Jump to content
Sign in to follow this  
logmein

Stuck in serious Registry serious problem! x64 vs x86

Recommended Posts

Hi there,

I am going to build a program to manage my startup programs. It work well on WinXP but when I upgrade my OS to Win 7, everything goes hell!

This is my sample code :

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <Constants.au3>
#include <ListViewConstants.au3>
#include <GuiListView.au3>
#include <String.au3>
Global $startup_key_1 = 'HKCU64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_2 = 'HKLM64\Software\Microsoft\Windows\CurrentVersion\Run';x64 os
Global $startup_key_3 = 'HKCU\Software\Microsoft\Windows\CurrentVersion\Run'
Global $startup_key_4 = 'HKLM\Software\Microsoft\Windows\CurrentVersion\Run'
#Region ### START Koda GUI section ### Form=D:\Total USB Security 4\startup_form.kxf
$formStartup = GUICreate("Startup Manager", 618, 326, 192, 125, BitOR($WS_CAPTION,$WS_POPUP,$WS_BORDER,$WS_CLIPSIBLINGS), BitOR($WS_EX_TOOLWINDOW,$WS_EX_WINDOWEDGE))
GUISetFont(10, 400, 0, "Arial")
$listStartup = GUICtrlCreateListView("Program|Key|File", 8, 8, 602, 286)
$hdlListStartup = GUICtrlGetHandle (-1)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 150)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 1, 70)
GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 2, 375)
$btnRemoveStartup = GUICtrlCreateButton("&Remove", 424, 296, 91, 25, $WS_GROUP)
$btnCloseStartupForm = GUICtrlCreateButton("&Close", 520, 296, 91, 25, $WS_GROUP)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
_GetStartupItem ()
while 1
$nMsg = GUIGetMsg ()
Switch $nMsg
Case $btnCloseStartupForm
Exit
Case $btnRemoveStartup
_RemoveStartupItem ()
EndSwitch
WEnd
Func _RemoveStartupItem()
$select = _GUICtrlListView_GetSelectedIndices($hdlListStartup, True);get first item index
If $select[0] <> 0 Then
$key = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 1)
$program = _GUICtrlListView_GetItem($hdlListStartup, $select[1], 0);program[3] means program name
RegDelete($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run', $program[3])
;ConsoleWrite ($key[3] & '\Software\Microsoft\Windows\CurrentVersion\Run' & '[' & $program[3] & ']' & @CRLF)
If Not @error Then
_GUICtrlListView_DeleteItem($hdlListStartup, $select[1])
Else
MsgBox(32, 'Startup Manager', 'Can''t remove the registry key. Please try again!', '', $formStartup)
Return
EndIf
EndIf
EndFunc
Func _GetStartupItem()
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_1, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_1, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0] , 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKCU64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_2, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_2, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM64', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_3, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_3, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
For $i = 1 To 100
$enum_key = RegEnumVal($startup_key_4, $i)
If @error then ExitLoop
$strRegRead = RegRead($startup_key_4, $enum_key)
$strRegReplace = _StringBetween ($strRegRead,'"','"')
If Not @error Then
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegReplace[0], 2)
Else
$add = _GUICtrlListView_AddItem($hdlListStartup, $enum_key)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, 'HKLM', 1)
_GUICtrlListView_AddSubItem($hdlListStartup, $add, $strRegRead , 2)
EndIf
Next
Return
EndFunc ;==>_GetStartupItem
#endregion---------------------------------------------------------

My program can still detect x86 startup programs but when I try to remove x86 programs, there was error. Then I use CCleaner to check up, I choose a x86 program (iTunesHelper), then right-click and choose "Open in Regedit..." and I get the address of registry key : Computer\HLMC\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Remember that!

Posted Image

Posted Image

Afterthat, I choose a x64 program in CCleaner(Persistence), continue to view it in Regedit and I got this :

Posted Image

Posted Image

Still Computer\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run??!

Plz help me!

Share this post


Link to post
Share on other sites

Congratulations on trying not to get help. Don't bump less than 24hours and use that time to find the answer yourself.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites

But they are alike. I don't understand. But how to delete or write a registry key in x86 Regedit?

Share this post


Link to post
Share on other sites

hi you are using bad keys.

if you use 'HKCU64' and 'HKCU' on your program will be appear your key two times. so you would be trying to delete a key who doesn't exist.

else in 86x you repeat two time your key HKLM64 and HKLM. but in 86x does'nt exist 64x keys.

