Chapter 2-3 Supplement

Chapter 2-3 Supplement Registry Programming

OBJECTIVES • Upon completion of this chapter, you will be able to: • Describe the Windows NT registry and its use • Understand registry contents and how to interpret them • Describe the registry management API • Use the registry API to examine and modify registry contents and structure

OVERVIEW (1 of 2) • System management requires the ability to utilize and modify system information • Hardware configuration • Amount of memory, processor types, … • Installed software • Versions, vendors, install directories, … • User information • Account names, passwords, home directories, …

OVERVIEW (2 of 2) • UNIX’s solution – examples • /etc/passwd for user accounts • /etc/hosts for network names and addresses • User home directories for user preferences • Editors, … • Windows 3.1 solution • .INI files • Do not scale well, not centralized, …

REGISTRY OVERVIEW (1 of 3) • Centralized, hierarchical, securable database for application and system configuration information • Access is through “registry keys” • A key can contain other keys or name/value pairs • The user or administrator can view and edit the registry contents through the “registry editor” • Accessed by the REGEDIT command from the command prompt • Programs can manage the registry through the registry API functions

REGISTRY OVERVIEW (2 of 3) • The registry name/value pairs contain information such as: • Operating system version number, build number, and registered user • Similar information for every properly installed application • Computer’s processor type, system memory, … • User-specific information: • Home directory, application preferences, …

REGISTRY OVERVIEW (3 of 3) • Security information — user account names, … • Mappings from file name extensions to executable programs • Used by the user interface shell when the user clicks on a file name icon • Mappings from network addresses to host machine names

REGISTRY KEYS • Key: Similar to a files system directory • Each key can contain: • Other keys • A sequence of name/value pairs • Registry is accessed through keys • Four predefined keys

PREDEFINED KEYS (1 of 2) • HKEY_LOCAL_MACHINE • Information about the machine, installed software, … • Installed software information is created in subkeys of the form SOFTWARE\CompanyName\ProductName\Version • HKEY_USERS • User configuration information

PREDEFINED KEYS (2 of 2) • HKEY_CLASSES_ROOT • Subordinate entries of this key define mappings from file extension names to classes and to applications used by the shell to access objects with the specified extension • HKEY_CURRENT_USER • User-specific information (environment variables, printers, and application preferences) is subordinate to this key • Actually a subkey of HKEY_USERS

REGISTRY MANAGEMENT • Key “handles” of type HKEY are used • Both to specify a key and to obtain new keys • Values are typed; there are several types to select from: • Strings • Double words • Expandable strings with parameters that can be replaced with environment variables • Many more

KEY MANAGEMENT (1 of 9) • RegOpenKeyEx opens a subkey • Starting from a predefined reserved key handle • Traverses the registry and obtains a handle to any subordinate key

KEY MANAGEMENT (2 of 9) • LONG RegOpenKeyEx (HKEY hKey, • LPCTSTR lpSubKey, • DWORD ulOptions, • REGSAM SAMDesired, • PHKEY phkResult) • The return value is normally ERROR_SUCCESS • Any other value indicates an error

KEY MANAGEMENT (3 of 9) • hKey • Currently open key or one of the four predefined reserved key handle values • *phkResult • Variable of type HKEY to receive the handle of the newly opened key • lpSubKey — name of the subkey • Can be a path, such as Microsoft\WindowsNT\CurrentVersion • A NULL value causes a new, duplicate, key for hKey to be opened

KEY MANAGEMENT (4 of 9) • ulOptionsmust be zero • samDesired • Access mask describing new key’s security/rights: KEY_ALL_ACCESS KEY_WRITE, KEY_QUERY_VALUE, and KEY_ENUMERATE_SUBKEYS

KEY MANAGEMENT (5 of 9) • Close an open key handle with RegCloseKey • Takes the handle as its single parameter • You can obtain names of subkeys • By specifying an index to RegEnumKeyEx • By specifying a name to RegQueryInfoKey

KEY MANAGEMENT (6 of 9) • Key enumeration • LONG RegEnumKeyEx (HKEY hKey, • DWORD dwIndex, LPTSTR lpName, • LPDWORD lpcbName, LPDWORD lpReserved, • LPTSTR lpClass, LPDWORD lpcbClass • PFILETIME lpftLastWriteTime)

