1 JMH Associates © 2004, All rights reserved Chapter 2-3 Supplement Registry Programming.

1JMH Associates © 2004, All rights reserved

Chapter 2-3 SupplementChapter 2-3 SupplementChapter 2-3 SupplementChapter 2-3 Supplement

Registry Programming


OBJECTIVESOBJECTIVESOBJECTIVESOBJECTIVES

Upon completion of this chapter, you will be able to: Describe the Windows NT registry and its use Understand registry contents and how to interpret them Describe the registry management API Use the registry API to examine and modify registry

contents and structure


OVERVIEW (1 of 2)OVERVIEW (1 of 2)OVERVIEW (1 of 2)OVERVIEW (1 of 2)

System management requires the ability to utilize and modify system information

Hardware configuration Amount of memory, processor types, …

Installed software Versions, vendors, install directories, …

User information Account names, passwords, home directories, …


OVERVIEW (2 of 2)OVERVIEW (2 of 2)OVERVIEW (2 of 2)OVERVIEW (2 of 2)

UNIX’s solution – examples /etc/passwd for user accounts /etc/hosts for network names and addresses User home directories for user preferences

Editors, …

Windows 3.1 solution .INI files

Do not scale well, not centralized, …


REGISTRY OVERVIEW (1 of 3)REGISTRY OVERVIEW (1 of 3)REGISTRY OVERVIEW (1 of 3)REGISTRY OVERVIEW (1 of 3)

Centralized, hierarchical, securable database for application and system configuration information

Access is through “registry keys” A key can contain other keys or name/value pairs

The user or administrator can view and edit the registry contents through the “registry editor”

Accessed by the REGEDIT command from the command prompt

Programs can manage the registry through the registry API functions



The registry name/value pairs contain information such as:

Operating system version number, build number, and registered user

Similar information for every properly installed application Computer’s processor type, system memory, … User-specific information:

Home directory, application preferences, …



Security information — user account names, … Mappings from file name extensions to executable

programs Used by the user interface shell when the user clicks on a file

name icon Mappings from network addresses to host machine names


REGISTRY KEYSREGISTRY KEYSREGISTRY KEYSREGISTRY KEYS

Key: Similar to a files system directory

Each key can contain: Other keys A sequence of name/value pairs

Registry is accessed through keys Four predefined keys


PREDEFINED KEYS (1 of 2)PREDEFINED KEYS (1 of 2)PREDEFINED KEYS (1 of 2)PREDEFINED KEYS (1 of 2)

HKEY_LOCAL_MACHINE Information about the machine, installed software, … Installed software information is created in subkeys of the

form SOFTWARE\CompanyName\ProductName\Version

HKEY_USERS User configuration information


PREDEFINED KEYS (2 of 2)PREDEFINED KEYS (2 of 2)PREDEFINED KEYS (2 of 2)PREDEFINED KEYS (2 of 2)

HKEY_CLASSES_ROOT Subordinate entries of this key define mappings from file

extension names to classes and to applications used by the shell to access objects with the specified extension

HKEY_CURRENT_USER User-specific information (environment variables, printers,

and application preferences) is subordinate to this key Actually a subkey of HKEY_USERS


REGISTRY MANAGEMENTREGISTRY MANAGEMENTREGISTRY MANAGEMENTREGISTRY MANAGEMENT

Key “handles” of type HKEY are used Both to specify a key and to obtain new keys

Values are typed; there are several types to select from: Strings Double words Expandable strings with parameters that can be replaced

with environment variables Many more


KEY MANAGEMENT (1 of 9)KEY MANAGEMENT (1 of 9)KEY MANAGEMENT (1 of 9)KEY MANAGEMENT (1 of 9)

RegOpenKeyEx opens a subkey Starting from a predefined reserved key handle Traverses the registry and obtains a handle to any

subordinate key



LONG RegOpenKeyEx (HKEY hKey,LPCTSTR lpSubKey,DWORD ulOptions,REGSAM SAMDesired,PHKEY phkResult)

The return value is normally ERROR_SUCCESS Any other value indicates an error



hKey Currently open key or one of the four predefined reserved

key handle values

*phkResult Variable of type HKEY to receive the handle of the newly

opened key

lpSubKey — name of the subkey Can be a path, such as Microsoft\WindowsNT\CurrentVersion

A NULL value causes a new, duplicate, key for hKey to be opened



ulOptions must be zero

samDesired Access mask describing new key’s security/rights:

KEY_ALL_ACCESS

KEY_WRITE, KEY_QUERY_VALUE, and

KEY_ENUMERATE_SUBKEYS



Close an open key handle with RegCloseKey Takes the handle as its single parameter

