Sign in to follow this  
Followers 0
logmein

Stuck in serious Registry serious problem! x64 vs x86

11 posts in this topic

Hi there,

I am going to build a program to manage my startup programs. It work well on WinXP but when I upgrade my OS to Win 7, everything goes hell!

This is my sample code :

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <Constants.au3>
#include <ListViewConstants.au3>
#include <GuiListView.au3>
#include <String.au3>
Global $startup_key_1 = 'HKCU64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_2 = 'HKLM64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_3 = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run'
Global $startup_key_4 = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run'
#Region ### START Koda GUI section ### Form=D:\Total USB Security 4\startup_form.kxf
$formStartup = GUICreate("Startup Manager", 618, 326, 192, 125, BitOR($WS_CAPTION,$WS_POPUP,$WS_BORDER,$WS_CLIPSIBLINGS), BitOR($WS_EX_TOOLWINDOW,$WS_EX_WINDOWEDGE))
GUISetFont(10, 400, 0, "Arial")
$listStartup = GUICtrlCreateListView("Program|Key|File", 8, 8, 602, 286)
$hdlListStartup = GUICtrlGetHandle (-1)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 150)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 1, 70)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 2, 375)
$btnRemoveStartup = GUICtrlCreateButton("&Remove", 424, 296, 91, 25, $WS_GROUP)
$btnCloseStartupForm = GUICtrlCreateButton("&Close", 520, 296, 91, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
_GetStartupItem ()
while 1
$nMsg = GUIGetMsg ()
Switch $nMsg
Case $btnCloseStartupForm
Exit
Case $btnRemoveStartup
_RemoveStartupItem ()
EndSwitch
WEnd
Func _RemoveStartupItem()
$select = _GUICtrlListView_GetSelectedIndices($hdlListStartup, True);get first item index
If $select[0] <> 0 Then
$key = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 1)
$program = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 0);program[3] means program name
RegDelete($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run', $program[3])
;ConsoleWrite ($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run' & '[' & $program[3] & ']' & @CRLF)
If Not @error Then
_GUICtrlListView_DeleteItem($hdlListStartup, $select[1])
Else
MsgBox(32, 'Startup Manager', 'Can''t remove the registry key. Please try again!', '', $formStartup)
Return
EndIf
EndIf
EndFunc
Func _GetStartupItem()
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_1, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_1, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0] , 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_2, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_2, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_3, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_3, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_4, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_4, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
Return
EndFunc ;==>_GetStartupItem
#endregion---------------------------------------------------------

My program can still detect x86 startup programs but when I try to remove x86 programs, there was error. Then I use CCleaner to check up, I choose a x86 program (iTunesHelper), then right-click and choose "Open in Regedit..." and I get the address of registry key : Computer\HLMC\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Remember that!

Posted Image

Posted Image

Afterthat, I choose a x64 program in CCleaner(Persistence), continue to view it in Regedit and I got this :

Posted Image

Posted Image

Still Computer\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run??!

Plz help me!

Share this post


Link to post
Share on other sites



Congratulations on trying not to get help. Don't bump less than 24hours and use that time to find the answer yourself.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

hi you are using bad keys.

if you use 'HKCU64' and 'HKCU' on your program will be appear your key two times. so you would be trying to delete a key who doesn't exist.

else in 86x you repeat two time your key HKLM64 and HKLM. but in 86x does'nt exist 64x keys.

You should Use this.

I think this is the best way.

Select
Case @OSArch="X64"

;case OS x64 read this key
"HKLM64SoftwareMicrosoftWindowsCurrentVersionRun"
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"



Case @OSArch="X86"
;case OS x86 read this key
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"


EndSelect

EndFunc
Edited by Danyfirex

Share this post


Link to post
Share on other sites

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Share this post


Link to post
Share on other sites

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Glad to help you.

regards

Share this post


Link to post
Share on other sites

But they are alike. I don't understand. But how to delete or write a registry key in x86 Regedit?

That's because WOW redirect x86 apps to another place.

You should read up on the Registry Redirector. There are lots of other interesting things to know about x64 Windows if you follow the links around in that Programming Guide.

