Hi,
i know this is a little off-topic, but maybe someone knows a way for this. I want to export all the keys inide HKEY_CLASSES_ROOT and opening the root key with RegOpenKeyEx and KEY_READ | KEY_ENUMERATE_SUB_KEYS | KEY_QUERY_VALUE works fine, but if passed to RegSaveKeyEx() fails with 87 (Wrong Parameter). At first i was thinking of a real wrong parameter, but they all seem to be correct. Since we all know “Wrong parameter” can be any and everything. Wrong parameter necessarily doesnt mean a wrong parameter actually passed to the top-level function, maybe its something from a lower level in the call stack. Thats what i sometimes figured out. Aynway, can someone tell me how i have to call that function to drop that hive key to a file. I am running vista, context is a elevated admin and has virtually all privileges enabled (only for testing on the code for sure), but even with all privs enabled i cant drop that key to a file. If this would be a security issue, then i also shouldnt be able to do the same with registry.exe. With registry.exe and the running threads context with all the privileges i can drop all keys to files without any problem. So the issue must be something else,…but what??? The same code works fine for HKEY_CURRENT_CONFIG and HKEY_CURRENT_USER. Being not able to access the other keys smells like a security thing, since i get a 5 on HKEY_LOCAL_MACHINE (if passed to RegSaveKeyEx). Do i miss a privilege or anything. How do i have the call the functions to gain acces to that keys? Or is this not possible for some reason?
best
K.
You need to open the key with RegCreateKeyEx (not RegCreateKey or
RegOpenKey) and specify REG_OPTION_BACKUP_RESTORE in dwOptions. Your
application also needs to enable the SE_BACKUP_NAME privilege.
//Daniel
wrote in message news:xxxxx@ntdev…
Hi,
i know this is a little off-topic, but maybe someone knows a way for this. I
want to export all the keys inide HKEY_CLASSES_ROOT and opening the root key
with RegOpenKeyEx and KEY_READ | KEY_ENUMERATE_SUB_KEYS | KEY_QUERY_VALUE
works fine, but if passed to RegSaveKeyEx() fails with 87 (Wrong Parameter).
At first i was thinking of a real wrong parameter, but they all seem to be
correct. Since we all know “Wrong parameter” can be any and everything.
Wrong parameter necessarily doesnt mean a wrong parameter actually passed to
the top-level function, maybe its something from a lower level in the call
stack. Thats what i sometimes figured out. Aynway, can someone tell me how i
have to call that function to drop that hive key to a file. I am running
vista, context is a elevated admin and has virtually all privileges enabled
(only for testing on the code for sure), but even with all privs enabled i
cant drop that key to a file. If this would be a security issue, then i also
shouldnt be able to do the same with registry.exe. With registry.exe and the
running threads context with all the privileges i can drop all keys to files
without any problem. So the issue must be something else,…but what??? The
same code works fine for HKEY_CURRENT_CONFIG and HKEY_CURRENT_USER. Being
not able to access the other keys smells like a security thing, since i get
a 5 on HKEY_LOCAL_MACHINE (if passed to RegSaveKeyEx). Do i miss a privilege
or anything. How do i have the call the functions to gain acces to that
keys? Or is this not possible for some reason?
best
K.
btw you cannot save top rootkeys this way, only subkeys (or deeper). Note
that HKCR and HKCU are symbolic links inside HKLM and HKU.
//Daniel
>inide HKEY_CLASSES_ROOT
Try HKLM\SOFTWARE\Classes, which is a synonym.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
On 09-Nov-2011 13:00, Maxim S. Shatskih wrote:
> inide HKEY_CLASSES_ROOT
Try HKLM\SOFTWARE\Classes, which is a synonym.
HKCR is merge of HKLM\SOFTWARE\Classes and HKU<sid>_Classes. You can
enumerate it, but RegKeySave works only on real keys.
– pa
Thank you for all the answers, now it makes it clear.
btw you cannot save top rootkeys this way
What if i want to save a root key, what do i have to do in that case? In my case i only need to do so on HKCR.
HKCR is merge of HKLM\SOFTWARE\Classes and HKU<sid>_Classes.
Ho is it merged? Both keys under one key or mixed in some way?
best
K.
wrote in message news:xxxxx@ntdev…
> Thank you for all the answers, now it makes it clear.
>
>>btw you cannot save top rootkeys this way
>
> What if i want to save a root key, what do i have to do in that case? In
> my case i only need to do so on HKCR.
As registry hive file conists of relative paths (not absolute) so what you
can do is merge contents yourself by copying them yourself to a temporary
hive in the right order and then save from there. Security descriptors and
class information will complicate this further. The question is what is the
purpose of such an excercise as you will not be able to reimport such a
hive, at least without messing things up and losing per user settings.
>
>>HKCR is merge of HKLM\SOFTWARE\Classes and HKU<sid>_Classes.
>
> Ho is it merged? Both keys under one key or mixed in some way?
