Quantum Forum V

Quantum Forum for DXi V5000

Regsavekey example

 

 

REGSAVEKEY EXAMPLE >> DOWNLOAD LINK

 


REGSAVEKEY EXAMPLE >> READ ONLINE

 

 

 

 

 

 

 

 











 

 

RegSaveKey; Sample Application. The first sample application (RegistryVB6) accompanying this article shows in detail how the intrinsic Visual Basic 6 Registry functions are used to store and retrieve values in the Registry. The sample application also shows in detail how to use the necessary API functions to store values in the Registry and Based on your code, I created a sample to reproduce your issue. I've done some tests on my side, in windows 7, generally, it worked well, but for some Key values under SOFTWARE, RegSaveKey () function returned an exception: RegSaveKey, rc=1314 Not all privileges or groups referenced are assigned to the caller. Function _WinAPI_RegRestoreKey Function Reference _WinAPI_RegRestoreKey Reads the registry information in a specified file and copies it over the specified key #include _WinAPI_RegRestoreKey ( $hKey, $sFilePath ) Parameters Return Value Remarks The calling process must have $SE_RESTORE_NAME privilege, TRegistry.SaveKey () uses the Win32 API RegSaveKey () function, which fails if the output file already exists, per documented behavior: Quote lpFile The name of the file in which the specified key and subkeys are to be saved. If the file already exists, the function fails. Perhaps you meant DirectoryExists () instead of FileExists ()? static extern int RegSaveKey(IntPtr hKey, string fileout, IntPtr secdesc);.. // most important keys, other keys -winreg.h const uint HKEY_CLASSES_ROOT = 0x80000000; const uint HKEY_CURRENT_USER = 0x80000001; const uint HKEY_LOCAL_MACHINE = 0x80000002; UIntPtr key = new UIntPtr(HKEY_CLASSES_ROOT); IntPtr remKey; function has a link to some sample code on how to do this. BTW, the Administrators group does *not* have all privileges by default - - call RegSaveKey - use RevertToSelf to disable the impersonation and disable the backup privilege again. The other alternative is to just adjust the privileges in the process token itself, which may or may _WinAPI_RegSaveKey Saves the specified key and all of its subkeys and values to a new file, in the standard format #include _WinAPI_RegSaveKey ( $hKey, $sFilePath [, $bReplace = False [, $tSecurity = 0]] ) Parameters Return Value Remarks Dim retval As Int32 retval = AdjustTokenPrivileges (hdlTokenHandle, False, tkp, Len (tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded) If (retval = 0) Then MessageBox.Show (System.Runtime.InteropServices.Marshal.GetLastWin32Error ().ToString ()) End If End Sub Hope this could help! Thanks Chao When triaging a live system or performing live forensic acquisition, we often need to copy registry hives from a disk. Currently, there are five common ways to do this: execute the " reg save " command; call the RegSaveKeyEx / RegSaveKey routine from an acquisition tool; copy a hive file from an existing shadow copy; Applications that back up and restore parts of the registry are likely to use registry files. To save a key and its subkeys and values to a registry file, an application can call the RegSaveKey() function. RegSaveKey() creates the file with the following information, depending upon which operating system it is running on. By using RegSaveKeyEx, your program will only load on Windows XP or better anyway so you may as well use the simpler Microsoft function. Code: /* * This function enables or disables a privilege for the current process. * Common privileges include SE_SHUTDOWN_NAME, SE_BACKUP_NAME, SE_SYSTEMTIME_NAME, etc. Save and Restore the Entire

Comment

You need to be a member of Quantum Forum V to add comments!

Join Quantum Forum V

Tips + Tricks

© 2024   Created by Quantum Forum V.   Powered by

Badges  |  Report an Issue  |  Terms of Service