Jump to content
Sign in to follow this  
logmein

Stuck in serious Registry serious problem! x64 vs x86

Recommended Posts

logmein

Hi there,

I am going to build a program to manage my startup programs. It work well on WinXP but when I upgrade my OS to Win 7, everything goes hell!

This is my sample code :

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <Constants.au3>
#include <ListViewConstants.au3>
#include <GuiListView.au3>
#include <String.au3>
Global $startup_key_1 = 'HKCU64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_2 = 'HKLM64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_3 = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run'
Global $startup_key_4 = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run'
#Region ### START Koda GUI section ### Form=D:\Total USB Security 4\startup_form.kxf
$formStartup = GUICreate("Startup Manager", 618, 326, 192, 125, BitOR($WS_CAPTION,$WS_POPUP,$WS_BORDER,$WS_CLIPSIBLINGS), BitOR($WS_EX_TOOLWINDOW,$WS_EX_WINDOWEDGE))
GUISetFont(10, 400, 0, "Arial")
$listStartup = GUICtrlCreateListView("Program|Key|File", 8, 8, 602, 286)
$hdlListStartup = GUICtrlGetHandle (-1)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 150)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 1, 70)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 2, 375)
$btnRemoveStartup = GUICtrlCreateButton("&Remove", 424, 296, 91, 25, $WS_GROUP)
$btnCloseStartupForm = GUICtrlCreateButton("&Close", 520, 296, 91, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
_GetStartupItem ()
while 1
$nMsg = GUIGetMsg ()
Switch $nMsg
Case $btnCloseStartupForm
Exit
Case $btnRemoveStartup
_RemoveStartupItem ()
EndSwitch
WEnd
Func _RemoveStartupItem()
$select = _GUICtrlListView_GetSelectedIndices($hdlListStartup, True);get first item index
If $select[0] <> 0 Then
$key = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 1)
$program = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 0);program[3] means program name
RegDelete($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run', $program[3])
;ConsoleWrite ($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run' & '[' & $program[3] & ']' & @CRLF)
If Not @error Then
_GUICtrlListView_DeleteItem($hdlListStartup, $select[1])
Else
MsgBox(32, 'Startup Manager', 'Can''t remove the registry key. Please try again!', '', $formStartup)
Return
EndIf
EndIf
EndFunc
Func _GetStartupItem()
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_1, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_1, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0] , 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_2, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_2, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_3, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_3, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_4, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_4, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
Return
EndFunc ;==>_GetStartupItem
#endregion---------------------------------------------------------

My program can still detect x86 startup programs but when I try to remove x86 programs, there was error. Then I use CCleaner to check up, I choose a x86 program (iTunesHelper), then right-click and choose "Open in Regedit..." and I get the address of registry key : Computer\HLMC\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Remember that!

Posted Image

Posted Image

Afterthat, I choose a x64 program in CCleaner(Persistence), continue to view it in Regedit and I got this :

Posted Image

Posted Image

Still Computer\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run??!

Plz help me!

Share this post


Link to post
Share on other sites
guinness

Congratulations on trying not to get help. Don't bump less than 24hours and use that time to find the answer yourself.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
Danyfirex

hi you are using bad keys.

if you use 'HKCU64' and 'HKCU' on your program will be appear your key two times. so you would be trying to delete a key who doesn't exist.

else in 86x you repeat two time your key HKLM64 and HKLM. but in 86x does'nt exist 64x keys.

You should Use this.

I think this is the best way.

Select
Case @OSArch="X64"

;case OS x64 read this key
"HKLM64SoftwareMicrosoftWindowsCurrentVersionRun"
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"



Case @OSArch="X86"
;case OS x86 read this key
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"


EndSelect

EndFunc
Edited by Danyfirex

Share this post


Link to post
Share on other sites
logmein

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Share this post


Link to post
Share on other sites
Danyfirex

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Glad to help you.

regards

Share this post


Link to post
Share on other sites
AdmiralAlkex

But they are alike. I don't understand. But how to delete or write a registry key in x86 Regedit?

That's because WOW redirect x86 apps to another place.

You should read up on the Registry Redirector. There are lots of other interesting things to know about x64 Windows if you follow the links around in that Programming Guide.