You should Use this.

I think this is the best way.

Select
Case @OSArch="X64"

;case OS x64 read this key
"HKLM64SoftwareMicrosoftWindowsCurrentVersionRun"
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"



Case @OSArch="X86"
;case OS x86 read this key
"HKLMSoftwareMicrosoftWindowsCurrentVersionRun"
"HKCUSoftwareMicrosoftWindowsCurrentVersionRun"


EndSelect

EndFunc
Edited by Danyfirex

Share this post


Link to post
Share on other sites

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Share this post


Link to post
Share on other sites

Oh, I solved the problem, firstly, I changed the keys like yours and then add #RequireAdmin at the top of the script:)

Thanks Danyfirex:)

Glad to help you.

regards

Share this post


Link to post
Share on other sites

But they are alike. I don't understand. But how to delete or write a registry key in x86 Regedit?

That's because WOW redirect x86 apps to another place.

You should read up on the Registry Redirector. There are lots of other interesting things to know about x64 Windows if you follow the links around in that Programming Guide.

Redirected keys are mapped to physical locations under Wow6432Node. For example, HKEY_LOCAL_MACHINESoftware is redirected to HKEY_LOCAL_MACHINESoftwareWow6432Node.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By joseLB
      Hi
      This piece of code creates and reads OK a key at  "HKEY_LOCAL_MACHINE" and can be changed for a key at "HKEY_CURRENT_USER"
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav", "REG_SZ", "5555") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit With  HKEY_CURRENT_USER, in RegEdit we can see the created key, and we can create the key by hand/RegEdit and everything Works OK.
      At  HKEY_LOCAL_MACHINE we can´t see the created key above  thru RegEdit, but it Works (even not seeing, I can read). But  if I create "by hand"/RegEdit  the key,  it can´t read it with   $zz= RegRead  ("HKEY_LOCAL_MACHINE.... above.
      I´m the PC´s WIN.7 administrator. Even so I ran RegEdit as administrator and also the compiled AU3 and also plain. No changes.
      edit: even if Try   "HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", the same holds true.
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", "REG_SZ", "4444") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit Seems that it creates this key at another place.... I can read the above value ("4444"), even after a boot, even the key not showing in regedit. And if I create it by hand key AAA/wav with a distinct value (666), t, it continues Reading the old value = 444.
      Thanks
      Jose
       
    • By nacerbaaziz
      good morning everybody.
      today i liked to share an small example with you
      which it an function to read the registry values as an array
      the result array is 2d array witch
      $a_array[n][0] = value name
      $a_array[n][1] = value Data
      $a_array[0][0] = values count
      here's the function