Redirected keys are mapped to physical locations under Wow6432Node. For example, HKEY_LOCAL_MACHINESoftware is redirected to HKEY_LOCAL_MACHINESoftwareWow6432Node.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • RTFC
      By RTFC
      Please answer me these questions three, ere the other side you see:
      Are you running a 64-bit machine with a 64-bit Windows operating system? Can your AutoIt scripts cope with having directive #AutoIt3Wrapper_UseX64=Y, and thus @AutoItX64=True? Are you sick and tired of seeing this error message?
      If you (like me) answered "YES" to all three questions, then the _HighMem library may ease your pain (the name commemorates a useful utility from the days when CPUs were still steam-powered). Forget about pathetic boot switches /3GB and /userva; in a full-fledged 64-bit environment, _HighMem can pre-allocate all available physical/virtual RAM you've got (or any smaller size you need), and manage individual allocations therein with four simple functions:
      _HighMem_StartUp( $nSize, $sUnit="GB" ) ; parse size of total region to pre-allocate, e.g. (10,"GB") _HighMem_Allocate( $nSize, $sUnit="B" ) ; returns $pOffset (new allocation's base address) _HighMem_Release( $pOffset ) ; existing allocations are identified by their offset (base address) _HighMem_CleanUp() ; close handles, release all pre-allocated memory Of course, existing AutoIt limitations remain in force (e.g., DllstructCreate() is still limited to 2 GB per call), but the maximum of 2-4 GB of virtual memory per Windows process can (under the right circumstances, in the proper environment) be circumvented. However, this is the first beta release, so glitches are likely, and performance may vary. In fact, it may not work at all for you (if you're running 32-bit, for example). And since this involves your own hardware, it's unlikely I would be able to reproduce your issues in my own work environment. Nevertheless, if you find obvious bugs or mistakes in the code, please do post. And if it works for you, that's also good to hear. My own motivation for developing it was to supercharge my matrix computing environment (Eigen4AutoIt), so it can handle matrices of any size that fit in machine RAM.
      The attached zip contains the library itself (HighMem.au3) and two test examples. HighMem_Test1 performs a dry run stress test of the allocation management system; it does not actually do any memory I/O. By contrast, HighMem_Test2 pre-allocates a 6 GB space, stores 3 x 2GB structs there, performs some basic I/O, and releases the allocations one by one. Obviously, for this to work you'll need at least that much free RAM to begin with (check with Task Manager -> Performance -> Memory if you're unsure). My own test environment has 16 GB of physical RAM, and runs W10Pro/64.
      EDIT: minor edits added to improve user experience (many more status messages if $_HighMem_Verbose=True)
      HighMem.v0.85.7z
      EDIT: from beta version 0.9, HighMem supports shared memory, including mutex negotiation.
       
      HighMem.v0.91.7z
    • steveeye
      By steveeye
      hey, can anybody enlighten on lesser known Windows hacks or uses ?
    • iXX
      By iXX
      Hi!
      Looking for working code to  get full path of process  - both 32 & 64 bit.
      I tryed this bellow, but it works only for 32-bit processes, even if compiled for x64...
      Thanx for suggestions!
       
      Func _ProcessGetPath($vProcess) ;get the program path done by MrCreatoR Local $iPID = ProcessExists($vProcess) If NOT $iPID Then Return SetError(1, 0, -1) Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID) If NOT IsArray($aProc) OR NOT $aProc[0] Then Return SetError(2, 0, -1) Local $vStruct = DllStructCreate('int[1024]') Local $hPsapi_Dll = DllOpen('Psapi.dll') If $hPsapi_Dll = -1 Then $hPsapi_Dll = DllOpen(@SystemDir & '\Psapi.dll') If $hPsapi_Dll = -1 Then $hPsapi_Dll = DllOpen(@WindowsDir & '\Psapi.dll') If $hPsapi_Dll = -1 Then Return SetError(3, 0, '') DllCall($hPsapi_Dll, 'int', 'EnumProcessModules', _ 'hwnd', $aProc[0], _ 'ptr', DllStructGetPtr($vStruct), _ 'int', DllStructGetSize($vStruct), _ 'int_ptr', 0) Local $aRet = DllCall($hPsapi_Dll, 'int', 'GetModuleFileNameEx', _ 'hwnd', $aProc[0], _ 'int', DllStructGetData($vStruct, 1), _ 'str', '', _ 'int', 2048) DllClose($hPsapi_Dll) If NOT IsArray($aRet) OR StringLen($aRet[3]) = 0 Then Return SetError(4, 0, '') Return $aRet[3] EndFunc  
    • Simpel
      By Simpel
      Hi,
      I wondered why negative integers I wrote into registry (e.g. negative x-coordinates of a gui if using two monitors and the right one is the main one) wouldn't return right when reading. Now I know: it is saved as an unsigned integer (without algebraic sign). So here is a snippet that is changing unsigned to signed integer:
      Global Const $g_sRegKey = "HKEY_CURRENT_USER\Software\" & @ScriptName ; path to registry RegWrite($g_sRegKey, "Value", "REG_DWORD", -2147483647) ; write some negative integer into registry; -2147483647 highest possible negative integer , 2147483648 highest possible positive integer if talking of 32bit Local $sValue = RegRead($g_sRegKey, "Value") ; read out registry ConsoleWrite("Value: " & $sValue & @CRLF) ; show real value in console Local $sResult = _SignedInteger($sValue) ; change to signed value ConsoleWrite("Result: " & $sResult & @CRLF) ; and show it in console Func _SignedInteger($iUnsignedInteger) Local $iSignedInteger If $iUnsignedInteger > (2^31) Then ; then it means a negative integer $iSignedInteger = $iUnsignedInteger - (2^32) Else $iSignedInteger = $iUnsignedInteger EndIf Return $iSignedInteger EndFunc It took me some time to find out the problem and so I hope I can help somebody with this.
      Regards, Conrad
    • afallenhope
      By afallenhope
      Hello all! 
      I am having a bit of trouble and was wondering if anyone may have a workaround for my issue. I made a script that would automatically install a piece of software each night on a Windows 7 Box. Now I have been instructed to do the same with a Windows 10 box since the application is now being tested on Windows 10. 
      The way I did the win7 installation was that I made a script and then made an executable that I call with a batch file along with the Installer. So the process is 
      AutoitMainFile calls batch file, batch file opens Installer, and the automatedinstaller.exe  The automatedinstlaller waits 10-20 seconds to make sure the Installer has been fully loaded.
      When I try to do the same both get loaded but the automatedinstallation.exe does not send commands to the installer. The code does work and nothing from the program we are wanting to install has changed as our Windows 7 runs every night no problem. 
       
      Do I need to make a new automatedinstall script for windows 10? 
      Any advice is appreciated 
      Thanks,
      Richard