You can obtain names of subkeys By specifying an index to RegEnumKeyEx By specifying a name to RegQueryInfoKey



Key enumeration

LONG RegEnumKeyEx (HKEY hKey,DWORD dwIndex, LPTSTR lpName,LPDWORD lpcbName, LPDWORD lpReserved,LPTSTR lpClass, LPDWORD lpcbClassPFILETIME lpftLastWriteTime)



Include Ex suffix as shown Omit if not shown

Enumerates subkeys Start dwIndex at 0 Increment until NULL

Alternative: RegQueryInfoKey to access from known name



Create new keys They can have security attributes

LONG RegCreateKeyEx (HKEY hKey,LPCTSTR lpSubKey, DWORD Reserved,LPTSTR lpClass, DWORD dwOptions,REGSAM samDesired,LPSECURITY_ATTRIBUTES lpSecurityAttributes,PHKEY phkResult)



Class Key class (object type)

Beyond scope

DwOptions REG_OPTION_[NON]VOLATILE

RegDeleteKey to remove key Key handle and subkey name


VALUE MANAGEMENT (1 of 5)VALUE MANAGEMENT (1 of 5)VALUE MANAGEMENT (1 of 5)VALUE MANAGEMENT (1 of 5)

Similar to key management:

LONG RegEnumValue (HEKY hKey,DWORD dwIndex,LPTSTR lpValueName,LPDWORD lpcbValueName,LPDWORD lpReserved,LPDWORD lpType,LPBYTE lpData, LPDWORD lpcbData)



LONG RegSetValueEx (HKEY lpValueName,DWORD Reserved, DWORD dwType,CONST BYTE * lpData, CONST cbData)



You can enumerate the values for a specified open key using RegEnumValue

Specify an index, originally zero, which is incremented in subsequent calls

On return, you get the string with the value name as well as its size

You also get the value and its type

The actual value is returned in the buffer indicated by lpData

The size of the result can be found from lpcbData



The data type, pointed to by lpType, has numerous possibilities, including:

REG_BINARY REG_DWORD, REG_SZ (a string) REG_EXPAND_SZ (an expandable string with parameters

replaced by environment variables) See the on-line help for a full list of all the value types

Return value: ERROR_SUCCESS if you have found a valid key



RegQueryValueEx is similar Specify a value name rather than an index If you know the value names, you can use this function If you do not know the names, you can scan with

RegEnumValueEx

Set a value within an open key using RegSetValueEx Supply the value name, value type, and actual value data

Delete named values using the function RegDeleteValue


REGISTRY PROCESSING (1 of 2)REGISTRY PROCESSING (1 of 2)REGISTRY PROCESSING (1 of 2)REGISTRY PROCESSING (1 of 2)

Pseudocode to scan a registry key Assume that we first open a key that is known to have

numerous subkeys Each of those subkeys only has name/value pairs Enumerate and list all these pairs

Or use recursion, as in ls


REGISTRY PROCESSING (2 of 2)REGISTRY PROCESSING (2 of 2)REGISTRY PROCESSING (2 of 2)REGISTRY PROCESSING (2 of 2)

RegOpenKeyEx (hKeyKnown, "MyKey", …, &hMyKey); for (i = 0; RegEnumKeyEx (hMyKey, i, SubName, …) == ERROR_SUCCESS; i++) { RegOpenKeyEx (hMyKey, SubName, …, &hSubK); for (j = 0; RegEnumValue (hSubK, j, VName, Data, &Count) == ERROR_SUCCESS; j++) printf (… j, Vname, Data); RegCloseKey (hSubK); }RegCloseKey (hMyKey);


LAB C–1 (Part 1)LAB C–1 (Part 1)LAB C–1 (Part 1)LAB C–1 (Part 1)

Modify the ls program from the Module 2 labs so that it scans and lists the registry rather than the file system

Retain the -l (long) and -R (recursive) options The -l option will list the value You will need to format each value type appropriately


LAB C–1 (Part 2)LAB C–1 (Part 2)LAB C–1 (Part 2)LAB C–1 (Part 2)

Extend lsFP and chmod so as to set and list registry security attributes

Replace the GENERIC_READ [WRITE, EXECUTE] rights with the ones that are appropriate

1 JMH Associates © 2004, All rights reserved Chapter 2-3 Supplement Registry Programming.

Documents

Transcript of 1 JMH Associates © 2004, All rights reserved Chapter 2-3 Supplement Registry Programming.