[英]How to get an handle and enumerate Registry path : “\REGISTRY\A\”?
I am trying to get a handle to the Registry hive "\\REGISTRY\\A{GUID}" and enumerate the keys under that handle. 我正在尝试获取注册表配置单元“ \\ REGISTRY \\ A {GUID}”的句柄,并枚举该句柄下的键。 I been searching for hours but still hasn't got a clue on how to open or enumerate it.Please help me get to the correct API to do so.
我一直在搜索数小时,但仍然不知道如何打开或枚举它。请帮助我获取正确的API来这样做。 Btw, RegOpenKeyEx() and RegEnumKeyEx() doesn't work, I tried.
顺便说一句,我尝试了RegOpenKeyEx()和RegEnumKeyEx()不起作用。
Applications with handles for "\\REGISTRY\\A\\{GUID}" paths have either called RegLoadAppKey
or NtLoadKeyEx
. 具有“ \\ REGISTRY \\ A \\ {GUID}”路径句柄的应用程序称为
RegLoadAppKey
或NtLoadKeyEx
。 RegLoadAppKey
loads a private application hive at an automatically generated path, "\\REGISTRY\\A\\{GUID}". RegLoadAppKey
在自动生成的路径“ \\ REGISTRY \\ A \\ {GUID}”中加载私有应用程序配置单元。 It returns a handle for the hive's root Key, and subkeys can be enumerated, created and opened relative to this handle. 它返回配置单元根密钥的句柄,并且可以相对于此句柄枚举,创建和打开子项。
It used to be possible to open "A" relative to a handle for "\\REGISTRY" and enumerate its subkeys. 过去可以相对于“ \\ REGISTRY”的句柄打开“ A”并枚举其子项。 This is no longer allowed in Windows 10. I assume access is restricted in the Configuration Manager's parse procedure for Key objects,
CmpParseKey
. Windows 10不再允许这样做。我认为访问在Configuration Manager的解析过程中对Key对象
CmpParseKey
。 However, you can still inspect this Key using a kernel debugger with commands such as !reg q \\REGISTRY\\A
. 但是,您仍然可以使用带有
!reg q \\REGISTRY\\A
命令的内核调试器来检查此Key。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.