I was taking a look at some disassembly and I found the following section :-
push eax
push 0F003Fh
pus开发者_如何学运维h ebx
push ecx
push 80000002h
mov [esp+70h+var_4], ebx
call ds:RegOpenKeyExA
In order to understand the parameters I look at the documentation of the API call here.
The possible values for hkey seem to be HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS. The last argument pushed onto the stack seems to be 80000002h; hence im assuming that the various values for hkey are defined as macros somewhere. Could someone help me locate them or explain how the parameters pushed to the stack get translated to proper values?
http://www.serverwatch.com/tutorials/article.php/1476831/Managing-Windows-Registry-with-Scripting-Part-1.htm
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_CURRENT_CONFIG = &H80000005
though you can find them elsewhere (including in the SDK).
In this case, it's HKEY_LOCAL_MACHINE.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论