Registry entry

I’m facing a “SymbolicLinkValue” ValueName creation problem. In a kernel mode component we intercept registry related operations, and I saw some behavior that is bit difficult to resolve, so I tried to move to the usr land to see how it reacts. I was pointed to an user level code that I was trying to exercise and found does not work, so I modified and made it to work in the sense that all the return values are ERROR_SUCCESS ( ie. 0 ). Once the link is created I can see the tree up to and including “Link” opening it up shows nothing ( was expecting a value name SymbolicLinkValue). But soon after, if I close the regedit window, and later I reopen regedit, and try to look at the tree, I have cannot open link: Error while opening key". The link target in this case is SMT, and I handcreated the key using regedit before exercising the following code. Now in regedit, I dont see the key. (THIS TEST MACHINE IS QUITE VERGIN IN THE SENSE THAT IT DOES NOT HAVE EXTRA SOFTWARE INSTALLED JUST BARE XP ( WITH sp1 or sp2 ).

It is a mystry for me to "How to sanely create SymbolicLinkValue and attach target !!!

Code follows —

-pro

/*
Hi!

One of the most mysterious details of the registry has been uncovered, the
registry link. Didn’t you ever wonder what this REG_LINK value type is used
for? Or what about the key access right KEY_CREATE_LINK?

At least one registry link is used in Windows NT/2K/XP.
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet” is a link to one of the
“HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX” keys (XXX can be any three digit
number, starting at 001).

The available documentation does not provide any useful information about
registry links other than trivial statements, like: ‘A registry link is a
link to link registry keys.’

On the net, I found a posting about someones unsuccessful attempt to create
a registry link. This was the only useful information I found.

After some extensive research I got it working:
Let’s assume you have a existing key “HKEY_LOCAL_MACHINE\SOFTWARE\SMT” and
the new key “HKEY_LOCAL_MACHINE\SOFTWARE\Test\Link” should point to it. Then
the following code will do the trick:

*/

#include <windows.h>

void main()
{
//

HKEY hKeyHandle, hKey;
DWORD dwDisposition;
DWORD dwLength;

PWCHAR ValueName = L"SymbolicLinkValue";
PWCHAR Buffer= L"\Registry\Machine\SOFTWARE\SMT";

LONG retVal, lResult;

lResult = RegOpenKeyExW (HKEY_LOCAL_MACHINE, L"SOFTWARE", 0, KEY_ALL_ACCESS, &hKey);

retVal = RegCreateKeyExW(hKey, //HKEY_LOCAL_MACHINE,
L"TtLnkTT",
0,
NULL,
REG_OPTION_NON_VOLATILE , //REG_OPTION_VOLATILE| REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS , //| KEY_CREATE_LINK,
NULL,
&hKeyHandle,
&dwDisposition);

CloseHandle(hKey);

/* create the key /
retVal = RegCreateKeyExW(hKeyHandle, //HKEY_LOCAL_MACHINE,
L"Link",
0,
NULL,
REG_OPTION_VOLATILE | REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS | KEY_CREATE_LINK,
NULL,
&hKey,
&dwDisposition);

CloseHandle(hKeyHandle);

/
Note: length WITHOUT the terminating zero /
dwLength = wcslen(Buffer) * sizeof(WCHAR);

/
set the link value /
retVal = RegSetValueExW(hKey,
ValueName,
0,
REG_LINK,
(const BYTE )Buffer,
dwLength);

RegCloseKey(hKey);

}

/

I still have to find out whether registry links can be removed or changed.

Regards,
Eric
/</windows.h>

Why do you want to create your own registry symbolic links ? Anyway, the February 2001 issue of Windows Developer Journal (now WinDevMag) handles the topic in detail.

