starred/Quasar
1
0
Fork 0
mirror of https://github.com/quasar/Quasar.git synced 2026-04-25 15:25:59 +03:00
Code Issues 137 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #425] Registry Editor doesn't work correctly on 64-bit systems #216

New issue
Closed
opened 2026-02-27 15:49:23 +03:00 by kerem · 17 comments
kerem commented 2026-02-27 15:49:23 +03:00
Owner
Copy link

Originally created by @DragonzMaster on GitHub (Mar 10, 2016).
Original GitHub issue: https://github.com/quasar/Quasar/issues/425

I tried to use registry editor in release config but it seems to be not working even when I run the client with admin privil. but when I tried it using debug config it works good.

Originally created by @DragonzMaster on GitHub (Mar 10, 2016). Original GitHub issue: https://github.com/quasar/Quasar/issues/425 I tried to use registry editor in release config but it seems to be not working even when I run the client with admin privil. but when I tried it using debug config it works good.
kerem 2026-02-27 15:49:23 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 10, 2016):

It seems like the registry editor keeps crashing after load, when running as a Release build. I will look into this more and keep you posted on what I find.

<!-- gh-comment-id:195031067 --> @LjungErik commented on GitHub (Mar 10, 2016): It seems like the registry editor keeps crashing after load, when running as a Release build. I will look into this more and keep you posted on what I find.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 11, 2016):

ok, thanks in advance.

<!-- gh-comment-id:195236507 --> @DragonzMaster commented on GitHub (Mar 11, 2016): ok, thanks in advance.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 11, 2016):

I forget to mention that when I tried to view values in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run it get the values from the same key but Current user not local machine
so it need to be fixed too, and make it view the values from the correct key

EDIT: the problem seems to be not about local machine and current user but about :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
WOWNode64\Microsoft\Windows\CurrentVersion\Run

<!-- gh-comment-id:195242312 --> @DragonzMaster commented on GitHub (Mar 11, 2016): I forget to mention that when I tried to view values in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run it get the values from the same key but Current user not local machine so it need to be fixed too, and make it view the values from the correct key EDIT: the problem seems to be not about local machine and current user but about : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and WOWNode64\Microsoft\Windows\CurrentVersion\Run
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 14, 2016):

@DragonzMaster I have looked at the HKEY_LOCAL_MACHINE registry but can't seem to recreate your error. However, I have found that the RegistryEditor only seems to work against the 64-bit registry (even if the Client is 32-bit).

<!-- gh-comment-id:196386286 --> @LjungErik commented on GitHub (Mar 14, 2016): @DragonzMaster I have looked at the `HKEY_LOCAL_MACHINE` registry but can't seem to recreate your error. However, I have found that the `RegistryEditor` only seems to work against the 64-bit registry (even if the Client is 32-bit).
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 14, 2016):

What I mean that when I open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
it shows the values from the key below instead of the correct key
HKEY_LOCAL_MACHINE\ WOWNode64 \SOFTWARE\Microsoft\Windows\CurrentVersion\Run

<!-- gh-comment-id:196527953 --> @DragonzMaster commented on GitHub (Mar 14, 2016): What I mean that when I open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run it shows the values from the key below instead of the correct key HKEY_LOCAL_MACHINE\ **WOWNode64** \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 15, 2016):

Ok, seems that this is what I mentioned about the RegistryEditor only working against the 64-bit registry. In the future this should probably be extended to make it possible to edit both 64-bit and 32-bit registry values/keys, however I will put this on hold and handle it in later updates.

<!-- gh-comment-id:196735705 --> @LjungErik commented on GitHub (Mar 15, 2016): Ok, seems that this is what I mentioned about the `RegistryEditor` only working against the 64-bit registry. In the future this should probably be extended to make it possible to edit both 64-bit and 32-bit registry values/keys, however I will put this on hold and handle it in later updates.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 15, 2016):

@StingRaptor The client registryeditor is working partially on 64-bit systems. As @DragonzMaster said. For example when you try to access keys from HKEY_LOCAL_MACHINE\SOFTWARE\* it will give you instead the keys from HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\* on 64-bit systems.
Same for HKEY_CURRENT_USER\Software\*.

On 32-bit systems it's working correctly.

We will need to add the enum RegistryView (https://msdn.microsoft.com/en-us/library/microsoft.win32.registryview(v=vs.100).aspx) to the code and use Registry64. It should be safe to use this because of this:

If you request a 64-bit view on a 32-bit operating system, the returned keys will be in the 32-bit view.

