, "RegCloseKey"
section ".data" data readable writeable
sKey db "SOFTWARE\Microsoft\Windows\CurrentVersion\Run",0
lpData db "C:\File.txt",0
lpValueName db "Text File"
phkresult dd ?
section ".code" code readable executable
start:
invoke RegOpenKeyExA, HKEY_CURRENT_USER, sKey, 0, KEY_SET_VALUE, phkresult
invoke lstrlen, lpData
invoke RegSetValueEx, phkresult, lpValueName, 0, REG_SZ, lpData, eax
invoke RegCloseKey, phkresult
exit:
invoke ExitProcess, 0
I am not understanding as to why my entry is not being added in the registry. Any help on this issue would be greatly appreciated.
Tried using OllyDbg and coming up with this:
Have NO idea why I would get access denied error. RegOpenKeyExA returns ERROR_SUCCESS
Turns out it was adding itself to the startup, but not visable in RegEdit, only in MSConfig..weird..?
When you invoke
RegSetValueExyou passphkresult's address, not its valueSo, try something like this: