如何从 32 位进程读取 64 位注册表项? [英] How can I read 64-bit registry key from a 32-bit process?
问题描述
我一直在使用 HKEY_LOCAL_MACHINESoftwareMicrosoftCryptography
中的键 MachineGuid
的值来唯一标识主机,但来自运行在 64- 上的 32 位进程位计算机,该值似乎丢失.我猜它是在 Wow6432Node 下搜索的,它确实丢失了.根据这个你 应该能够通过添加标志来获得正确的键,但下面的代码似乎仍然无法完成这项工作.我错过了什么?
I've been using the value of key MachineGuid
from HKEY_LOCAL_MACHINESoftwareMicrosoftCryptography
to uniquely identify hosts, but from 32-bit processes running on 64-bit computers, the value appears to be missing. I guess it's searching under Wow6432Node, where it is indeed missing. According to this you should be able to get to the right key by adding a flag, but below code still doesn't appear to do the job. What am I missing?
const
KEY_WOW64_64KEY=$0100;
var
r:HKEY;
s:string;
i,l:integer;
begin
//use cryptography machineguid, keep a local copy of this in initialization?
l:=40;
if RegOpenKeyEx(HKEY_LOCAL_MACHINE,PChar('SoftwareMicrosoftCryptography'),
0,KEY_QUERY_VALUE,r)=ERROR_SUCCESS then
begin
SetLength(s,l);
if RegQueryValue(r,'MachineGuid',PChar(s),l)=ERROR_SUCCESS then
begin
SetLength(s,l);
RegCloseKey(r);
end
else
begin
//try from-32-to-64
RegCloseKey(r);
if RegOpenKeyEx(HKEY_LOCAL_MACHINE,PChar('SoftwareMicrosoftCryptography'),
0,KEY_QUERY_VALUE or KEY_WOW64_64KEY,r)=ERROR_SUCCESS then
begin
l:=40;
if RegQueryValue(r,'MachineGuid',PChar(s),l)=ERROR_SUCCESS then
SetLength(s,l)
else
l:=0;
RegCloseKey(r);
end;
end;
end;
推荐答案
你的代码不必要地复杂,主要是因为你没有利用内置的 TRegistry
类来保护你免受所有低级注册表 API 的复杂性.例如,考虑以下代码:
Your code is needlessly complex, largely because you are not taking advantage of the built-in TRegistry
class which shields you from all the complexities of the low-level registry API. For example, consider the following code:
type
TRegistryView = (rvDefault, rvRegistry64, rvRegistry32);
function RegistryViewAccessFlag(View: TRegistryView): LongWord;
begin
case View of
rvDefault:
Result := 0;
rvRegistry64:
Result := KEY_WOW64_64KEY;
rvRegistry32:
Result := KEY_WOW64_32KEY;
end;
end;
function ReadRegStr(const Root: HKEY; const Key, Name: string;
const View: TRegistryView=rvDefault): string;
var
Registry: TRegistry;
begin
Registry := TRegistry.Create(KEY_READ or RegistryViewAccessFlag(View));
try
Registry.RootKey := Root;
if not Registry.OpenKey(Key) then
raise ERegistryException.CreateFmt('Key not found: %s', [Key]);
if not Registry.ValueExists(Name) then
raise ERegistryException.CreateFmt('Name not found: %s\%s', [Key, Name]);
Result := Registry.ReadString(Name);//will raise exception in case of failure
finally
Registry.Free;
end;
end;
ReadRegStr
函数会从相对于根键 Root
的键 Key
返回名为 Name
的字符串值>.如果出现错误,例如键或名称不存在,或者值的类型错误,则会引发异常.
The function ReadRegStr
will return the string value named Name
from the key Key
relative to the root key Root
. If there is an error, for example if the key or name do not exists, or if the value is of the wrong type, then an exception will be raised.
View
参数是一个枚举,可让您轻松访问注册表的本机、32 位或 64 位视图.请注意,本机意味着正在运行的进程本机.所以它将是 32 位进程的 32 位视图和 64 位进程的 64 位视图.此枚举反映了 .net 中的等效定义.
The View
parameter is an enumeration that makes it simple for you to access native, 32-bit or 64-bit views of the registry. Note that native means native to the process that is running. So it will be the 32-bit view for a 32-bit process and the 64-bit view for a 64-bit process. This enumeration mirrors the equivalent definition in .net.
这篇关于如何从 32 位进程读取 64 位注册表项?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!