Redirected keys are mapped to physical locations under Wow6432Node. For example, HKEY_LOCAL_MACHINESoftware is redirected to HKEY_LOCAL_MACHINESoftwareWow6432Node.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • GeorgeB
      By GeorgeB
      I'm writing a little applet that basically tells you when Windows was installed.  There is a REG_DWORD in Windows that gives you this. It's basically a value that is the # of seconds from 1970.
      The location is:  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate"
      So if I run this in AutoIT, I should get the value displayed within the msgbox:
      MsgBox($MB_SYSTEMMODAL, "InstallDate Test", RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"))
      However, what happens is it always returns a value of "0"  I tried this on several machines (Windows 8, Windows 8.1 and Windows 10). 
      Am I missing something?  If I manually view this REG_DWORD with RegEdit, it shows me the HEX value, or I can view the Decimal value. I don't care which value AutoIT reads, as I can always convert back and forth, but I just don't see why it can't read a value from this REG_DWORD.  As a test, I've read other REG_DWORD values, and with most it doesn't return any value, not even a 0.
      Please, even if you guys have some other (perhaps better) way to read the Windows install date, I would still like to find a resolution to this problem, because I want to understand why I am having so much difficulty with reading REG_DWORD values from the Windows Registry with AutoIT.
      Thanks for any help!
       
       
       
       
       
    • MMedina
      By MMedina
      Hello all, 
      Been looking for and playing around with a script that would prompt me for a UserName and Password then Map a network drive.
      I have included the code: 
      #AutoIt3Wrapper_icon=your_icon.ico #AutoIt3Wrapper_Run_Obfuscator=y #obfuscator_parameters=/striponly #NoTrayIcon #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $Form1 = GUICreate("Connect To Your Drive", 265, 135) $username_id = GUICtrlCreateInput("", 88, 16, 153, 21) $password_id = GUICtrlCreateInput("", 87, 44, 153, 21, $ES_PASSWORD) GUICtrlCreateLabel("&Username", 24, 16, 52, 17) GUICtrlCreateLabel("&Password", 26, 46, 50, 17) $connect = GUICtrlCreateButton("&Connect", 24, 80, 217, 33, BitOr($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON)) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $connect $username = GUICtrlRead($username_id) $password = GUICtrlRead($password_id) If $username = '' Or $password = '' Then MsgBox(16, 'Error', 'Empty username or password') ContinueLoop EndIf If DriveMapGet("X:") <> '' Then ; very fast MsgBox(16, 'Error', 'The device is already assigned') ContinueLoop EndIf GUISetCursor(15,1) DriveMapAdd("X:", "\\Server\share\filestore\" & $username, 0, $username, $password) ; slow If @error Then Switch @error Case 1 $err_message = 'Undefined / Other error. Windows API return code: ' & @extended Case 2 $err_message = 'Access to the remote share was denied' Case 3 $err_message = 'The device is already assigned' Case 4 $err_message = 'Invalid device name' Case 5 $err_message = 'Invalid remote share' Case 6 $err_message = 'Invalid password' EndSwitch GUISetCursor(2) MsgBox(16, 'Error', $err_message) Else ; everything OK Exit EndIf EndSwitch WEnd  
      When I attempt the build I get the following:
       Obfuscator support has been discontinued and is replaced by Au3Stripper using "#Au3Stripper_" directives.
      ! The directive to run Au3Stripper is: #AutoIt3Wrapper_Run_Au3Stripper=y  ; Default is n
      ! #Au3Stripper_Parameters options are: 
      /pe  : Replace and reference to a Global Const variable with its actual value.
      /tl  : Create Au3Stripper.Log with a trace of all actions.
      /debug: add Debug information to Au3Stripper.Log.
      /so : This is the default when no parameters are provided. same as /sf + /sv
      /sf : Strip all unused Func's
      /sv : Strip all unused Global var records.
      /mo : Just merges the Include files into the source and strips the Comments.
            This is similar to aut2exe and helps finding the errorline.
      /mi : Sets the maximum Iterations Au3Stripper will perform. Default is 5.
      /rm : Rename Variables and Functions to a shorter name.
      /rsln: Replace @ScriptLineNumber with the actual line number.
      /Beta: Use Beta Includes.
      - Icon not found:  your_icon.ico ==> Changing to default ICON.
      >Running AU3Check (3.3.14.5)  from:C:\Program Files (x86)\AutoIt3  input:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS.au3
      +>18:28:11 AU3Check ended.rc:0
      >Running Au3Stripper (18.708.1148.0)  from:C:\Program Files (x86)\AutoIt3\SciTE\Au3Stripper cmdline:
      - 0.22 Iteration 1 Strip Functions result: Output  1050 lines, stripped 0 Func lines and 234 Commentlines
      - 0.61 Iteration 2 Strip Variables result: Output  88 lines and stripped 962 lines
      - 0.63 Iteration 3 Strip Variables result: Output  58 lines and stripped 30 lines
      - 0.64 Iteration 4 Strip Variables result: Output  52 lines and stripped 6 lines
      - 0.66 Iteration 5 Strip Variables result: Output  51 lines and stripped 1 lines
      +> Source    1285 lines 48435 Characters.
      +> Stripped  999 Func/Var lines and  234 comment lines, Total 46893 Characters.
      +> Saved     95% lines 96% Characters.
      +> Au3Stripper v18.708.1148.0 finished created:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3
      +>18:28:12 Au3Stripper ended.rc:0
      >Running AU3Check (3.3.14.5)  from:C:\Program Files (x86)\AutoIt3  input:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3
      +>18:28:12 AU3Check ended.rc:0
      >Running:(3.3.14.5):C:\Program Files (x86)\AutoIt3\aut2exe\aut2exe.exe  /in "C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3" /out "C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe" /nopack /comp 2
      +>18:28:13 Aut2exe.exe ended.C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe. rc:0
      !>18:28:13 Problem copying file from: C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe To :C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS.exe
      +>18:28:14 AutoIt3Wrapper Finished.
      >Exit code: 0    Time: 3.046
       
