Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Scanning of 64 Bit registry

by VikasSharma86 (Initiate)
on Jan 10, 2011 at 13:11 UTC ( #881448=perlquestion: print w/replies, xml ) Need Help??

VikasSharma86 has asked for the wisdom of the Perl Monks concerning the following question:

HI Monks,

I am writing a perl agent to scan windows registry for that i am using Win32::TieRegistry module but problem is that agent is working fine for 32 bit system but returning undef when running on 64 bit system.

any kind of suggestion is highly appreciated

Thanks With Regards

Vikas Sharma

Replies are listed 'Best First'.
Re: Scanning of 64 Bit registry
by wwe (Friar) on Jan 10, 2011 at 15:48 UTC
    I've used this module on Server 2008 64 bit successfully (32-bit Strawberry Perl 5.8 and 5.10 and same as pp-packed executable). There is nothing to take care about. The only problem is if you are using 32-bit application and try to access keys below
    HKLM\Software
    this access get redirected to
    HKLM\Software\Wow6432Node
    Maybe you want to check http://support.microsoft.com/kb/896459 and http://support.microsoft.com/kb/305097 for further information.

    First try to check which version of perl you are running then check if the keys are available in the proper registry subkey.

    Update: There are some hints on the MSDN how to access the other "registry view" using VB amd WMI. It should be not such hard to rewrite it in perl. Look at this article: http://msdn.microsoft.com/en-us/library/aa393067(VS.85).aspx

      Hi,

      Thanks for your Support...

      here i will give you detailed description.I am able to access keys when i am using

      my @Keys_Lmachine = keys %{$RegHash{LMachine}{SOFTWARE}};

      but if i change my query to

      my @Keys_Lmachine = keys %{$RegHash{LMachine}{SYSTEM}}; it is returning undef

      may be it is because SOFTWARE is a shared subkey but not sure....

      Please comment..

      Regards

      Vikas Sharma

        Hi Vikas,

        this is not true. HKLM/System is shared/same but HKLM/Software/<some subkeys> is redirected or "reflected" how MS says. Please read and understand all provided links to MS knowledge base.

        At the moment I have no 64-bit system to check but I'm pretty sure the problem is somewhere else. I use OO-style access to the Win32::TieRegistry object like this
        my $registry_obj = $Registry->Connect( $hostname, $registry_key, { Acc +ess=>'KEY_READ' } ) or do { $log->error("access to [$registry_key] on host [$hostname] f +ailed"); return; }; $registry_obj->SetOptions( SplitMultis => 0 ); $registry_obj->SetOptions( FixSzNulls => 0 ); $registry_obj->SetOptions( ArrayValues => 0 ); $registry_obj->SetOptions( DWordsToHex => 1 ); } ... foreach my $registry_subkey ( $registry_obj->SubKeyNames() ) { something; }
        but I don't think it makes any difference. regards willi
Re: Scanning of 64 Bit registry
by mce (Curate) on Jan 10, 2011 at 15:39 UTC
    Hi,

    If perl is compiled in 32bit, the operating system will run it in WOW mode.
    This means that it ties to a different location in the registry.
    Instead of querying HKML\Software, the OS will query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node.
    This is made by design by microsoft.
    As far as I know, a 32bit program cannot access the 64bit registry. So, I would recommend to fork a program that launches reg.exe and dump it into a file. Than parse that file.

    Or better, get a 64bit version of perl :-)


    ---------------------------
    Dr. Mark Ceulemans
    sr. Security Consultant
    Evidian, Belgium
      This is the 64-bit version of Perl, or at least it is supposed to be. It is the pre-compiled ActiveState one:
      C:\>perl -v This is perl 5, version 12, subversion 0 (v5.12.0) built for MSWin32-x +64-multi-t hread (with 1 registered patch, see perl -V for more detail) Copyright 1987-2010, Larry Wall Binary build 1200 [292396] provided by ActiveState http://www.ActiveSt +ate.com Built Apr 10 2010 22:58:59
      I'll try with the latest....
Re: Scanning of 64 Bit registry
by Anonymous Monk on Jan 10, 2011 at 13:31 UTC
    but returning undef when running on 64 bit system.

    And the error message said?

      The handle is invalid

      I get the same problem when trying similar examples to the POD. That is:
      use Win32::TieRegistry( Delimiter=>"#", ArrayValues=>0 ); $pound= $Registry->Delimiter("/"); $diskKey= $Registry->{"LMachine/System"} or die "Can't read LMachine/System key: $^E\n";
      and
      use Win32::TieRegistry; my $tip18= $Registry->{"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\" . 'Windows\\CurrentVersion\\Explorer\\Tips\\\\18'} or d +ie "$^E\n";
        Try require Win32::TieRegistry; warn $^E;
        Or better yet add
        BEGIN { $ENV{DEBUG_TIE_REGISTRY}=99; } ...
        I had this error and for me it was because of permissions. When I run command prompt as administrator, it works fine.

      Hi,

      my $reg = $Win32::TieRegistry::Registry->{"HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services" };

      i am using above code and instead of returning List of keys it is returning undef

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://881448]
Approved by Corion
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2020-10-21 04:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My favourite web site is:












    Results (212 votes). Check out past polls.

    Notices?