View previous topic :: View next topic |
Author |
Message |
Ciulla Newbie
Joined: 04 May 2004 Posts: 11
|
Posted: Wed Apr 18, 2007 8:56 pm Post subject: Read Registry on 64bit Windows |
|
|
Is there a way to read the registry?
All my registry read return nulls but they work fine on a 32bit windows
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Wed Apr 18, 2007 9:01 pm Post subject: |
|
|
Ciulla,
VDS is a 32bit windows language only. The reason registry reads return null in a 64bit environment is because registry handles are 64bits and not 32bits.
_________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
Ciulla Newbie
Joined: 04 May 2004 Posts: 11
|
Posted: Wed Apr 18, 2007 9:10 pm Post subject: Re: Read Registry on 64bit Windows |
|
|
Ciulla wrote: | Is there a way to read the registry?
All my registry read return nulls but they work fine on a 32bit windows |
Thank for the replay
Is there a dll I can use to do this, all other functions seem to work ok except for the registry.
Is VDS 6 going to support 64bit operations?
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Wed Apr 18, 2007 9:10 pm Post subject: |
|
|
Ciulla,
For more information about how 64bit Windows uses the registry take a look at this MSDN 64/32bit Registry Access
_________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Wed Apr 18, 2007 9:19 pm Post subject: |
|
|
Ciulla,
To make this work Jules (i.e. main developer for VDS) would have to change the Access rights flags and add the following values to them.
MSDN wrote: |
KEY_WOW64_64KEY 0x0100 Access a 64-bit key from either a 32-bit or 64-bit application.
Windows 2000: This flag is not supported.
KEY_WOW64_32KEY 0x0200 Access a 32-bit key from either a 32-bit or 64-bit application.
Windows 2000: This flag is not supported.
|
These flags are used in the API functions RegCreateKeyEx, RegOpenKeyEx, and RegDeleteKeyEx. Maybe one of the DLL builders here with a little time on their hands and a 64bit version of windows will build a Extension for you that will handle 64bit windows.
_________________ Home of
Give VDS a new purpose!
Last edited by vdsalchemist on Wed Apr 18, 2007 9:28 pm; edited 1 time in total |
|
Back to top |
|
|
Ciulla Newbie
Joined: 04 May 2004 Posts: 11
|
Posted: Wed Apr 18, 2007 9:23 pm Post subject: Re: Read Registry on 64bit Windows |
|
|
Thanks dragonsphere
That would be great. We are starting to install Windows Server 2003 64bit as our default server, .
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Wed Apr 18, 2007 9:31 pm Post subject: |
|
|
It should be possible to do this with the VDS @lib() function. If that does not work I know you can do this with GadgetX. If I have some time I will see what I can throw together for you
_________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Thu Apr 19, 2007 6:04 am Post subject: |
|
|
Just logged into Windows Vista Ultimate 64bit version and tested VDS with this code below. Note that XP/2003 64 bit may behave differently and that may be why you are getting null values.
Code: |
warn @regread(LOCAL, HARDWARE\DESCRIPTION\system\CentralProcessor\0, ProcessorNameString)
|
It returns the CPU name/information from the registry. I also tested writing a value to this key and it worked fine.
Now here is where things changed:
I tried to create a registry key under HKEY_LOCAL_MACHINE\Software\.
It redirected and wrote the value to:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\My Company\My Product\
Here is the code:
Code: |
REGISTRY WRITE, LOCAL, Software\My Company\My Product\, Name, "Test Application", STRING)
warn @regread(LOCAL, Software\My Company\My Product\, Name)
warn @regread(LOCAL, Software\Wow6432Node\My Company\My Product\, Name)
|
So the 32 bit registry value really is located under the Wow6432Node registry section and Windows redirects correctly.
Based on this it appears you can write/read from 64 bit areas, but certain areas are protected (like HKEY_LOCAL_MACHINE\software\ and I suspect other areas well).
Last edited by PGWARE on Thu Apr 19, 2007 6:56 am; edited 1 time in total |
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Thu Apr 19, 2007 6:22 am Post subject: |
|
|
*update*
Registry Redirection
http://msdn2.microsoft.com/en-us/library/aa384232.aspx
HKEY_LOCAL_MACHINE\Software
HKEY_USERS\*\Software\Classes
HKEY_USERS\*_Classes
These three keys (and subkeys) are redirected as we found out when testing within VDS, seems it places them within the WOW6432Node of their respective ROOT keys.
