CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    [RESOLVED] Can't load 64-bit key using RegLoadKey in 32-bit service

    I need to open up and modify a user's registry key from a 32-bit service (note that the user is not logged in at the time.) I do the following:

    Code:
    //For simplicity error checks are not shown
    //I also made sure to enable the following privileges:
    // SE_RESTORE_NAME, SE_BACKUP_NAME
    
    //"ntuser.dat" = is the file OS uses to load user's profile
    RegLoadKey(HKEY_LOCAL_MACHINE, L"Test123", L"C:\\Users\\UserA\\ntuser.dat");
    
    HKEY hKey;
    DWORD dwRes = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
        L"Test123\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify"),
        NULL, KEY_READ | KEY_WOW64_64KEY, &hKey);
    
    //'dwRes' = is returned as 2, or ERROR_FILE_NOT_FOUND
    
    RegUnLoadKey(HKEY_LOCAL_MACHINE, L"Test123");
    The problem is that the "Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" key isn't loaded, even though I know that it exists in the actual user profile. I can verify that by loading the user account and by using 64-bit regedit.

    I suspect that this has something to do with the Wow64 redirection but I can't seem to understand what am I doing wrong?

  2. #2
    Join Date
    Nov 2000
    Location
    Voronezh, Russia
    Posts
    6,620

    Re: Can't load 64-bit key using RegLoadKey in 32-bit service

    It seems "\\Software\\Classes" appears to be another mounting point for a separate hive. And it gets mounted only for loaded user profile. This is just a hunch, as this is what I can see in regedit: HKEY_USERS\<SID string>_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify. No directly loaded hives in regedit have Software\Classes path.

    EDIT: This was in Win 7 64-bit. I just made sure, the same behavior I can see in Windows XP/Vista 32-bit.

    When profile loaded:
    HKEY_USERS\<SID string> is mounted as HKEY_CURRENT_USER
    HKEY_USERS\<SID string>_Classes is mounted as HKEY_CURRENT_USER\Software\Classes
    Last edited by Igor Vartanov; December 19th, 2012 at 04:15 AM.
    Best regards,
    Igor

  3. #3
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    Re: Can't load 64-bit key using RegLoadKey in 32-bit service

    Igor, much appreciated! I haven't been here for some time and here you are again, as always bailing my butt

    How you been?

    Thanks for the clarification. It all checks out, although I'm not quite sure about how to find the `HKEY_USERS\<SID string>_Classes` key in the user's file system. It doesn't seem to be in the ntuser.dat file. Here's how I know this: I copied the "C:\Users\UserA\ntuser.dat" file onto another computer and then did File -> Load Hive and specified that file from regedit. Below are the screenshots. As you can see the key I'm looking for is not there.

    Any idea what .dat file is "HKEY_USERS\<SID string>_Classes" part stored in?
    Attached Images Attached Images    

  4. #4
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    Re: Can't load 64-bit key using RegLoadKey in 32-bit service

    A quick follow-up: I found out that the classes data is actually stored in a different file "\Device\HarddiskVolume2\Users\UserA\AppData\Local\Microsoft\Windows\UsrClass.da​t". Any idea how to get this path from a user's profile?

  5. #5
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    Re: Can't load 64-bit key using RegLoadKey in 32-bit service

    Another correction.

    For Windows Vista and later: The file to load is "%LocalAppData%\Microsoft\Windows\Usrclass.dat" which is a non-roaming part of the user's registry hive. (Mostly COM stuff + some additional settings.) And the key to open after it's loaded is "Test123\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" because of the redirection/mapping that Igor explained above.

    For Windows XP: The file to load is "CSIDL_PROFILE\ntuser.dat" and the key to open is "Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify". Note that in case of Windows XP the classes part of the user's registry hive was still placed in a roaming folder.

  6. #6
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    Re: Can't load 64-bit key using RegLoadKey in 32-bit service

    Oops. Double-posted...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured