[!] failed QueryValueExU call #52
Description
QueryValueExU Fails in c_keys::InitKeyboard()
Description
I am encountering an issue with the bool c_keys::InitKeyboard() function, specifically when it performs a registry query using c_registry::QueryValue. The function call to VMMDLL_WinReg_QueryValueExU fails, returning:
[!] failed QueryValueExU call
Code Snippet
#include "../pch.h"
#include "Registry.h"
#include "Memory.h"
std::string c_registry::QueryValue(const char* path, e_registry_type type)
{
if (!mem.vHandle)
return "";
BYTE buffer[0x128];
DWORD _type = static_cast<DWORD>(type);
DWORD size = sizeof(buffer);
if (!VMMDLL_WinReg_QueryValueExU(mem.vHandle, const_cast<LPSTR>(path), &_type, buffer, &size))
{
LOG("[!] failed QueryValueExU call\n");
return "";
}
// TODO: Implement a better handling mechanism.
if (type == e_registry_type::dword)
{
DWORD dwordValue = *reinterpret_cast<DWORD*>(buffer);
return std::to_string(dwordValue);
}
std::wstring wstr = std::wstring(reinterpret_cast<wchar_t*>(buffer));
return std::string(wstr.begin(), wstr.end());
}Steps to Reproduce
-
Call
c_registry::QueryValueon a known registry key (e.g.,"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuild"). -
Observe the output log:
[!] failed QueryValueExU call
What I've Tried
- Updated to the latest
vmm.lib,vmmdll.h, andvmm.dll. - Checked MemProcFS GitHub for relevant information but found nothing helpful.
- Confirmed that the queried registry key exists by manually checking via PowerShell and
regedit.
Request for Help
- Has anyone else encountered this issue?
- Are there any known fixes or workarounds?
- If possible, could someone attempt to replicate this issue?
- Any insights into
VMMDLL_WinReg_QueryValueExUbehaviour would be greatly appreciated.
Thanks in advance! Any help is much appreciated. 🙏