How to write Binary Data “as is” to Registry (ie:

2019-02-20 12:40发布

问题:

I have been googling this and have not come along a working solution for an entire day. I don't know anything about binary data types (as I've never knowingly used them) and I'm trying to write a binary value that I see in the registry, to the registry. Now, all I see is the following [shown below]... and if I try to pass that as a string to the RegSetValueEx in the WinAPI and of course it errors out... I do not know what 'numbers' I need to pass into the lpData As Any, argument of RegSetValueEx (i tried a bit array) in order for it to come out as the following [shown below] in the regedit. I really have no idea, and my tests to place random numbers in the bit array just produce corresponding random "figures" as visible in regedit that I do not understand how to 'tie' them together logically.

here is the culprit!

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Some\Registry\Location]
"RegistryKey"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,\
  01,00,00,00,7b,96,8a,78,b9,cc,c1,4f,b1,35,11,01,5e,3c,25,9b,00,00,00,00,02,\
  00,00,00,00,00,10,66,00,00,00,01,00,00,20,00,00,00,22,1c,b6,ea,e3,a5,06,8b,\
  58,69,7b,89,19,b3,1f,a3,1d,d8,b7,5b,30,72,65,4b,22,41,a8,73,d1,92,bb,36,00,\
  00,00,00,0e,80,00,00,00,02,00,00,20,00,00,00,87,a0,1a,79,a7,c9,fe,7a,1b,24,\
  9a,71,5d,cf,7b,87,bc,1b,14,6e,59,96,e3,42,c6,f5,08,78,00,a6,42,3d,30,00,00,\
  00,02,0a,2a,ea,d9,49,0a,fa,48,b3,f1,e2,ae,e2,f8,42,a2,54,1e,56,dc,dd,9b,0d,\
  9b,73,41,72,54,cc,64,49,99,f1,5c,12,70,33,8e,fb,b1,31,66,df,b4,e0,02,bb,40,\
  00,00,00,13,c2,7d,88,16,af,56,ac,82,21,39,95,43,04,50,71,c2,4c,6a,44,a6,03,\
  ea,32,4d,d9,f3,0f,22,2e,41,17,2e,26,11,9b,10,9d,99,60,fc,12,d2,ce,7c,1c,78,\
  6b,f0,59,23,fd,84,46,2c,58,41,ee,31,7a,f8,95,57,54

If I had the following in a string or a bit array, what must I populate the bitarray with so that the registry outputs this [above] when written? or, how can I figure out how to do it? I was hoping there'd be a function that reads my string of binary data and transforms it into the real binary format to submit to the RegSetValueEx function in VB6 or other function in VB.Net or C# (this really is a language agnostic question, and the problem exists in all languages; ie: same process).

I hope there is a solution to this or a lead that I can follow. Thanks guys, you are all the best when I've come to the point of pulling my hair out!

回答1:

There is no need to use APIs for this. There is a registry class built into the .NET framework

Try this code and let me know what happens:

Dim rk = Registry.CurrentUser.OpenSubKey("KEY_TO_OPEN", True)
rk.SetValue("BinaryValue", New Byte() {10, 43, 44, 45, 14, 255}, _
            RegistryValueKind.Binary)
rk.Close()

You can also read the Registry documentation on MSDN for more information.



回答2:

I use this function inside a registry class in VB6:

Public Function SaveBinaryValue(ByVal hKeyRoot As RegRootKey, ByVal hKeySubKey As String, ByVal ValueName As String, ByRef Value() As Byte) As Boolean
   Dim lenValue As Long
   Dim lngRst As Long
   Dim hKeyHandle As Long
   Dim hKeyDisposition As Long
   Dim lngErrNum As Long
   Dim strErrDesc As String
   Dim strErrSource As String

   '' just to avoid any errors in calling functions using a ubound to check the contents
   On Error Resume Next
   '' check that the array has some elements
   lenValue = UBound(Value) + 1
   If Err.Number = 9 Then
       lenValue = 0
   End If

   On Error GoTo errSaveBinaryValue

   lngRst = RegCreateKeyEx(hKeyRoot, hKeySubKey, 0&, REG_BINARY, REG_OPTION_NON_VOLATILE, KEY_WRITE, 0&, hKeyHandle, hKeyDisposition)
   If hKeyHandle <> 0 Then
       If lenValue > 0 Then
           lngRst = RegSetValueEx(hKeyHandle, ValueName, 0&, REG_BINARY, Value(0), lenValue)
       Else
           lngRst = RegSetValueEx(hKeyHandle, ValueName, 0&, REG_BINARY, "", lenValue)
       End If
   End If

   If lngRst = ERROR_SUCCESS Then
       SaveBinaryValue = True
   Else  '' if the return was non-zero there was an error
       Err.Raise lngRst, App.EXEName, "There was an error writing the " & RootKeyName(hKeyRoot) & "\" & hKeySubKey & " registry key, " & LCase$(FormatClassError(lngRst))
   End If

