有没有办法验证 Windows 注册表项是否易失(REG_OPTION_VOLATILE)?
在 Windows 注册表中,密钥可以创建为易失性的 - 这意味着易失性密钥在 PC 重新启动后将无法继续存在。重新启动后,在注册表中将找不到此类密钥的痕迹。 这是由 API RegCreateKeyEx 的选项 REG_OPTION_VOLATILE 指定的。
我需要验证某个 Windows 注册表项是否是易失性的(使用 REG_OPTION_VOLATILE 创建)。
例如,密钥可能位于 (HKLM\Software\MyCompany\MyProgram\KeyToBeChecked) 下。
似乎没有直接的 WIN API 允许进行此类检查。
有谁知道如何检查这一点?
In Windows registry the keys can be created as volatile - meaning that a volatile key is not going to survive a PC reboot. After the reboot no trace of such key will be found in registry.
This is specified by the option REG_OPTION_VOLATILE of API RegCreateKeyEx.
I need to verify if a certain Windows registry key is volatile or not (created with REG_OPTION_VOLATILE).
For example, the key may be located under (HKLM\Software\MyCompany\MyProgram\KeyToBeChecked).
There seem to be no direct WIN API-s that allow making this sort of check.
Does anyone know how this could be checked?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一种方法是尝试使用 RegCreateKeyEx 在正在验证的密钥下创建非易失性子密钥。如果密钥确实是易失性的,那么它将失败并出现错误
ERROR_CHILD_MUST_BE_VOLATILE
。即使在尝试在易失性键中设置值时,ShSetValue
也会返回ERROR_CHILD_MUST_BE_VOLATILE
。One way is to try creating a non-volatile subkey under the key that's being verified, using
RegCreateKeyEx
. If the key is indeed volatile, then it would fail with errorERROR_CHILD_MUST_BE_VOLATILE
. EvenShSetValue
returnsERROR_CHILD_MUST_BE_VOLATILE
while trying to set a value in a volatile key.从win7开始存在未记录的方式 - 需要调用
ZwQueryKey
与KeyFlagsInformation
。通过这个,我们可以查询键是否易失,也可以 - 键是否是到另一个键的符号链接。代码如下所示:begin from win7 exist undocumented way - need call
ZwQueryKey
withKeyFlagsInformation
. with this we can query are key volatile or not, also - are key is symbolic link to another key. code can look like: