Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Registry Operations using Win32 - Part 1


  • Please log in to reply
No replies to this topic

#1 se7en

se7en

    CC Regular

  • Member
  • PipPipPip
  • 32 posts

Posted 15 April 2011 - 10:44 PM

Registry Operations using Win32 - Part 1

Registry Operations using Win32

The basic functions you will need to manipulate registry are :

1. RegOpenKeyEx()
2. RegCreateKeyEx()
3. RegQueryValueEx()
4. RegSetValueEx()
5. RegDeleteValue()
6. RegDeleteKey()
7. RegEnumKeyEx()
8. RegCloseKey()

Explanations

1.RegOpenKeyEx()- Used to open a registry key.
The definition of the function according to Win32 API reference is like this:
LONG RegOpenKeyEx(
HKEY hKey,    // handle of open key
LPCTSTR lpSubKey,    // address of name of subkey to open
DWORD ulOptions,    // reserved
REGSAM samDesired,    // security access mask
PHKEY phkResult     // address of handle of open key
);
Okay, the syntax is really self explanatory but let me explain if you have any doubts.
First parameter is HKEY hkey. We give the name of the hive which we want to access.
ie , if I want to access HKEY_LOCAL_MACHINE, I would write that.
Second is name of Subkey. For eg, just consider that I need to access the subkey
Software\Microsoft\Windows
Then I would write "Software\\Microsoft\\Windows"
Third parameter is ulOptions which is set 0 .
Fourth parameter is samDesired. This describes security access for the key.
Some parameters you can use are KEY_ALL_ACCESS (for complete access),
KEY_EXECUTE (For read access) , KEY_CREATE_SUB_KEY (permission to create sub key) and so on...
For a list of complete values, please refer to MSDN library.
The fifth parameter is PHKEY , which is a pointer to the handle which receives the result of the
operation.
The function returns ERROR_SUCCESS if there was no error.
Eg.
Say, I wanted to access the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
I would write the code :
HKEY hKey;
LONG res;
res=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_ALL_ACCESS,hKey);
if(res!=ERROR_SUCCESS)
MessageBox(0,"Error Opening Registry Key","Error",0);
The above example is very simple. a variable res checks the return value of RegOpenKeyEx() function and checks
sees if it's ERROR_SUCCESS. If it was ok, then we have handle to the key in handle named hKey .

2.RegCreateKeyEx()- Used to create a new subkey or open an already existing registry key.
The Win32 API reference definition of the function is
LONG RegCreateKeyEx(
HKEY hKey,    // handle of an open key
LPCTSTR lpSubKey,    // address of subkey name
DWORD Reserved,    // reserved
LPTSTR lpClass,    // address of class string
DWORD dwOptions,    // special options flag
REGSAM samDesired,    // desired security access
LPSECURITY_ATTRIBUTES lpSecurityAttributes,    // address of key security structure
PHKEY phkResult,    // address of buffer for opened handle
LPDWORD lpdwDisposition     // address of disposition value buffer
);
There are 5 new arguments here that you have not seen.
The third argument Reserved is always set as 0.
The fourth argument lpClass points to a null-terminated string that specifies the class (object type) of this key. Thisparameter is ignored if the key already exists. This can be ignored and set as NULL.
The dwOptions flag can be for the time being set as 0 which gives it a default value of REG_OPTION_NON_VOLATILE.

The seventh option pSecurityAttributes can be set as NULL as we are just starting. This is actually a pointer to a
SECURITY_ATTRIBUTES structure.
The lpdwDisposition parameter is a pointer to a DWORD value. It accepts values which can be checked to see it the
function has succeeded.
Eg. If I wanted to create or open a subkey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
The code would be.
DWORD dwDisposition;
HKEY hKey;
RegCreateKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, 0, 0, NULL, &hKey, &dwDisposition);
    if (dwDisposition != REG_CREATED_NEW_KEY && dwDisposition != REG_OPENED_EXISTING_KEY)
MessageBox(0,"The function failed","Error",0);

3. RegQueryValueEx() - Retrieves the type and data for the specified registry value.
The definition is :
LONG RegQueryValueEx(
HKEY hKey,    // handle of key to query
LPTSTR lpValueName,    // address of name of value to query
LPDWORD lpReserved,    // reserved
LPDWORD lpType,    // address of buffer for value type
LPBYTE lpData,    // address of data buffer
LPDWORD lpcbData     // address of data buffer size
);
The first parameter is the handle to opened key .
The second parameter is the pointer to name of value to be queried.
The third parameter is lpReserved and is set as NULL

The fourth parameter is lpType, which is pointer to variable which recevies the key's value type.

The fifth one is lpData, which is pointer to variable that receives data of the value queried.
The last one os lpcbData. This is a pointer to the variable that specifies the size, in bytes, of lpData.
When the function returns, this variable contains the size of the data copied to lpData.

Eg. Consider that I have opened the subkey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and its handle is hKey.
I have to query the value named "abcd"
The code would be:
DWORD res;
DWORD type =REG_DWORD;
DWORD cbData =1024;
DWORD val;
res=RegQueryValueEx(hKey,"abcd", NULL, &type, (LPBYTE)&val, &cbData);
if(res!=ERROR_SUCCESS0
MessageBox(0,"Error reading value","Error",0);
If the function succeeds, the data will be stored in variable named val .

That is all for today! Will continue the rest later!
  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download