了解 RegOpenKeyExA 参数
我正在查看一些反汇编,发现了以下部分:-
push eax
push 0F003Fh
push ebx
push ecx
push 80000002h
mov [esp+70h+var_4], ebx
call ds:RegOpenKeyExA
为了理解参数,我查看了 API 调用的文档 此处。
hkey 的可能值似乎是 HKEY_CLASSES_ROOT、HKEY_CURRENT_USER、HKEY_LOCAL_MACHINE、HKEY_USERS。压入堆栈的最后一个参数似乎是 80000002h;因此我假设 hkey 的各种值在某处定义为宏。有人可以帮助我找到它们或解释如何将推入堆栈的参数转换为正确的值吗?
I was taking a look at some disassembly and I found the following section :-
push eax
push 0F003Fh
push ebx
push ecx
push 80000002h
mov [esp+70h+var_4], ebx
call ds:RegOpenKeyExA
In order to understand the parameters I look at the documentation of the API call here.
The possible values for hkey seem to be HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS. The last argument pushed onto the stack seems to be 80000002h; hence im assuming that the various values for hkey are defined as macros somewhere. Could someone help me locate them or explain how the parameters pushed to the stack get translated to proper values?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
http://www .serverwatch.com/tutorials/article.php/1476831/Managing-Windows-Registry-with-Scripting-Part-1.htm
尽管您可以在其他地方找到它们(包括在SDK)。
在本例中,它是 HKEY_LOCAL_MACHINE。
http://www.serverwatch.com/tutorials/article.php/1476831/Managing-Windows-Registry-with-Scripting-Part-1.htm
though you can find them elsewhere (including in the SDK).
In this case, it's HKEY_LOCAL_MACHINE.