forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Read Registry on 64bit Windows
Goto page 1, 2  Next
 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help
View previous topic :: View next topic  
Author Message
Ciulla
Newbie


Joined: 04 May 2004
Posts: 11

PostPosted: Wed Apr 18, 2007 8:56 pm    Post subject: Read Registry on 64bit Windows Reply with quote

Is there a way to read the registry?

All my registry read return nulls but they work fine on a 32bit windows
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Wed Apr 18, 2007 9:01 pm    Post subject: Reply with quote

Ciulla,
VDS is a 32bit windows language only. The reason registry reads return null in a 64bit environment is because registry handles are 64bits and not 32bits.

_________________
Home of

Give VDS a new purpose!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Ciulla
Newbie


Joined: 04 May 2004
Posts: 11

PostPosted: Wed Apr 18, 2007 9:10 pm    Post subject: Re: Read Registry on 64bit Windows Reply with quote

Ciulla wrote:
Is there a way to read the registry?

All my registry read return nulls but they work fine on a 32bit windows


Thank for the replay

Is there a dll I can use to do this, all other functions seem to work ok except for the registry.

Is VDS 6 going to support 64bit operations?
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Wed Apr 18, 2007 9:10 pm    Post subject: Reply with quote

Ciulla,
For more information about how 64bit Windows uses the registry take a look at this MSDN 64/32bit Registry Access

_________________
Home of

Give VDS a new purpose!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Wed Apr 18, 2007 9:19 pm    Post subject: Reply with quote

Ciulla,
To make this work Jules (i.e. main developer for VDS) would have to change the Access rights flags and add the following values to them.

MSDN wrote:

KEY_WOW64_64KEY 0x0100 Access a 64-bit key from either a 32-bit or 64-bit application.
Windows 2000: This flag is not supported.
KEY_WOW64_32KEY 0x0200 Access a 32-bit key from either a 32-bit or 64-bit application.
Windows 2000: This flag is not supported.


These flags are used in the API functions RegCreateKeyEx, RegOpenKeyEx, and RegDeleteKeyEx. Maybe one of the DLL builders here with a little time on their hands and a 64bit version of windows will build a Extension for you that will handle 64bit windows.

_________________
Home of

Give VDS a new purpose!


Last edited by vdsalchemist on Wed Apr 18, 2007 9:28 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Ciulla
Newbie


Joined: 04 May 2004
Posts: 11

PostPosted: Wed Apr 18, 2007 9:23 pm    Post subject: Re: Read Registry on 64bit Windows Reply with quote

Thanks dragonsphere


That would be great. We are starting to install Windows Server 2003 64bit as our default server, .
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Wed Apr 18, 2007 9:31 pm    Post subject: Reply with quote

It should be possible to do this with the VDS @lib() function. If that does not work I know you can do this with GadgetX. If I have some time I will see what I can throw together for you Wink
_________________
Home of

Give VDS a new purpose!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1562

PostPosted: Thu Apr 19, 2007 6:04 am    Post subject: Reply with quote

Just logged into Windows Vista Ultimate 64bit version and tested VDS with this code below. Note that XP/2003 64 bit may behave differently and that may be why you are getting null values.

Code:

warn @regread(LOCAL, HARDWARE\DESCRIPTION\system\CentralProcessor\0, ProcessorNameString)


It returns the CPU name/information from the registry. I also tested writing a value to this key and it worked fine.

Now here is where things changed:


I tried to create a registry key under HKEY_LOCAL_MACHINE\Software\.

It redirected and wrote the value to:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\My Company\My Product\

Here is the code:
Code:

REGISTRY WRITE, LOCAL, Software\My Company\My Product\, Name, "Test Application", STRING)
warn @regread(LOCAL, Software\My Company\My Product\, Name)
warn @regread(LOCAL, Software\Wow6432Node\My Company\My Product\, Name)


So the 32 bit registry value really is located under the Wow6432Node registry section and Windows redirects correctly.


Based on this it appears you can write/read from 64 bit areas, but certain areas are protected (like HKEY_LOCAL_MACHINE\software\ and I suspect other areas well).


Last edited by PGWARE on Thu Apr 19, 2007 6:56 am; edited 1 time in total
Back to top
View user's profile Send private message
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1562

PostPosted: Thu Apr 19, 2007 6:22 am    Post subject: Reply with quote

*update*
Registry Redirection
http://msdn2.microsoft.com/en-us/library/aa384232.aspx

HKEY_LOCAL_MACHINE\Software
HKEY_USERS\*\Software\Classes
HKEY_USERS\*_Classes

These three keys (and subkeys) are redirected as we found out when testing within VDS, seems it places them within the WOW6432Node of their respective ROOT keys.

A 32 bit application read/writes would be redirected to the WOW6432Node, while a 64 bit application would read from the 'correct' version of the registry. This leads to duplicate data - one stored in 32 bit registry tree and one in the 64 bit tree. This only occurs for the three registry keys (and subkeys) listed above.


