Re: Scanning of 64 Bit registry
by wwe (Friar) on Jan 10, 2011 at 15:48 UTC
|
I've used this module on Server 2008 64 bit successfully (32-bit Strawberry Perl 5.8 and 5.10 and same as pp-packed executable). There is nothing to take care about. The only problem is if you are using 32-bit application and try to access keys below HKLM\Software
this access get redirected to
HKLM\Software\Wow6432Node
Maybe you want to check http://support.microsoft.com/kb/896459 and http://support.microsoft.com/kb/305097 for further information.
First try to check which version of perl you are running then check if the keys are available in the proper registry subkey.
Update:
There are some hints on the MSDN how to access the other "registry view" using VB amd WMI. It should be not such hard to rewrite it in perl. Look at this article: http://msdn.microsoft.com/en-us/library/aa393067(VS.85).aspx
| [reply] [d/l] [select] |
|
Hi,
Thanks for your Support...
here i will give you detailed description.I am able to access keys when i am using
my @Keys_Lmachine = keys %{$RegHash{LMachine}{SOFTWARE}};
but if i change my query to
my @Keys_Lmachine = keys %{$RegHash{LMachine}{SYSTEM}};
it is returning undef
may be it is because SOFTWARE is a shared subkey but not sure....
Please comment..
Regards
Vikas Sharma
| [reply] [d/l] [select] |
|
my $registry_obj = $Registry->Connect( $hostname, $registry_key, { Acc
+ess=>'KEY_READ' } )
or do {
$log->error("access to [$registry_key] on host [$hostname] f
+ailed");
return;
};
$registry_obj->SetOptions( SplitMultis => 0 );
$registry_obj->SetOptions( FixSzNulls => 0 );
$registry_obj->SetOptions( ArrayValues => 0 );
$registry_obj->SetOptions( DWordsToHex => 1 );
}
...
foreach my $registry_subkey ( $registry_obj->SubKeyNames() ) {
something;
}
but I don't think it makes any difference.
regards
willi
| [reply] [d/l] |
|
Re: Scanning of 64 Bit registry
by mce (Curate) on Jan 10, 2011 at 15:39 UTC
|
Hi,
If perl is compiled in 32bit, the operating system will run it in WOW mode.
This means that it ties to a different location in the registry.
Instead of querying HKML\Software, the OS will query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node.
This is made by design by microsoft.
As far as I know, a 32bit program cannot access the 64bit registry. So, I would recommend to fork a program that launches reg.exe and dump it into a file. Than parse that file.
Or better, get a 64bit version of perl :-)
---------------------------
Dr. Mark Ceulemans
sr. Security Consultant
Evidian, Belgium
| [reply] |
|
This is the 64-bit version of Perl, or at least it is supposed to be. It is the pre-compiled ActiveState one:
C:\>perl -v
This is perl 5, version 12, subversion 0 (v5.12.0) built for MSWin32-x
+64-multi-t
hread
(with 1 registered patch, see perl -V for more detail)
Copyright 1987-2010, Larry Wall
Binary build 1200 [292396] provided by ActiveState http://www.ActiveSt
+ate.com
Built Apr 10 2010 22:58:59
I'll try with the latest.... | [reply] [d/l] |
Re: Scanning of 64 Bit registry
by Anonymous Monk on Jan 10, 2011 at 13:31 UTC
|
| [reply] |
|
The handle is invalid
I get the same problem when trying similar examples to the POD. That is:
use Win32::TieRegistry( Delimiter=>"#", ArrayValues=>0 );
$pound= $Registry->Delimiter("/");
$diskKey= $Registry->{"LMachine/System"}
or die "Can't read LMachine/System key: $^E\n";
anduse Win32::TieRegistry;
my $tip18= $Registry->{"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\"
. 'Windows\\CurrentVersion\\Explorer\\Tips\\\\18'} or d
+ie "$^E\n";
| [reply] [d/l] [select] |
|
Try require Win32::TieRegistry; warn $^E;
| [reply] [d/l] |
|
BEGIN { $ENV{DEBUG_TIE_REGISTRY}=99; }
...
| [reply] [d/l] |
|
I had this error and for me it was because of permissions. When I run command prompt as administrator, it works fine.
| [reply] |
|
| [reply] [d/l] |