Regards,

Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.com

“Prokash Sinha” wrote in message news:xxxxx@ntdev…
I’m facing a “SymbolicLinkValue” ValueName creation problem. In a kernel mode component we intercept registry related operations, and I saw some behavior that is bit difficult to resolve, so I tried to move to the usr land to see how it reacts. I was pointed to an user level code that I was trying to exercise and found does not work, so I modified and made it to work in the sense that all the return values are ERROR_SUCCESS ( ie. 0 ). Once the link is created I can see the tree up to and including “Link” opening it up shows nothing ( was expecting a value name SymbolicLinkValue). But soon after, if I close the regedit window, and later I reopen regedit, and try to look at the tree, I have cannot open link: Error while opening key". The link target in this case is SMT, and I handcreated the key using regedit before exercising the following code. Now in regedit, I dont see the key. (THIS TEST MACHINE IS QUITE VERGIN IN THE SENSE THAT IT DOES NOT HAVE EXTRA SOFTWARE INSTALLED JUST BARE XP ( WITH sp1 or sp2 ).

It is a mystry for me to “How to sanely create SymbolicLinkValue and attach target !!!

Code follows —

-pro

/
Hi!

One of the most mysterious details of the registry has been uncovered, the
registry link. Didn’t you ever wonder what this REG_LINK value type is used
for? Or what about the key access right KEY_CREATE_LINK?

At least one registry link is used in Windows NT/2K/XP.
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet” is a link to one of the
“HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX” keys (XXX can be any three digit
number, starting at 001).

The available documentation does not provide any useful information about
registry links other than trivial statements, like: ‘A registry link is a
link to link registry keys.’

On the net, I found a posting about someones unsuccessful attempt to create
a registry link. This was the only useful information I found.

After some extensive research I got it working:
Let’s assume you have a existing key “HKEY_LOCAL_MACHINE\SOFTWARE\SMT” and
the new key “HKEY_LOCAL_MACHINE\SOFTWARE\Test\Link” should point to it. Then
the following code will do the trick:

/

#include <windows.h>

void main()
{
//

HKEY hKeyHandle, hKey;
DWORD dwDisposition;
DWORD dwLength;

PWCHAR ValueName = L"SymbolicLinkValue”;
PWCHAR Buffer= L"\Registry\Machine\SOFTWARE\SMT";

LONG retVal, lResult;

lResult = RegOpenKeyExW (HKEY_LOCAL_MACHINE, L"SOFTWARE", 0, KEY_ALL_ACCESS, &hKey);

retVal = RegCreateKeyExW(hKey, //HKEY_LOCAL_MACHINE,
L"TtLnkTT",
0,
NULL,
REG_OPTION_NON_VOLATILE , //REG_OPTION_VOLATILE| REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS , //| KEY_CREATE_LINK,
NULL,
&hKeyHandle,
&dwDisposition);

CloseHandle(hKey);

/* create the key /
retVal = RegCreateKeyExW(hKeyHandle, //HKEY_LOCAL_MACHINE,
L"Link",
0,
NULL,
REG_OPTION_VOLATILE | REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS | KEY_CREATE_LINK,
NULL,
&hKey,
&dwDisposition);

CloseHandle(hKeyHandle);

/
Note: length WITHOUT the terminating zero /
dwLength = wcslen(Buffer) * sizeof(WCHAR);

/
set the link value */
retVal = RegSetValueExW(hKey,
ValueName,
0,
REG_LINK,
(const BYTE )Buffer,
dwLength);

RegCloseKey(hKey);

}

/

I still have to find out whether registry links can be removed or changed.

Regards,
Eric
*/</windows.h>

Thanks for the ptr.

No I dont want to create … But I need to understand this to comeup with a small application pkg that I need to exercise a *problem area*. It is related to virtual instalation of application(s).

-pro
----- Original Message -----
From: Daniel Terhell
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Friday, March 18, 2005 1:34 AM
Subject: Re:[ntdev] Registry entry

Why do you want to create your own registry symbolic links ? Anyway, the February 2001 issue of Windows Developer Journal (now WinDevMag) handles the topic in detail.

Regards,

Daniel Terhell
Resplendence Software Projects Sp
xxxxx@resplendence.com
http://www.resplendence.com

Daniel,

That was a smart pointer you gave me :). I was able to take the *minimalist* approach to create small pkg out of it, streamed for virtual installation, AND BANG, someone’s mind was not working while coding some parts of it, so debugging became so much easier, and needless to say now I understand more about this symboliclinkvalue mechanism.

