将DWORD写入REG_DWORD后，注册表中的DWORD值无效？

Question

I'm pretty sure my RegSetSetValueExA works fine, My data I'm writing is (CONST BYTE*)&setValue . My setvalue is a DWORD and I've already wrote to the registry with this with RegOpenKeyExA and it works fine. I think the problem is coming from RegCreateKeyExA because I'm creating my new key from that.

Also, my REG_DWORD requires me to write in Binary for some reason

https://gyazo.com/e418587d579a3e540656f06a2524901f

I've tried looking at other threads but everyone's problem seems different to mine because they're using RegOpenKeyExA .

#include "stdafx.h"
#include <stdio.h>
#include <iostream>
#include <Windows.h>
#include <cstdio>
#include "Strsafe.h"

// Stolen microsoft error code credits:msdn

void ErrorExit(LPTSTR lpszFunction)
{
    // Retrieve the system error message for the last-error code

    LPVOID lpMsgBuf;
    LPVOID lpDisplayBuf;
    DWORD dw = GetLastError();

    FormatMessage(
        FORMAT_MESSAGE_ALLOCATE_BUFFER |
        FORMAT_MESSAGE_FROM_SYSTEM |
        FORMAT_MESSAGE_IGNORE_INSERTS,
        NULL,
        dw,
        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
        (LPTSTR)&lpMsgBuf,
        0, NULL);

    // Display the error message and exit the process

    lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT,
        (lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40) * sizeof(TCHAR));
    StringCchPrintf((LPTSTR)lpDisplayBuf,
        LocalSize(lpDisplayBuf) / sizeof(TCHAR),
        TEXT("%s failed with error %d: %s"),
        lpszFunction, dw, lpMsgBuf);
    MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK);

    LocalFree(lpMsgBuf);
    LocalFree(lpDisplayBuf);
    ExitProcess(dw);
}

// end of stolen code
int main()
{
    DWORD Disposition = REG_CREATED_NEW_KEY;
    BYTE lpData[32];
    DWORD setValue = 2;
    PHKEY throwAwayKey = 0;
    DWORD lpType = { REG_DWORD };
    DWORD lpcbData = { sizeof(lpData) };
    HKEY hKey = 0;
    char regPath[64] = "Software\\Policies\\Microsoft\\Windows\\System";
    char lpValueName[32] = "DisableCMD";

    long RegCKExA = RegCreateKeyExA(HKEY_CURRENT_USER, regPath, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &Disposition);
    if (RegCKExA == ERROR_SUCCESS)
    {
        std::cout << "Successfully executed RegCreatKeyExA\n";
    }
    else
    {
        std::cout << "An error has occurred while executing RRegCreateKeyExA. Error code: ";
        ErrorExit((LPTSTR)TEXT("RegCreateKeyExA"));
        getchar();
        return EXIT_FAILURE;
    }

    long regQVExA = RegQueryValueExA(hKey, lpValueName, NULL, &lpType, (LPBYTE)lpData, &lpcbData);

    if (regQVExA == ERROR_SUCCESS)
    {
        std::cout << "Successfully executed RegQueryValueExA and DisableCMD is already on this computer. Press ENTER to continute\n";
        getchar();
        return ERROR_SUCCESS; // Difference is it returns here if DisableCMD exists
    }
    else
        std::cout << "DisableCMD not found. Starting creation of DisableCMD registry value. Press ENTER to continue";
    getchar();

    auto regSVExA = RegSetValueExA(hKey, lpValueName, 0, REG_DWORD, (CONST BYTE*)&setValue, lpcbData);

    if (regSVExA == ERROR_SUCCESS)
    {
        std::cout << "Successfully executed RegSetValueExA\n";
        getchar();
    }
    else
    {
        std::cout << "An error has occurred while executing RegSetValueExA. Error code: ";
        getchar();
        return EXIT_FAILURE;
    }

    RegCloseKey(hKey);

    return  0;
}

Answer 1

I refactored your functions as WriteDWORD and ReadDWORD . Note that the code is actually VERY SIMILAR to your code. So why did I bother? Well, there is one subtle difference in that I made DWORD the input/output type instead of the BYTE array you had.

LSTATUS WriteDWORD(LPCSTR lpPath, LPCSTR lpValueName, DWORD dwData)
{
    LSTATUS status = ERROR_SUCCESS;
    HKEY hKey = NULL;
    DWORD dwDisposition = 0;
    status = RegCreateKeyExA(HKEY_CURRENT_USER, lpPath, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &dwDisposition);
    if (status != ERROR_SUCCESS)
    {
        return status;
    }

    status = RegSetValueExA(hKey, lpValueName, 0, REG_DWORD, (CONST BYTE*) &dwData, sizeof(DWORD));
    RegCloseKey(hKey);
    return status;
}

LSTATUS ReadDWORD(LPCSTR lpPath, LPCSTR lpValueName, DWORD* pdwData)
{
    LSTATUS status = ERROR_SUCCESS;
    HKEY hKey = NULL;
    DWORD dwDisposition = 0;
    status = RegCreateKeyExA(HKEY_CURRENT_USER, lpPath, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &dwDisposition);
    if (status != ERROR_SUCCESS)
    {
        return status;
    }

    DWORD dwType = 0;
    DWORD cbData = sizeof(DWORD);
    status = RegQueryValueExA(hKey, lpValueName, NULL, &dwType, (LPBYTE)pdwData, &cbData);
    RegCloseKey(hKey);
    return status;
}

Here is a sample usage:

int main()
{
    char szPath[64] = "Software\\Policies\\Microsoft\\Windows\\System";
    char szValueName[32] = "DisableCMD";
    WriteDWORD(szPath, szValueName, 1234);
    DWORD dwValue = 0;
    ReadDWORD(szPath, szValueName, &dwValue); // dwValue now contains 1234
    return 0;
}

Note that I did a few things:

• I used DWORD dwData for the writer but DWORD* pdwData for the reader.
• I preinitialized DWORD cbData = sizeof(DWORD); (ie 4)

I hope this gives you insight to the "Binary" part of your question. A DWORD is 4 bytes. When you wrote it to the registry, you are telling it to store a DWORD which is a 32 bit number or 4 bytes. When you read it back from registry, to reconstitute in your app you should supply a pointer to a DWORD. Since you gave it a byte array, the 32 bit number populated the first 4 bytes of the array you supplied. You may not have understood it but it is the correct behavior.

If you used std::cout you will find that it reacts differently to the same 4 bytes because of the overloaded C++ type. If you had used a DWORD you would have seen your number. However, since you have it in your byte array, it will be binary gibberish.