"Reading window core programming" List of notes

1 The function and organization form of the Register

Windows systems use the register to store system and application configuration data. Very many system and application-critical configuration information is stored in the registration form.

A register is a database organized in a tree-type structure. Each node of the tree is called
Key, each node can include a number of subkeys, keys to store data, the stored data is called the key value. A key can have a key value regardless of whether it has a subkey or not. A key can have very many key values, and each key value has a name. includes several data. There are many types of data that can be included, and table 10.1 lists the data types of the registration table.

The system comes with a booklet editor (Regedit.exe) that enumerates, views, changes, adds, deletes, and subkeys, and key values.

2. Keys, sub-keys, key attributes, and key-value related operations

You need to use the API function RegOpenKey, RegOpenKeyEx open key before you operate on the register key.

After you open the key. Suppose you need to create a new key, using the API functions RegCreateKey, RegCreateKeyEx.

Both sets of functions return a handle to the key (the hkey type). After the handle of the key is obtained, the key can be manipulated.

Create sub-keys using the RegCreateKey, Reg Createkeyex API functions, delete key to make Regdeletekey, Regdeletekeyex function, RegQueryInfoKey API function get key various information, including key value, Keys, etc. get and set key values can also use Reggetvalue, RegQueryValueEx, RegSetValueEx, regquerymultiplevalues, and other functions; Delete the specified key value using the Regdeletevalue function , assuming that you need to traverse the subkeys and key values, you can use the API functions RegEnumKeyEx and RegEnumValue functions.

3 listing entries and key values

Traversing sub-keys and key values enables the use of API functions RegEnumKeyEx and RegEnumValue functions. RegQueryInfoKey. RegEnumKeyEx and RegEnumValue can complete the enumeration of all sub-keys and key values of a key.

4 Set up a self-starting program by using the registration form

There are many ways to self-start a program. The register is one of the most frequently used, with multiple keys having such a function. Most commonly used are: Hkey_lo Cal_machine\software\microsoft\windows\currentversion\run, just set the Reg two SZ type key value, Setting the value to the path of the program allows you to use the program to self-start when the system starts.

Assuming that you only need to boot from the next time the system starts, you can set key hkey_local_machine\ software\microsoft\windows\currentversion\runonce key value.

5 Setting up a debugger that starts with the program (no matter what program)

This section describes how to load the debugger when the program starts (readers can also be used to set up self-launcher programs). "Hkey_local_machine\softwareymicrosoft,\windows NT\CurrentVersion\Image File
The sub-keys under execution Options can be used to specify the startup debugger.

If you need to debug Os_info.exe, create a sub-key "Os_info.exe" under the "Image fileexecution Options" key. The key value is then created, named "Debugger," and the type is REG_SZ. The data is the command line that launches the debugger. This points to WinDbg, such as: "C:\Program files\debugging Tools Forwindows\windbg.exe" (can be any executable file, for example Notepad.exe. When you load the key Name program module, the application specified by the "Debugger" key value is started first, and the executable program that points to the key name is the number of parameters. Executing Os_info.exe will start WinDbg to perform debugging.

6. Specify program crash real-Time debugger

The ability to specify a real-time debugger through a register, such as a debugger such as WinDbg or ollydbg.

Specify a method for the real-time debugger to specify the table key "HKEY LOCAL machine\software\microsoft\ Windows
NT\CurrentVersion\AeDebug "Debugger" key value.

"Reading window core programming" List of notes