For the debugger experts, is there anyway one can have conditional breakpoint on a string value. Might sound like a visual basic approach, but I have not found anyway to do that in windbg. For DWORD etc, yes it is possible.

-pro
----- Original Message -----
From: Prokash Sinha
To: Windows System Software Devs Interest List
Sent: Thursday, March 17, 2005 4:34 PM
Subject: [ntdev] Registry entry

I’m facing a “SymbolicLinkValue” ValueName creation problem. In a kernel mode component we intercept registry related operations, and I saw some behavior that is bit difficult to resolve, so I tried to move to the usr land to see how it reacts. I was pointed to an user level code that I was trying to exercise and found does not work, so I modified and made it to work in the sense that all the return values are ERROR_SUCCESS ( ie. 0 ). Once the link is created I can see the tree up to and including “Link” opening it up shows nothing ( was expecting a value name SymbolicLinkValue). But soon after, if I close the regedit window, and later I reopen regedit, and try to look at the tree, I have cannot open link: Error while opening key". The link target in this case is SMT, and I handcreated the key using regedit before exercising the following code. Now in regedit, I dont see the key. (THIS TEST MACHINE IS QUITE VERGIN IN THE SENSE THAT IT DOES NOT HAVE EXTRA SOFTWARE INSTALLED JUST BARE XP ( WITH sp1 or sp2 ).

It is a mystry for me to "How to sanely create SymbolicLinkValue and attach target !!!

Code follows —

-pro

/*
Hi!

One of the most mysterious details of the registry has been uncovered, the
registry link. Didn’t you ever wonder what this REG_LINK value type is used
for? Or what about the key access right KEY_CREATE_LINK?

At least one registry link is used in Windows NT/2K/XP.
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet” is a link to one of the
“HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX” keys (XXX can be any three digit
number, starting at 001).

The available documentation does not provide any useful information about
registry links other than trivial statements, like: ‘A registry link is a
link to link registry keys.’

On the net, I found a posting about someones unsuccessful attempt to create
a registry link. This was the only useful information I found.

After some extensive research I got it working:
Let’s assume you have a existing key “HKEY_LOCAL_MACHINE\SOFTWARE\SMT” and
the new key “HKEY_LOCAL_MACHINE\SOFTWARE\Test\Link” should point to it. Then
the following code will do the trick:

*/

#include <windows.h>

void main()
{
//

HKEY hKeyHandle, hKey;
DWORD dwDisposition;
DWORD dwLength;

PWCHAR ValueName = L"SymbolicLinkValue";
PWCHAR Buffer= L"\Registry\Machine\SOFTWARE\SMT";

LONG retVal, lResult;

lResult = RegOpenKeyExW (HKEY_LOCAL_MACHINE, L"SOFTWARE", 0, KEY_ALL_ACCESS, &hKey);

retVal = RegCreateKeyExW(hKey, //HKEY_LOCAL_MACHINE,
L"TtLnkTT",
0,
NULL,
REG_OPTION_NON_VOLATILE , //REG_OPTION_VOLATILE| REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS , //| KEY_CREATE_LINK,
NULL,
&hKeyHandle,
&dwDisposition);

CloseHandle(hKey);

/* create the key /
retVal = RegCreateKeyExW(hKeyHandle, //HKEY_LOCAL_MACHINE,
L"Link",
0,
NULL,
REG_OPTION_VOLATILE | REG_OPTION_CREATE_LINK,
KEY_ALL_ACCESS | KEY_CREATE_LINK,
NULL,
&hKey,
&dwDisposition);

CloseHandle(hKeyHandle);

/
Note: length WITHOUT the terminating zero /
dwLength = wcslen(Buffer) * sizeof(WCHAR);

/
set the link value */
retVal = RegSetValueExW(hKey,
ValueName,
0,
REG_LINK,
(const BYTE )Buffer,
dwLength);

RegCloseKey(hKey);

}

/

I still have to find out whether registry links can be removed or changed.

Regards,
Eric
*/


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</windows.h>