A 32 bit application read/writes would be redirected to the WOW6432Node, while a 64 bit application would read from the 'correct' version of the registry. This leads to duplicate data - one stored in 32 bit registry tree and one in the 64 bit tree. This only occurs for the three registry keys (and subkeys) listed above.
Now another concept to address this:
Registry Reflection
http://msdn2.microsoft.com/en-us/library/aa384235.aspx
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\Software\Microsoft\EventSystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_USERS\*\Software\Classes
HKEY_USERS\*_Classes
This allows some registry keys to share 64bit and 32bit keys. It is only for a subset of the registry as well, noted above. While the values are written in different areas, Windows will merge the data automatically so the data in theory is the same.
The difference in redirection and reflection is that in redirection 32bit reads may not retrieve valid information since these keys are not 'shared' with 64bit values. In reflection, a 'mirror' is created in which while there are two distinct values they appear to always be the same value no matter if a 32bit or 64bit application has written them.
Shared Registry Keys:
http://msdn2.microsoft.com/en-us/library/aa384253.aspx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Current
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software\Microsoft\Shared Tools\MSInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TermServLicensing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Transaction Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
These are keys that are shared both by 32bit and 64bit applications, while it sound similar to reflection it is not. In reflection while data is merged there are two seperate values stored in the registry - one 32bit and another 64bit - Windows then automatically merges the data to the latest change/update. In Shared Keys only one physical registry key exists - both 32bit and 64bit apps can write to it.
I am not sure on this part but it appears that any other portion of the registry appears to allow 32bit/64 read/write without redirection/reflection. I tested writing to different parts of the registry and did not notice any reflection occuring and it allowed me to read and write to these areas with a VDS application. If anyone has further information please feel free to add to the discussion.
|
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Thu Apr 19, 2007 6:52 am Post subject: |
|
|
Based on this, it looks like if you read/write to HKEY_USERS\*\Software\Classes, HKEY_USERS\*_Classes, any of the reflected keys, or any of the shared keys you will get valid data.
The only key I can see which may give problems is HKEY_LOCAL_MACHINE\Software and any key under it (not including the reflected and shared noted earlier) - this section is redirected for 32bit and 64bit values.
You would have to modify your calls to open, and read registry calls to HKEY_LOCAL_MACHINE\Software\ as Dragonsphere points out with the KEY_WOW64_64KEY and KEY_WOW64_32KEY flags respectively so you can get valid data that was written by a 64bit process to the 64bit portion of the registry; otherwise you will get blank or different data as it is redirected to the 32bit portion of the registry.
You would use the KEY_WOW64_64KEY to get/set specific 64bit registry data.
If you then want to access the registry tree information for 32 bit data you would use KEY_WOW64_32KEY.
These flags allow you to access both 64bit and 32bit registry trees without worrying about redirection, reflection, or shared keys.
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Thu Apr 19, 2007 2:20 pm Post subject: |
|
|
PGWare,
I would try to get the @lib() function to work using this however I do not have access to a 64bit version of windows I see no reason why it would not work. Maybe I will have a bit of code today that we can test?
_________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Thu Apr 19, 2007 3:28 pm Post subject: |
|
|
Sure, you can send it to me over IM or by email and I'll give it a test.
|
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
|
Back to top |
|
|
Ciulla Newbie
Joined: 04 May 2004 Posts: 11
|
Posted: Thu Apr 19, 2007 6:54 pm Post subject: Re: Read Registry on 64bit Windows |
|
|
I tested your script, but I changed the key because vds is not installed on this machine.
the key that I used is: SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate
It all worked.
|
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Thu Apr 19, 2007 7:06 pm Post subject: |
|
|
Ciulla before using that in your scripts allow Dragonsphere to put out a final version. We were doing some testing with it earlier and made some changes.
I was wondering why you were getting null values, and now know why You were checking in HKEY_LOCAL_MACHINE\Software\ which is a redirected key. All other @regread and REGISTRY WRITE functions appear to work right within other parts of the registry. Dragonsphere and I were wondering what keys you were querying and concluded it was one of the redirected HLM\Software\ keys and that is the case.
The key you were quering is redirected in Windows 64bit to HLM\Software\Wow6432Node\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate because you are running a 32bit exe.
Obviously no such key exists, but by using the dsu that dragonsphere created it queries HLM\Software\Microsoft\Updates\Windows Server 2003\SP3\KB925902,InstalledDate without redirection; and as noted works now
|
|
Back to top |
|
|
|