Given HKEY, determine full name/path of the key?

  • Thread starter Thread starter Adam Clauss
  • Start date Start date
A

Adam Clauss

If I am just given an open HKEY, is there a function I can use to retrieve
the name of the key?

Thanks
 
Adam said:
If I am just given an open HKEY, is there a function I can use to retrieve
the name of the key?

Thanks
Click to expand...

Process Explorer from sysinternals.com can do that, but I don't know
how. I'm looking for similar functionality for an application that I am
developing.

-n
 
Adam said:
If I am just given an open HKEY, is there a function I can use to
retrieve the name of the key?
Click to expand...

No, there isn't. Regmon from sysinternals does this by intercepting all
RegOpen/RegCreate calls and building it's own map of handle -> path.

-cd
 
Carl Daniel said:
No, there isn't. Regmon from sysinternals does this by intercepting all
RegOpen/RegCreate calls and building it's own map of handle -> path.
Click to expand...
IIRC you should be able to determine the path by querying the object
name. For instance, with Zw/NtQueryObject. Although there's quite
some information available, it's not a documented feature, however.
(IIRC there's an article on codeproject about the NT API)

If one is interested in debugging only, the !handle extension might be good
enough.

-hg
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CXX0030 error:expression cannot be valuated 2
Registry Modification to HKey Local Machine 2
Exception aobut Process.Start function 2
Problem deleting registery key encluding subkey values 3
Dymo Add-in coding 1
Vista registry virtualization 6
Admin vs Other accounts (XP) 5
RegQueryValueEx 2

Back
Top