>
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724475(v=vs.85).aspx
//Daniel
Hi,
The question is what is the purpose of such an excercise as you will not be able to reimport such a hive.
i wanted to backup the complete HKCR because of all the file associations, so i can have a look at it later if there is something wrong,…thats it. I know i can do a reg.exe or regedit.exe export, but i wanted this to be binary, but since i never did that before, it was kinda important for me, why this and that failed for whatever reason. For a general full registry backup i would use volume shadow copy for sure and backup all inside config directory and users profile .DAT file, but thats not intended for now. Thanks for the link,…
BTW: Volume Shadow Serivce is one hard interface, kinda hard to understand how to copy even a single locked file,…i am reading it currently and i do not seem to get nowhere,…
best
K.
wrote in message news:xxxxx@ntdev…
> Hi,
>
>>The question is what is the purpose of such an excercise as you will not
>>be able to reimport such a hive.
>
> i wanted to backup the complete HKCR because of all the file associations,
> so i can have a look at it later if there is something wrong,…thats it.
> I know i can do a reg.exe or regedit.exe export, but i wanted this to be
> binary, but since i never did that before, it was kinda important for me,
> why this and that failed for whatever reason. For a general full registry
> backup i would use volume shadow copy for sure and backup all inside
> config directory and users profile .DAT file, but thats not intended for
> now. Thanks for the link,…
–
So you forget about HKCR and you just export HKLM\classes and HKCU\classes
separately. To save HKCU you must find the SID of the user currently logged
on and find it as a subkey of HKEY_USERS and call RegSaveKey on that.
Note that you cannot use text based registry files for this purpose for a
lot of reasons. The registry must be locked for a consistent state,
RegSaveKey does this for you. Also text based registry files do not include
class information and security descriptors. Fortunately this was not your
idea.
//Daniel
Hi Daniel,
Fortunately this was not your idea
no, that was not the idea behind this.
To save HKCU you must find the SID of the user currently logged on and find it as a subkey of
HKEY_USERS and call RegSaveKey on that
I remember this from ZwCreateKey() when i had to export a users hive i had to find his SID and then drop that key, but this was another topic.
Note that you cannot use text based registry files for this purpose for a lot of reasons. The registry
must be locked for a consistent state, RegSaveKey does this for you.
So this means if i export anything with the reg.exe or regedit.exe there will be high chances on missing data on the dump if something is written exactly on that moment? All the security stuff is not necessary for me at this moment, But how do all these tools i mentionet access and drop the information to a file if not using advapi or ntdll calls for this and not locking the registry for this while dumping data? I guess you know what i mean…
Also text based registry files do not include class information and security descriptors. Fortunately
this was not your idea.
I dont need that here at the moment,…
Best
K.
wrote in message news:xxxxx@ntdev…
>>Note that you cannot use text based registry files for this purpose for a
>>lot of reasons. The registry
>>must be locked for a consistent state, RegSaveKey does this for you.
>
> So this means if i export anything with the reg.exe or regedit.exe there
> will be high chances on missing data on the dump if something is written
> exactly on that moment? All the security stuff is not necessary for me at
> this moment, But how do all these tools i mentionet access and drop the
> information to a file if not using advapi or ntdll calls for this and not
> locking the registry for this while dumping data? I guess you know what i
> mean…
>
I am not 100% sure if RegEdit or the undocumented calls on which it relies
that export to a text file do not lock the registry. But what I do know is
that trying to restore the registry using text based registry files is a
great way to screw up a system to the point it becomes unbootable. That may
not count for HKCR but surely for the SAM database.
//Daniel
xxxxx@resplendence.com wrote:
I am not 100% sure if RegEdit or the undocumented calls on which it relies
that export to a text file do not lock the registry. But what I do know is
that trying to restore the registry using text based registry files is a
great way to screw up a system to the point it becomes unbootable. That may
not count for HKCR but surely for the SAM database.
Quite a number of us have taken our usual stance of issuing dire
warnings of life-altering consequences in our replies, but it would be
good to remember that all he wants to do (if I understand the problem
parameters) is save and restore the file associations. That is not a
highly dynamic part of the registry, and for the most part it’s easily
recreated if something blows up.
Really, the price of a protection strategy has to be balanced against
the odds of something going wrong and the cost of a disaster. The odds
and the cost here are both pretty low.
–
Tim Roberts, xxxxx@probo.com
Providenza& Boekelheide, Inc.
As said i only want to save the file assoc. stuff, thats all. I only touched the other keys to see if this is a general problem related to security or my fault in some way why these calls fail. For more sensetive stuff ill do a shadow copy or restore point which is the right direction to make a copy of the registry data,…
K.
“Tim Roberts” wrote in message news:xxxxx@ntdev…
> xxxxx@resplendence.com wrote:
>> I am not 100% sure if RegEdit or the undocumented calls on which it
>> relies
>> that export to a text file do not lock the registry. But what I do know
>> is
>> that trying to restore the registry using text based registry files is a
>> great way to screw up a system to the point it becomes unbootable. That
>> may
>> not count for HKCR but surely for the SAM database.
>
> Quite a number of us have taken our usual stance of issuing dire warnings
> of life-altering consequences in our replies, but it would be good to
> remember that all he wants to do (if I understand the problem parameters)
> is save and restore the file associations. That is not a highly dynamic
> part of the registry, and for the most part it’s easily recreated if
> something blows up.
>
> Really, the price of a protection strategy has to be balanced against the
> odds of something going wrong and the cost of a disaster. The odds and
> the cost here are both pretty low.
>
Then jolly good luck to those who follow your advice. The classes hives
contain much more than file associations alone such as all COM classes in
the system.
//Daniel