KEY MANAGEMENT (7 of 9) • Include Ex suffix as shown • Omit if not shown • Enumerates subkeys • Start dwIndex at 0 • Increment until NULL • Alternative: RegQueryInfoKey to access from known name

KEY MANAGEMENT (8 of 9) • Create new keys • They can have security attributes • LONG RegCreateKeyEx (HKEY hKey, • LPCTSTR lpSubKey, DWORD Reserved, • LPTSTR lpClass, DWORD dwOptions, • REGSAM samDesired, • LPSECURITY_ATTRIBUTES lpSecurityAttributes, • PHKEY phkResult)

KEY MANAGEMENT (9 of 9) • Class • Key class (object type) • Beyond scope • DwOptions • REG_OPTION_[NON]VOLATILE • RegDeleteKey to remove key • Key handle and subkey name

VALUE MANAGEMENT (1 of 5) • Similar to key management: • LONG RegEnumValue (HEKY hKey, • DWORD dwIndex, • LPTSTR lpValueName, • LPDWORD lpcbValueName, • LPDWORD lpReserved, • LPDWORD lpType, • LPBYTE lpData, • LPDWORD lpcbData)

VALUE MANAGEMENT (2 of 5) • LONG RegSetValueEx (HKEY lpValueName, • DWORD Reserved, DWORD dwType, • CONST BYTE * lpData, CONST cbData)

VALUE MANAGEMENT (3 of 5) • You can enumerate the values for a specified open key using RegEnumValue • Specify an index, originally zero, which is incremented in subsequent calls • On return, you get the string with the value name as well as its size • You also get the value and its type • The actual value is returned in the buffer indicated by lpData • The size of the result can be found from lpcbData

VALUE MANAGEMENT (4 of 5) • The data type, pointed to by lpType, has numerous possibilities, including: • REG_BINARY • REG_DWORD, REG_SZ (a string) • REG_EXPAND_SZ (an expandable string with parameters replaced by environment variables) • See the on-line help for a full list of all the value types • Return value: ERROR_SUCCESS if you have found a valid key

VALUE MANAGEMENT (5 of 5) • RegQueryValueExis similar • Specify a value name rather than an index • If you know the value names, you can use this function • If you do not know the names, you can scan with RegEnumValueEx • Set a value within an open key using RegSetValueEx • Supply the value name, value type, and actual value data • Delete named values using the function RegDeleteValue

REGISTRY PROCESSING (1 of 2) • Pseudocode to scan a registry key • Assume that we first open a key that is known to have numerous subkeys • Each of those subkeys only has name/value pairs • Enumerate and list all these pairs • Or use recursion, as in ls

REGISTRY PROCESSING (2 of 2) RegOpenKeyEx (hKeyKnown, "MyKey", …, &hMyKey); for (i = 0; RegEnumKeyEx (hMyKey, i, SubName, …) == ERROR_SUCCESS; i++) { RegOpenKeyEx (hMyKey, SubName, …, &hSubK); for (j = 0; RegEnumValue (hSubK, j, VName, Data, &Count) == ERROR_SUCCESS; j++) printf (… j, Vname, Data); RegCloseKey (hSubK); } RegCloseKey (hMyKey);

LAB C–1 (Part 1) • Modify the ls program from the Module 2 labs so that it scans and lists the registry rather than the file system • Retain the -l (long) and -R (recursive) options • The -l option will list the value • You will need to format each value type appropriately

LAB C–1 (Part 2) • Extend lsFP and chmod so as to set and list registry security attributes • Replace the GENERIC_READ [WRITE, EXECUTE] rights with the ones that are appropriate

Chapter 2-3 Supplement

Chapter 2-3 Supplement

Presentation Transcript

Chapter 3 - 2

Chapter 2 Section 2-3

Chapter 3 Supplement

Supplement Figure 2.

Supplement Figure 2

Supplement figure 2

Chapter 10 Supplement

Supplement 2

Supplement 3:

Supplement 2

Chapter 28 Supplement

Lecture 3 - Supplement

Chapter 7: Supplement

Lecture 3 Supplement

Chapter 2/3

Chapter 4 Supplement

Supplement Figure 3.

Chapter 4 Supplement

Supplement Fig. 2

Supplement 2:

Chapter 2 Supplement

Chapter 2 3