Now another concept to address this:
Registry Reflection
http://msdn2.microsoft.com/en-us/library/aa384235.aspx

HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_USERS\*\Software\Classes
HKEY_USERS\*_Classes

This allows some registry keys to share 64bit and 32bit keys. It is only for a subset of the registry as well, noted above. While the values are written in different areas, Windows will merge the data automatically so the data in theory is the same.


The difference in redirection and reflection is that in redirection 32bit reads may not retrieve valid information since these keys are not 'shared' with 64bit values. In reflection, a 'mirror' is created in which while there are two distinct values they appear to always be the same value no matter if a 32bit or 64bit application has written them.


Shared Registry Keys:
http://msdn2.microsoft.com/en-us/library/aa384253.aspx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Current
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software\Microsoft\Shared Tools\MSInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TermServLicensing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Transaction Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies

These are keys that are shared both by 32bit and 64bit applications, while it sound similar to reflection it is not. In reflection while data is merged there are two seperate values stored in the registry - one 32bit and another 64bit - Windows then automatically merges the data to the latest change/update. In Shared Keys only one physical registry key exists - both 32bit and 64bit apps can write to it.


I am not sure on this part but it appears that any other portion of the registry appears to allow 32bit/64 read/write without redirection/reflection. I tested writing to different parts of the registry and did not notice any reflection occuring and it allowed me to read and write to these areas with a VDS application. If anyone has further information please feel free to add to the discussion.
Back to top
View user's profile Send private message
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1562

PostPosted: Thu Apr 19, 2007 6:52 am    Post subject: Reply with quote

Based on this, it looks like if you read/write to HKEY_USERS\*\Software\Classes, HKEY_USERS\*_Classes, any of the reflected keys, or any of the shared keys you will get valid data.

The only key I can see which may give problems is HKEY_LOCAL_MACHINE\Software and any key under it (not including the reflected and shared noted earlier) - this section is redirected for 32bit and 64bit values.

You would have to modify your calls to open, and read registry calls to HKEY_LOCAL_MACHINE\Software\ as Dragonsphere points out with the KEY_WOW64_64KEY and KEY_WOW64_32KEY flags respectively so you can get valid data that was written by a 64bit process to the 64bit portion of the registry; otherwise you will get blank or different data as it is redirected to the 32bit portion of the registry.

You would use the KEY_WOW64_64KEY to get/set specific 64bit registry data.

If you then want to access the registry tree information for 32 bit data you would use KEY_WOW64_32KEY.

These flags allow you to access both 64bit and 32bit registry trees without worrying about redirection, reflection, or shared keys.
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Thu Apr 19, 2007 2:20 pm    Post subject: Reply with quote

PGWare,
I would try to get the @lib() function to work using this however I do not have access to a 64bit version of windows Sad I see no reason why it would not work. Maybe I will have a bit of code today that we can test?

_________________
Home of

Give VDS a new purpose!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1562

PostPosted: Thu Apr 19, 2007 3:28 pm    Post subject: Reply with quote

Sure, you can send it to me over IM or by email and I'll give it a test.
Back to top
View user's profile Send private message
vdsalchemist
Admin Team


Joined: 23 Oct 2001
Posts: 1448
Location: Florida, USA

PostPosted: Thu Apr 19, 2007 5:15 pm    Post subject: Reply with quote

Hi All,
Can someone with a 64bit version of Windows try the attached registry DSU example for me please? I need to know if it will work before I add anymore functionality to it.



Registry64Test.zip
 Description:
New version

Download
 Filename:  Registry64Test.zip
 Filesize:  10.77 KB
 Downloaded:  1414 Time(s)


_________________
Home of

Give VDS a new purpose!


Last edited by vdsalchemist on Thu Apr 19, 2007 9:12 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Ciulla
Newbie


Joined: 04 May 2004
Posts: 11

PostPosted: Thu Apr 19, 2007 6:54 pm    Post subject: Re: Read Registry on 64bit Windows Reply with quote

I tested your script, but I changed the key because vds is not installed on this machine.

the key that I used is: SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate

It all worked.
Back to top
View user's profile Send private message
PGWARE
Web Host


Joined: 29 Dec 2001
Posts: 1562

PostPosted: Thu Apr 19, 2007 7:06 pm    Post subject: Reply with quote

Ciulla before using that in your scripts allow Dragonsphere to put out a final version. We were doing some testing with it earlier and made some changes.

I was wondering why you were getting null values, and now know why Smile You were checking in HKEY_LOCAL_MACHINE\Software\ which is a redirected key. All other @regread and REGISTRY WRITE functions appear to work right within other parts of the registry. Dragonsphere and I were wondering what keys you were querying and concluded it was one of the redirected HLM\Software\ keys and that is the case.

The key you were quering is redirected in Windows 64bit to HLM\Software\Wow6432Node\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate because you are running a 32bit exe.

Obviously no such key exists, but by using the dsu that dragonsphere created it queries HLM\Software\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate without redirection; and as noted works now Smile
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group