[AccessD] \decompile

Arthur Fuller fuller.artful at gmail.com
Wed Apr 13 18:21:55 CDT 2022


I am just beginning to realize how

On Wed, Apr 13, 2022 at 5:58 PM Stuart McLachlan <stuart at lexacorp.com.pg>
wrote:

> On 13 Apr 2022 at 17:29, John Colby wrote:
>
> > Paul, really cool version detection.
> >...
> > > > Rem Find the MSAccess executable
>
> I just query the registry :)
>
>    'Get Access location
>         dwRetVal =
> RegOpenKeyEx(%HKEY_CLASSES_ROOT,PATHNAME$(EXTN,wsFIle),0,%key_query_value,hkey)
>         dwRetVal = regqueryvalueex(hkey,"",0,%reg_sz,wszRetStr,256)
>         dwRetVal = regclosekey(hkey)
>         dwRetVal = RegOpenKeyEx(%HKEY_CLASSES_ROOT,wszRetStr &
> "\SHELL\Open\command" ,0,%key_query_value,hkey)
>         dwRetVal = regqueryvalueex(hkey,"",0,%reg_sz,wszRetStr,256)
>         dwRetVal = regclosekey(hkey)
>
> wszRetStr now contains something like:
> "C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE" /NOSTARTUP
> "%1"
> %2 %3 %4 %5 %6 %7 %8 %9
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> https://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>


-- 
Arthur


More information about the AccessD mailing list