[AccessD] \decompile
Arthur Fuller
fuller.artful at gmail.com
Wed Apr 13 18:21:55 CDT 2022
I am just beginning to realize how
On Wed, Apr 13, 2022 at 5:58 PM Stuart McLachlan <stuart at lexacorp.com.pg>
wrote:
> On 13 Apr 2022 at 17:29, John Colby wrote:
>
> > Paul, really cool version detection.
> >...
> > > > Rem Find the MSAccess executable
>
> I just query the registry :)
>
> 'Get Access location
> dwRetVal =
> RegOpenKeyEx(%HKEY_CLASSES_ROOT,PATHNAME$(EXTN,wsFIle),0,%key_query_value,hkey)
> dwRetVal = regqueryvalueex(hkey,"",0,%reg_sz,wszRetStr,256)
> dwRetVal = regclosekey(hkey)
> dwRetVal = RegOpenKeyEx(%HKEY_CLASSES_ROOT,wszRetStr &
> "\SHELL\Open\command" ,0,%key_query_value,hkey)
> dwRetVal = regqueryvalueex(hkey,"",0,%reg_sz,wszRetStr,256)
> dwRetVal = regclosekey(hkey)
>
> wszRetStr now contains something like:
> "C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE" /NOSTARTUP
> "%1"
> %2 %3 %4 %5 %6 %7 %8 %9
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> https://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
--
Arthur
More information about the AccessD
mailing list