Sources:
Wikipedia - WoW64 (Windows 32-bit on Windows 64-bit)
MSDN - RegistryView Enum

<!-- gh-comment-id:196811907 --> @MaxXor commented on GitHub (Mar 15, 2016): @StingRaptor The client registryeditor is working partially on 64-bit systems. As @DragonzMaster said. For example when you try to access keys from `HKEY_LOCAL_MACHINE\SOFTWARE\*` it will give you instead the keys from `HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\*` on 64-bit systems. Same for `HKEY_CURRENT_USER\Software\*`. On 32-bit systems it's working correctly. We will need to add the enum `RegistryView` (https://msdn.microsoft.com/en-us/library/microsoft.win32.registryview(v=vs.100).aspx) to the code and use `Registry64`. It _should_ be safe to use this because of this: > If you request a 64-bit view on a 32-bit operating system, the returned keys will be in the 32-bit view. Sources: [Wikipedia - WoW64 (Windows 32-bit on Windows 64-bit)](https://en.wikipedia.org/wiki/WoW64) [MSDN - RegistryView Enum](https://msdn.microsoft.com/en-us/library/microsoft.win32.registryview%28v=vs.100%29.aspx#Anchor_1)
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 15, 2016):

@MaxXor - @StingRaptor, You can give this project a look :
[-] https://regexplore.codeplex.com
this project works fine for me (both 32 and 64 bit) and it's very stable , It might help you. 😄

<!-- gh-comment-id:196835993 --> @DragonzMaster commented on GitHub (Mar 15, 2016): @MaxXor - @StingRaptor, You can give this project a look : [-] https://regexplore.codeplex.com this project works fine for me (both 32 and 64 bit) and it's very stable , It might help you. :smile:
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 15, 2016):

.... it doesn't need changes as it's compiled for AnyCPU, ours x86. That's the difference why it's working.

<!-- gh-comment-id:196838632 --> @MaxXor commented on GitHub (Mar 15, 2016): .... it doesn't need changes as it's compiled for `AnyCPU`, ours x86. That's the difference why it's working.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 15, 2016):

So what is preventing us from compiling Quasar client for AnyCPU ??

<!-- gh-comment-id:196839395 --> @DragonzMaster commented on GitHub (Mar 15, 2016): So what is preventing us from compiling Quasar client for AnyCPU ??
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 15, 2016):

The password recovery. (see: https://github.com/quasar/QuasarRAT/issues/352) It was solution 3.

<!-- gh-comment-id:196841173 --> @MaxXor commented on GitHub (Mar 15, 2016): The password recovery. (see: https://github.com/quasar/QuasarRAT/issues/352) It was solution 3.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 15, 2016):

Thank you for the help, @MaxXor and @DragonzMaster. I have now made the needed changes, and it seems that the RegistryEditor is working and displaying the correct keys in a 64-bit system. 😄

commit: 287101573b

<!-- gh-comment-id:196854503 --> @LjungErik commented on GitHub (Mar 15, 2016): Thank you for the help, @MaxXor and @DragonzMaster. I have now made the needed changes, and it seems that the RegistryEditor is working and displaying the correct keys in a 64-bit system. :smile: commit: 287101573b8fa5f43706e74d8af6200c4a902d79
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@DragonzMaster commented on GitHub (Mar 15, 2016):

Thank you for your efforts, @StingRaptor .I've tested the client from your fork and it seems to be fixed. The project which I mentioned before can help you to get Default values and allow you to search the registry.
EDIT : The registry form is too big, its size need to be fixed and reduced beside the the forms title need to be changed and add user@pc and IP like other forms (remote desktop, file manager, etc ....)
also we need to be able to edit the value by double clicking on it.

<!-- gh-comment-id:196873454 --> @DragonzMaster commented on GitHub (Mar 15, 2016): Thank you for your efforts, @StingRaptor .I've tested the client from your fork and it seems to be fixed. The project which I mentioned before can help you to get Default values and allow you to search the registry. EDIT : The registry form is too big, its size need to be fixed and reduced beside the the forms title need to be changed and add user@pc and IP like other forms (remote desktop, file manager, etc ....) also we need to be able to edit the value by double clicking on it.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 15, 2016):

@StingRaptor Yes please adjust the form.

<!-- gh-comment-id:196884939 --> @MaxXor commented on GitHub (Mar 15, 2016): @StingRaptor Yes please adjust the form.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 15, 2016):

@DragonzMaster @MaxXor Ok, this is a quick fix. However what is a reasonable size? 800x600?

<!-- gh-comment-id:196887242 --> @LjungErik commented on GitHub (Mar 15, 2016): @DragonzMaster @MaxXor Ok, this is a quick fix. However what is a reasonable size? 800x600?
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 15, 2016):

Yes.

<!-- gh-comment-id:196890773 --> @MaxXor commented on GitHub (Mar 15, 2016): Yes.
kerem commented 2026-02-27 15:49:23 +03:00
Author
Owner
Copy link

@LjungErik commented on GitHub (Mar 15, 2016):

@DragonzMaster I will look at the link you provided when I have more time on my hands, Thank you. 😄

Title and form size fixed in: 6492b2734d

<!-- gh-comment-id:196896021 --> @LjungErik commented on GitHub (Mar 15, 2016): @DragonzMaster I will look at the link you provided when I have more time on my hands, Thank you. :smile: Title and form size fixed in: 6492b2734d533690d7c93b312e904d79e642e401
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
v1.4.1
v1.4.0
v1.3.0.0
v1.2.0.0
v1.1.0.0
v1.0.0.0
RELEASE4.1
RELEASE4
RELEASE3
RELEASE2
RELEASE1
Labels
Clear labels   
bug

   
bug

   
cant-reproduce

   
discussion

   
duplicate

   
easy

   
enhancement

   
help wanted

   
improvement

   
invalid

   
need more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wont-add
No labels
bug
bug
cant-reproduce
discussion
duplicate
easy
enhancement
help wanted
improvement
invalid
need more info
pull-request
question
wont-add
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Quasar#216
No description provided.