R.Wieser
2017-09-28 06:48:44 UTC
Hello All,
I'm retrieving/regenerating a registry path from a hKey using NtQueryKey &
KeyNameInformation. The result looks like this:
\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command
I was wondering if there is a standard way of replacing the, in this case*,
first two filder names with a bit more regular name, like HKEY_CLASSES_ROOT
or HKCU
*for the HKEY_CURRENT_USER hive thats three folders, with the last name
being variable.
As I do not really want to compare with a few hard-coded strings (any change
will bite me lin the behind later on. Also, I've got no idea how to retrieve
that third folder name for HKCU) I've tried to retrieve those hive
names/prefixes by just providing a hive ID to NtQueryKey &
KeyNameInformation (so I could compare its output to the first result), but
it didn't return anything (which, as I just realized, also creates a problem
when accessing the default value in the root of such a hive ...).
tl;dr:
How do I convert NTDLL style registry-path result to a Win32 (AdvApi32)
style one ? :-)
Regards,
Rudy Wieser
I'm retrieving/regenerating a registry path from a hKey using NtQueryKey &
KeyNameInformation. The result looks like this:
\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command
I was wondering if there is a standard way of replacing the, in this case*,
first two filder names with a bit more regular name, like HKEY_CLASSES_ROOT
or HKCU
*for the HKEY_CURRENT_USER hive thats three folders, with the last name
being variable.
As I do not really want to compare with a few hard-coded strings (any change
will bite me lin the behind later on. Also, I've got no idea how to retrieve
that third folder name for HKCU) I've tried to retrieve those hive
names/prefixes by just providing a hive ID to NtQueryKey &
KeyNameInformation (so I could compare its output to the first result), but
it didn't return anything (which, as I just realized, also creates a problem
when accessing the default value in the root of such a hive ...).
tl;dr:
How do I convert NTDLL style registry-path result to a Win32 (AdvApi32)
style one ? :-)
Regards,
Rudy Wieser