this time i tried to STFW at msdn and google...but didn't find anything
so,given an HKEY , how i can retrieve the full registry path to the key in question?
this time i tried to STFW at msdn and google...but didn't find anything
so,given an HKEY , how i can retrieve the full registry path to the key in question?
if you have the key then your program must already know the path. Afterall, it needs to know the path in order to get a key.
it's not the case,because i have to hook another process' NtCreateKey() function from ntdll.dll because i want to know what registry keys it uses
now,consider that in the arguments of NtCreateKey() there is a OBJECT_ATTRIBUTES structure,where there is a UNICODE_STRING that specifies the path name,but it's not the full one,because there is also a HANDLE in OBJECT_ATTRIBUTES that specifies the registry key to which the path is relative
example,if that handle refers to HKEY_CLASSES_ROOT\mykey and the string is "hello" then the key that is going to be created is HKEY_CLASSES_ROOT\mykey\hello
ok,i do this: i call the original NtCreateKey() in my hook function,and so i obtain an handle to this newly created reg key
but now i need to discover the full path name in the registry,using this handle...or,equivalently,i first retrieve HKEY_CLASSES_ROOT\mykey from the handle passed in OBJECT_ATTRIBUTES and then i append "hello"
in both cases,i need a way to get the path name of a key in the registry,having its HKEY only
I think RegQueryInfoKey() is the function you are looking for.
but the only string that it gives in output is the lpszClass parameter,are you sure that it's the registry path ?Originally Posted by bithub
i think it's only the name of the class to which the key belongs,that is a string like these
"REG_SZ"
"REG_DWORD"
...etc.
is it so?