如何获取句柄并枚举注册表路径:“ \\ REGISTRY \\ A \\”?
[英]How to get an handle and enumerate Registry path : “\REGISTRY\A\”?
问题描述
I am trying to get a handle to the Registry hive "\\REGISTRY\\A{GUID}" and enumerate the keys under that handle. 
我正在尝试获取注册表配置单元“ \\ REGISTRY \\ A {GUID}”的句柄,并枚举该句柄下的键。 I been searching for hours but still hasn't got a clue on how to open or enumerate it.Please help me get to the correct API to do so. 我一直在搜索数小时,但仍然不知道如何打开或枚举它。请帮助我获取正确的API来这样做。 Btw, RegOpenKeyEx() and RegEnumKeyEx() doesn't work, I tried. 顺便说一句,我尝试了RegOpenKeyEx()和RegEnumKeyEx()不起作用。
1 个解决方案
解决方案1
0 已采纳 2018-01-05 19:25:25
Applications with handles for "\\REGISTRY\\A\\{GUID}" paths have either called RegLoadAppKey or NtLoadKeyEx . 具有“ \\ REGISTRY \\ A \\ {GUID}”路径句柄的应用程序称为RegLoadAppKey或NtLoadKeyEx 。 RegLoadAppKey loads a private application hive at an automatically generated path, "\\REGISTRY\\A\\{GUID}". RegLoadAppKey在自动生成的路径“ \\ REGISTRY \\ A \\ {GUID}”中加载私有应用程序配置单元。 It returns a handle for the hive's root Key, and subkeys can be enumerated, created and opened relative to this handle. 它返回配置单元根密钥的句柄,并且可以相对于此句柄枚举,创建和打开子项。
It used to be possible to open "A" relative to a handle for "\\REGISTRY" and enumerate its subkeys. 过去可以相对于“ \\ REGISTRY”的句柄打开“ A”并枚举其子项。 This is no longer allowed in Windows 10. I assume access is restricted in the Configuration Manager's parse procedure for Key objects, CmpParseKey . Windows 10不再允许这样做。我认为访问在Configuration Manager的解析过程中对Key对象CmpParseKey 。 However, you can still inspect this Key using a kernel debugger with commands such as !reg q \\REGISTRY\\A . 但是,您仍然可以使用带有!reg q \\REGISTRY\\A命令的内核调试器来检查此Key。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.