Is there a way to get the full path to a registry key from its handle?

Don_Burn_1

I have the situation where I have a handle to a registry key
and am looking to get back the full path to it. ZwQueryKey
just returns the key name, not the hive it is in and the other
related data. Regmon does this by caching paths, but I have
need to get the path without caching all the data.

Any ideas?

Don Burn
NT Device Driver and Filesystem Consulting

OSR_Community_User

Hello,

Use ZwQueryObject with information class 1. The
returned buffer is a UNICODE_STRING containing the
complete path of the object. Passing the registry
handle will return complete path of the registry key.
Note that: it will be in the format

\REGISTRY\MACHINE... or \REGISTRY\USER\....

You need to map it to top level registry keys such as
HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER etc.

-Prasad

--- Don Burn <[email protected]> wrote:
> I have the situation where I have a handle to a
> registry key
> and am looking to get back the full path to it.
> ZwQueryKey
> just returns the key name, not the hive it is in and
> the other
> related data. Regmon does this by caching paths,
> but I have
> need to get the path without caching all the data.
>
> Any ideas?
>
> Don Burn
> NT Device Driver and Filesystem Consulting
>
>
>
>
>
>
>
> ---
> You are currently subscribed to ntdev as:
> [email protected]
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
>

=====
Prasad S. Dabak
Director of Engineering, Windows NT/2000 Division
Cybermedia Software Private Limited
http://www.cybermedia.co.in
Co-author of the book "Undocumented Windows NT"
ISBN 0764545698

__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com