0

Calling NtQueryKey with KeyNameInformation returns result in the Native format like so:

\REGISTRY\MACHINE = HKLM
\REGISTRY\USER\<SID> = HKCU
\REGISTRY\USER = HKU
\REGISTRY\MACHINE\SYSTEM\ControlSet<Current>\Hardware Profiles\<CurrentID> = HKCC
\REGISTRY\USER\<SID>_CLASSES = HKCR (User's)
\REGISTRY\Machine\SOFTWARE\Classes = HKCR (System)

How can I reliably convert such NT format to the Win32 registry key?

Alex Dragokas
  • 61
  • 8
  • `NtQueryKey()` doesn't retrieve a physical location of registry key`. It returns data into a buffer that you supply. – user207421 May 21 '23 at 23:57
  • @user207421 well, I removed that part to prevent people from confusing and focus on the real question. – Alex Dragokas May 22 '23 at 03:48
  • for what convert ? use this as is – RbMm May 26 '23 at 10:16
  • @RbMm, for presenting in logfile for reading by other people in familiar form. I may explain the goal of project in tons of words, but it seems people still didn't stop to ask unrelated questions. Anyway, I already wrote the convertor by opening HKCR, HKCU, HKCC => retrieve the actual NT name with NtQueryKey (for HKU, HKLM that's static) => than apply auto-replacement in a specific order. – Alex Dragokas May 27 '23 at 11:24
  • nt form not less readable compared to synthetic win32 names – RbMm May 27 '23 at 12:10
  • @RbMm, stop pushing offtopic, please. You're suggesting me append lot of shit in all manuals on all forums where my application is used just to explain people how to convert \REGISTRY\ form into Win32 manually from the logfile to use in other program which doesn't support this form. And also, pushing me answer lot of potential questions from clients in support topic, because you think I must be lazy and don't implement simple replacement in logfile. That is not something to use in next calls to Nt functions. It's for a logfile, for reading not by programmer. Topic is solved. – Alex Dragokas May 28 '23 at 14:52

1 Answers1

0

Topic is solved. It seems they're no direct API to do the conversion. To make it reliably, just open HKCR, HKCU, HKCC => retrieve the actual NT name using NtQueryKey + KeyNameInformation (for HKU, HKLM that's already known and static paths) => than apply vice versa auto-replacement for the desired NT path in a specific order.

Alex Dragokas
  • 61
  • 8