2

我想显示 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 中的所有注册表项、子项和值,以查看启动时运行的程序。

我正在使用来自 MS 的这段代码。

void QueryKey(HKEY hKey) 
{ 
TCHAR    achKey[MAX_KEY_LENGTH];   // buffer for subkey name
DWORD    cbName;                   // size of name string 
TCHAR    achClass[MAX_PATH] = TEXT("");  // buffer for class name 
DWORD    cchClassName = MAX_PATH;  // size of class string 
DWORD    cSubKeys=0;               // number of subkeys 
DWORD    cbMaxSubKey;              // longest subkey size 
DWORD    cchMaxClass;              // longest class string 
DWORD    cValues;              // number of values for key 
DWORD    cchMaxValue;          // longest value name 
DWORD    cbMaxValueData;       // longest value data 
DWORD    cbSecurityDescriptor; // size of security descriptor 
FILETIME ftLastWriteTime;      // last write time 

DWORD i, retCode; 

TCHAR  achValue[MAX_VALUE_NAME]; 
DWORD cchValue = MAX_VALUE_NAME; 

// Get the class name and the value count. 
retCode = RegQueryInfoKey(
    hKey,                    // key handle 
    achClass,                // buffer for class name 
    &cchClassName,           // size of class string 
    NULL,                    // reserved 
    &cSubKeys,               // number of subkeys 
    &cbMaxSubKey,            // longest subkey size 
    &cchMaxClass,            // longest class string 
    &cValues,                // number of values for this key 
    &cchMaxValue,            // longest value name 
    &cbMaxValueData,         // longest value data 
    &cbSecurityDescriptor,   // security descriptor 
    &ftLastWriteTime);       // last write time 

// Enumerate the subkeys, until RegEnumKeyEx fails.

if (cSubKeys == 0)
{
    printf("No values found\n");                          
}


if (cSubKeys)
{
    printf( "\nNumber of subkeys: %d\n", cSubKeys);



    for (i=0; i<cSubKeys; i++) 
    { 
        cbName = MAX_KEY_LENGTH;
        retCode = RegEnumKeyEx(hKey, i,
                 achKey, 
                 &cbName, 
                 NULL, 
                 NULL, 
                 NULL, 
                 &ftLastWriteTime); 
        if (retCode == ERROR_SUCCESS) 
        {
            _tprintf(TEXT("(%d) %s\n"), i+1, achKey);

        }
    }
} 

// Enumerate the key values. 

if (cValues) 
{
    printf( "\nNumber of values: %d\n", cValues);

    for (i=0, retCode=ERROR_SUCCESS; i<cValues; i++) 
    { 
        cchValue = MAX_VALUE_NAME; 
        achValue[0] = '\0'; 
        retCode = RegEnumValue(hKey, i, 
            achValue, 
            &cchValue, 
            NULL, 
            NULL,
            NULL,
            NULL);

        if (retCode == ERROR_SUCCESS ) 
        { 
            _tprintf(TEXT("(%d) %s\n"), i+1, achValue); 
        } 
    }
}
}








int RegKeyCount = 0;

int main(int argc, char *argv[])
{


HKEY hTestKey;

  if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows  \\CurrentVersion\\Run"), 0, KEY_READ, &hTestKey) == ERROR_SUCCESS)
  {
  QueryKey(hTestKey);
  }
}

我很困惑,如果我为“SOFTWARE\Microsoft\Windows\CurrentVersion”运行此代码,它将显示所有子项和值(我可以看到 Run 是 CurrentVersion 的子项),但是当我尝试让它显示时我运行的子键和值它说没有找到,即使条目在那里。

我还应该说我不知道​​子键/值的值的名称,它们可以是任何东西。

这确实是 RegEnumValue 应该做的还是我需要使用另一个注册表函数?

4

1 回答 1

1

The only problem I found was the spaces in your parameter to RegOpenKeyEx(), the program runs ok if you take out the embedded spaces so that it reads TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").

Your printf in the beginning is a bit confusing, maybe you should change "No values found\n" to "No keys found\n"?

if (cSubKeys == 0)
    printf("No keys found\n");

Also: if you build/run this code as a 32-bit program in a 64-bit OS, be aware that you will get the contents of HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, not HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run!

于 2013-10-28T15:41:52.123 回答