Your best source of information and news about windows vista, windows vista and BIOS on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

flags

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category flags.

In Vista, How Does the FLAGS Switch of REG.EXE Work? Part 2

Note: this content originally from http://mygreenpaste.blogspot.com. If you are reading it from some other site, please take the time to visit My Green Paste, Inc. Thank you.

Previously, I wrote about the FLAGS switch for REG.EXE in Vista and covered a technique that would set the virtualization-related flags of a registry key programmatically. This post intends to cover the other side - querying for the virtualization-related flags of a registry key. Again, we're dealing with an "undocumented" function in NTDLL.DLL - NtQueryKey:

NTSTATUS NtQueryKey(
  IN HANDLE KeyHandle,
  IN KEY_INFORMATION_CLASS KeyInformationClass,
  OUT PVOID KeyInformation,
  IN ULONG Length
  OUT PULONG ResultLength );


To retrieve the flags for a key, call NtQueryKey with KeyInformationClass set to 5, which WDM.h tells us is KeyFlagsInformation.
typedef enum _KEY_INFORMATION_CLASS {
  KeyBasicInformation,
  KeyNodeInformation,
  KeyFullInformation,
  KeyNameInformation,
  KeyCachedInformation,
  KeyFlagsInformation,
  KeyVirtualizationInformation,
  MaxKeyInfoClass // MaxKeyInfoClass should always be the last enum
} KEY_INFORMATION_CLASS


REG.EXE supplies 12 for the value of the Length param, and the last 4 bytes of the buffer (KeyInformation) are modified when NtQueryKey returns. This...
Click to continue reading "In Vista, How Does the FLAGS Switch of REG.EXE Work? Part 2"

Written by «/\/\Ø|ö±ò\/»®© on July 9th, 2008 with no comments.
Read more articles on Sysinternals Forum and registry virtualization and reg.exe flags and NtQueryKey and REG_KEY_DONT_VIRTUALIZE and flags and vista and otherSoftware and REG_KEY_DONT_SILENT_FAIL and reg and Virtualization.

In Vista, How Does the FLAGS Switch of REG.EXE Work?

Note: this content originally from http://mygreenpaste.blogspot.com. If you are reading it from some other site, please take the time to visit My Green Paste, Inc. Thank you.


A while back, there was a topic (Virtual Registry vs. "Real registry") in the Sysinternals Forums that brought up the question of how to set the virtualization-related flags of a registry key programmatically in Vista, rather than through the use of the REG.EXE tool's FLAGS switch. (For more information on the flags, see Mark Russinovich's article in TechNet Magazine, "Inside Windows Vista User Account Control"). Even before that topic in the forum, I had wondered how it was done but had not had a chance to explore. It didn't seem that many others were curious about it. That topic had resurrected the idea, but it quickly fell to the bottom of the list. I've finally gotten around to experimenting, and that leads to this write-up. I still don't see much in the way of this discussed anywhere, by searching for terms involved (data types, function param names, etc.), so hopefully this will help

...
Click to continue reading "In Vista, How Does the FLAGS Switch of REG.EXE Work?"

Written by «/\/\Ø|ö±ò\/»®© on April 27th, 2008 with no comments.
Read more articles on flags and NtSetInformationKey and REG_KEY_DONT_VIRTUALIZE and Sysinternals Forum and reg.exe flags and registry virtualization and reg and REG_KEY_DONT_SILENT_FAIL and Troubleshooting and vista and windbg and otherSoftware and registry and Virtualization.