      #include <Array.au3> #include <WinAPIReg.au3> #include <APIRegConstants.au3> Local $a_array = _RegReadToArray("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") If @error Then     MsgBox(16, "error", @error)     Exit EndIf _ArrayDisplay($a_array) Func _RegReadToArray($s_RegKey)     Local $a_KeySplitInfo = StringSplit($s_RegKey, "\\", 2)     If UBound($a_KeySplitInfo) <= 1 Then         $a_KeySplitInfo = StringSplit($s_RegKey, "\", 2)         If UBound($a_KeySplitInfo) <= 1 Then Return (1, 1, 0)     EndIf     Local $H_KeyInfo = "", $s_RegKeyInfo = ""     Switch $a_KeySplitInfo[0]         Case "hklm", "HKEY_LOCAL_MACHINE", "hklm64", "HKEY_LOCAL_MACHINE64"             $H_KeyInfo = $HKEY_LOCAL_MACHINE         Case "hkCu", "HKEY_CURRENT_USER", "hkCU64", "HKEY_CURRENT_USER64"             $H_KeyInfo = $HKEY_CURRENT_USER         Case "hkCr", "HKEY_CLASSES_ROOT", "HKCR64", "HKEY_CLASSES_ROOT64"             $H_KeyInfo = $HKEY_CLASSES_ROOT         Case "HKU", "HKEY_USERS", "HKU64", "HKEY_USERS64"             $H_KeyInfo = $HKEY_USERS         Case Else             Return SetError(2, 2, 0)     EndSwitch     _ArrayDelete($a_KeySplitInfo, 0)     $s_RegKeyInfo = _ArrayToString($a_KeySplitInfo, "\")     Local $H_KeyInfoOpen = _WinAPI_RegOpenKey($H_KeyInfo, $s_RegKeyInfo, $KEY_READ)     Local $A_KeyInfo = _WinAPI_RegQueryInfoKey($H_KeyInfoOpen)     If @error Then Return SetError(1, 1, 0)     _WinAPI_RegCloseKey($H_KeyInfoOpen)     Local $A_RegVal[$A_KeyInfo[2] + 1][2]     Local $iV = 1, $s_RegRead = ""     While 1         $s_RegVal = RegEnumVal($s_RegKey, $iV)         If @error <> 0 Then ExitLoop         $s_RegRead = RegRead($s_RegKey, $s_RegVal)         If Not (@error) Then             $A_RegVal[$iV][0] = $s_RegVal             $A_RegVal[$iV][1] = $s_RegRead         EndIf         $iV += 1     WEnd     $A_RegVal[0][0] = UBound($A_RegVal) - 1     If $A_RegVal[0][0] >= 1 Then         Return $A_RegVal     Else         Return SetError(3, 3, 0)     EndIf EndFunc   ;==>_RegReadToArray
      i hope you benefit from it
      with my greetings
    • By Simpel
      Hi,
      I wondered why negative integers I wrote into registry (e.g. negative x-coordinates of a gui if using two monitors and the right one is the main one) wouldn't return right when reading. Now I know: it is saved as an unsigned integer (without algebraic sign). So here is a snippet that is changing unsigned to signed integer:
      Global Const $g_sRegKey = "HKEY_CURRENT_USER\Software\" & @ScriptName ; path to registry RegWrite($g_sRegKey, "Value", "REG_DWORD", -2147483647) ; write some negative integer into registry; -2147483647 highest possible negative integer , 2147483648 highest possible positive integer if talking of 32bit Local $sValue = RegRead($g_sRegKey, "Value") ; read out registry ConsoleWrite("Value: " & $sValue & @CRLF) ; show real value in console Local $sResult = _SignedInteger($sValue) ; change to signed value ConsoleWrite("Result: " & $sResult & @CRLF) ; and show it in console Func _SignedInteger($iUnsignedInteger) Local $iSignedInteger If $iUnsignedInteger > (2^31) Then ; then it means a negative integer $iSignedInteger = $iUnsignedInteger - (2^32) Else $iSignedInteger = $iUnsignedInteger EndIf Return $iSignedInteger EndFunc It took me some time to find out the problem and so I hope I can help somebody with this.
      Regards, Conrad
    • By copyleft
      I've looked at a bunch of SetACL examples on this site and none seem to be able to convert this batch script into a working AutoIt script.
      BATCH
      @echo off "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr n:administrators >nul 2>nul "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn ace -ace "n:administrators;p:full" >nul 2>nul Reg.exe add "HKCR\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" /ve /t REG_EXPAND_SZ /d "C:\My.ico" /f NON-WORKING AUTOIT
      RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators"') RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators;p:full"') RegWrite('HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon', '','REG_EXPAND_SZ','C:\Windows\My.ico') Any ideas on what I'm doing wrong?
       
    • By GeorgeB
      I'm writing a little applet that basically tells you when Windows was installed.  There is a REG_DWORD in Windows that gives you this. It's basically a value that is the # of seconds from 1970.
      The location is:  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate"
      So if I run this in AutoIT, I should get the value displayed within the msgbox:
      MsgBox($MB_SYSTEMMODAL, "InstallDate Test", RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"))
      However, what happens is it always returns a value of "0"  I tried this on several machines (Windows 8, Windows 8.1 and Windows 10). 
      Am I missing something?  If I manually view this REG_DWORD with RegEdit, it shows me the HEX value, or I can view the Decimal value. I don't care which value AutoIT reads, as I can always convert back and forth, but I just don't see why it can't read a value from this REG_DWORD.  As a test, I've read other REG_DWORD values, and with most it doesn't return any value, not even a 0.
      Please, even if you guys have some other (perhaps better) way to read the Windows install date, I would still like to find a resolution to this problem, because I want to understand why I am having so much difficulty with reading REG_DWORD values from the Windows Registry with AutoIT.
      Thanks for any help!
       
       
       
       
       
×
×
  • Create New...