32-bit program access to the 64-bit system registry

In short, a 32-bit program can only access a part of the Registry Information on a 64-bit system. To fully access the information, a simple method is to use a 64-bit program. The following is a transfer article:

[Original address: http://blog.sina.com.cn/s/blog_592fe54701008d820.html]

1 Overview

Currently, the computer system has been gradually switched from 32-bit to 64-bit, XP, 2003, and Vista. Currently, 32-bit applications occupy the vast majority, but some applications have both 32-bit and 64-bit versions. To ensure that 32-bit programs can run smoothly on 64-bit systems, Microsoft provides a simulation mechanism called wow64. This system is usually called wow64. In general, wow64 is a set of dynamic link libraries based on the user mode. It can translate 32-bit application commands into a 64-bit system acceptable format. We can see that the 32-bit application runs on a 64-bit system.

 

When a 32-bit application is running, the native library loader is started first ). The loader identifies the application as a 32-bit program and processes it in a special way. The loader creates a wow64 simulation environment for the 32-bit application and gives control to the 32-bit NTDLL. dll. Runs in 32-bit applications and 64-bit NTDLL. the wow64 simulation environment between dll will translate 32-bit application commands into 64-bit NTDLL. DLL is acceptable, and it can also translate system commands into a method that is acceptable to 32-bit applications.

2. How to determine if the system is 64-bit
3. Transition of the file system

A 32-bit process cannot load a 64-bit DLL, or a 64-bit process cannot load a 32-bit DLL. The Windows System directory contains all installed applications and their DLL files. According to the rules described, it should be divided into 64-bit application directories and 32-bit application directories. Otherwise, we cannot distinguish between 32-bit and 64-bit DLL files. For 64-bit applications, the files are usually put in % Windir % \ system32 and % ProgramFiles % (for example: C: \ Program Files ). For 32-bit applications, the files are usually under % WinDir % \ syswow64 and C: \ Program Files (x86. If we use a 32-bit program to access % Windir % \ system32, the system will automatically redirect us to % WinDir % \ syswow64, regardless of hard encoding or other methods. This redirection is enabled by default for every 32-bit application. However, this kind of steering is not always necessary for us. Then, we can call related APIs in C # To disable and enable this turn. There are three common functions: wow64disablewow64fsredirection (turn off system redirection), wow64revertwow64fsredirection (turn on system redirection), and wow64enablewow64fsredirection (turn on system redirection ). However, wow64enablewow64fsredirection is not reliable for nested use. Therefore, the following wow64revertwow64fsredirection is usually used to enable the file system redirection function. In C #, we can use dllimport to directly call these two functions. However, note that these two functions are not available in 32-bit kernel. dll. In C ++, you should use loadlibrary to dynamically load these two functions. Otherwise, compilation fails because the two functions cannot be found. In addition, the current use of these two functions has a small problem. If we call the getopenfilename function of comdlg32.dll after wow64disablewow64fsredirection, the call will fail. However, the error value is not obtained. In C #, you can use the following code to close and open the file redirection.

Declare call rules

[Dllimport ("kernel32.dll", charset = charset. Auto, setlasterror = true)]
Public static extern bool wow64disablewow64fsredirection (ref intptr PTR );
[Dllimport ("kernel32.dll", charset = charset. Auto, setlasterror = true)]
Public static extern bool wow64revertwow64fsredirection (intptr );

Turn Off

Wow64disablewow64fsredirection (ref PTR );

Turn on

Wow64revertwow64fsredirection (PTR );

It should be noted that closing and opening should appear in pairs. To avoid confusion.

4. Registry redirection

To prevent registry key conflicts, some registry keys are also divided into two parts. Some of them are specially accessed by 64-bit systems, while others are specially accessed by 32-bit systems, which are placed under wow6432node. When a 32-bit program accesses some key values, the system automatically redirects the program access to the wow6432node, similar to the file redirection. The wow6432node node is located under HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. If we want to disable this redirection, we can use the wow64disablewow64fsredirection and regopenkeyex methods above. The regopenex method calls the declaration method in C # as follows:

[Dllimport ("advapi32.dll", charset = charset. Auto, setlasterror = true)]
Public static extern uint regopenkeyex (uintptr hkey, string lpsubkey, uint uloptions, int samdesired, out intptr phkresult );

Note the parameter samdesired. This parameter can be equivalent to key_all_access, key_query_value, and key_wow64_64key (For details, refer to msdn ). When we have disabled the redirection of the file system, we can use :( key_query_value | key_wow64_64key) to obtain the full access permission of the Registry. Note that some registry entries under Vista are read-only. If the key_all_access parameter is used, the error "access is denied" (errorcode = 5) appears ). Therefore, if you do not want to write data to the Registry, do not use key_all_access. We can use the following code to completely access the registry.

// Use this function transfer the string key name to hkey handle
Private Static uintptr transferkeyname (string keyname)
{
Uintptr hkey_classes_root = (uintptr) 0x80000000;
Uintptr HKEY_CURRENT_USER = (uintptr) 0x80000001;
Uintptr HKEY_LOCAL_MACHINE = (uintptr) 0x80000002;
Uintptr HKEY_USERS = (uintptr) 0x80000003;
Uintptr hkey_current_config = (uintptr) 0x80000005;

Switch (keyname)
{
Case "hkey_classes_root ":
Return hkey_classes_root;
Case "HKEY_CURRENT_USER ":
Return HKEY_CURRENT_USER;
Case "HKEY_LOCAL_MACHINE ":
Return HKEY_LOCAL_MACHINE;
Case "HKEY_USERS ":
Return HKEY_USERS;
Case "hkey_current_config ":
Return hkey_current_config;
}

Return hkey_classes_root;
}

Public static bool openregkey (string keyname, string subkeyname)
{
Uintptr hkey = transferkeyname (keyname );
Uintptr phkresult = uintptr. zero;
Int key_query_value = (0x0001 );
Int key_wow64_64key = (0x0100 );
Int key_all_wow64 = (key_query_value | key_wow64_64key );

If (is64bitos &&! Iswow64redirectionenabled) // the OS is 64 bit and the fileredirection is closed
{
Samdesired = key_all_wow64;
}

If (regopenkeyex (hkey, subkeyname, 0, samdesired, out phkresult) = 0) // error_success = 0
{
Return true;
}

Int errcode = system. runtime. interopservices. Marshal. getlastwin32error ();

Return false;
}