      When I attempt to run the executable I get the following:

      Many thanks in advance
    • ammaul
      By ammaul
      Hi folks, I'm having problems with a screenshot capture script.
      Let me explain.
      Everyday I (and my colleagues at work) need to take some screenshots from a web-page. These screenshots are used to compile a report. Normally, I (and others) used to log in into the website and took screenshots of desired graphics and tables. This is tediuos and time consuming. To easy this task I made a script using autoit that basically logs into the website (user and password) and using some clicks, stroke send, coordinates, it is able to generate the graphics and save them to some folders into our network (this script saves arouund 50 pics. It works like a sharm.
      In order to make things easier, I tried to schedule this script (compiled to a Screnpics.exe file) using task scheduler from windows. We already use this (task scheduler) to run some vbs scripts, some vba excel scripts and so on. The computer used for this tasks is a windows 7 desktop computer. Due to security policies, the computer locks after some time. All this tasks run in the locked computer.
      My script screenpics.exe runs also from this locked computer. When the computer is unlocked, it does everything as expected. But, when it is locked, all the "pics" are BLACK. As I understand, it runs ok, but, as the "windows" are innactive, it prints what it "sees": a black rectangular.
      Some details: The web-page with hold the information I need, it only works in Firefox and, because of this it couldn`t be managed by vba or some "getobject" like commands. In fact, it has some flash things that make it impossible to control programatically. So my script is based on mouse move to coordinates, mouse click, screen capture and so one.
       
      So, I read many posts trying to figure out a way to overcome this, but... nothing came to mind. My first idea was try to unlock windows. Theses lead me to some posts with no solution. This is worse because I'm not a computer admin, so procedures that need to replace/change the register are not an option.
       
      If someone has any idea, I'll be gratefull.
    • therks
      By therks
      Has anybody else noticed that Windows 7 reacts ignorantly when you use the Windows key + arrow key shortcuts on a GUI with GUIEventMode set to 1? I discovered this recently when I was working on an app where I wanted complete control over the maximize/minimize buttons.
      Just give it a spin:
      #include <GUIConstants.au3> Opt('GUIEventOptions', 1) $hGUI = GUICreate('', 300, 200, Default, Default, BitOR($GUI_SS_DEFAULT_GUI, $WS_MAXIMIZEBOX)) GUISetState() While 1 Switch GUIGetMsg() Case $GUI_EVENT_MAXIMIZE ToolTip('Maximized') Case $GUI_EVENT_MINIMIZE ToolTip('Minimized') Case $GUI_EVENT_RESTORE ToolTip('Restored') Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd Run that, then hit Win+Up or Win+Down. None of those events get triggered, and it still maximizes/minimizes. Although I can't get it to restore down from a maximize unless the window is also resizable ($WS_THICKFRAME in the style).
      Is there a way to stop Windows from doing what it wants or is the only option to check with WinGetState() and then change it back?
       
      Windows 10 seems to respect my settings, and I don't have any other versions to test on.
    • msd1994
      By msd1994
      I have a script that just adds some keyboard shortcuts for things like displaying the current song and artist, moving the window to the side so it won't pop up in my way, and play/pause, next song, previous song (these are the only 3 to still work since they don't need the window handle.)
      In some update recently, Spotify's window class swapped from "[CLASS:SpotifyMainWindow]" to "[CLASS:Chrome_WidgetWin_0]". Using the new class in my controls doesn't seem to work, I've tried getting the window handle from the process handle (_GetHwndFromPID($PID)) but that seems to fail as well.
      Does anybody have some idea of a way I could get this script working again?
       
      edit: seems like discord has the same window class name, so could be some issue with this? Still not sure of a way to solve the issue though, I added a function to get the handle of the active window and can just use that now, but it was able to find it on its own before on spotify startup or script startup which would be preferred.
       
      Thanks!
×