   If hKeyHandle <> 0 Then
       Call RegCloseKey(hKeyHandle)
       hKeyHandle = 0
   End If

   Exit Function

errSaveBinaryValue:
    lngErrNum = Err.Number
    strErrDesc = Err.Description
    strErrSource = Err.Source

    If hKeyHandle <> 0 Then
        lngRst = RegCloseKey(hKeyHandle)
        hKeyHandle = 0
    End If
    Err.Raise lngErrNum, strErrSource & ":SaveBinaryValue", strErrDesc

End Function

Rather than pulling out just the constants, functions, etc from the class declarations section here is the entire section:

Option Explicit

#If False Then
   Dim HKEY_CLASSES_ROOT
   Dim HKEY_CURRENT_CONFIG
   Dim HKEY_CURRENT_USER
   Dim HKEY_DYN_DATA
   Dim HKEY_LOCAL_MACHINE
   Dim HKEY_PERFORMANCE_DATA
   Dim HKEY_USERS
#End If
Public Enum RegRootKey
   HKEY_CLASSES_ROOT = &H80000000
   HKEY_CURRENT_CONFIG = &H80000005
   HKEY_CURRENT_USER = &H80000001
   HKEY_DYN_DATA = &H80000006
   HKEY_LOCAL_MACHINE = &H80000002
   HKEY_PERFORMANCE_DATA = &H80000004
   HKEY_USERS = &H80000003
End Enum

#If False Then
   Dim REG_NOTIFY_CHANGE_NAME
   Dim REG_NOTIFY_CHANGE_ATTRIBUTES
   Dim REG_NOTIFY_CHANGE_LAST_SET
   Dim REG_NOTIFY_CHANGE_SECURITY
#End If
Public Enum RegistryChangeFlag
   REG_NOTIFY_CHANGE_NAME = &H1 ''Create or delete (child)
   REG_NOTIFY_CHANGE_ATTRIBUTES = &H2
   REG_NOTIFY_CHANGE_LAST_SET = &H4      ''time stamp
   REG_NOTIFY_CHANGE_SECURITY = &H8
End Enum

Private Type SECURITY_ATTRIBUTES
   nLength As Long
   lpSecurityDescriptor As Long
   bInheritHandle As Long
End Type
Private m_udtSecAtts

Private Type OSVERSIONINFO
   dwOSVersionInfoSize As Long
   dwMajorVersion As Long
   dwMinorVersion As Long
   dwBuildNumber As Long
   dwPlatformId As Long
   szCSDVersion As String * 128      ''  Maintenance string for PSS usage
End Type

Private Type FILETIME
   dwLowDateTime As Long
   dwHighDateTime As Long
End Type

Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, ByVal lpSecurityAttributes As Long, phkResult As Long, lpdwDisposition As Long) As Long
Private Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Private Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Private Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Private Declare Function RegNotifyChangeKeyValue Lib "advapi32.dll" (ByVal hKey As Long, ByVal bWatchSubtree As Long, ByVal dwNotifyFilter As Long, ByVal hEvent As Long, ByVal fAsynchronus As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Private Declare Function GetVersionEx Lib "Kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long
Private Declare Function RegEnumKeyEx Lib "advapi32.dll" Alias "RegEnumKeyExA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, lpcbName As Long, ByVal lpReserved As Long, ByVal lpClass As String, lpcbClass As Long, lpftLastWriteTime As FILETIME) As Long
Private Declare Function RegSaveKey Lib "advapi32.dll" Alias "RegSaveKeyA" (ByVal hKey As Long, ByVal lpFile As String, lpSecurityAttributes As Any) As Long
Private Declare Function RegRestoreKey Lib "advapi32.dll" Alias "RegRestoreKeyA" (ByVal hKey As Long, ByVal lpFile As String, ByVal dwFlags As Long) As Long
Private Declare Function RegEnumValue Lib "advapi32.dll" Alias "RegEnumValueA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpValueName As String, lpcbValueName As Long, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Private Declare Sub CopyMemory Lib "Kernel32" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal numbytes As Long)

''the following declare is used to return windows error descriptions
Private Declare Function FormatMessage Lib "Kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Private Const FORMAT_MESSAGE_IGNORE_INSERTS = &H200

''key constants
Private Const ERROR_NO_MORE_ITEMS = 259&
Private Const ERROR_MORE_DATA = 234
Private Const ERROR_SUCCESS = 0&
Private Const SYNCHRONIZE = &H100000
Private Const READ_CONTROL = &H20000
Private Const READ_WRITE = 2
Private Const READAPI = 0
Private Const STANDARD_RIGHTS_ALL = &H1F0000
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const STANDARD_RIGHTS_EXECUTE = (READ_CONTROL)
Private Const STANDARD_RIGHTS_READ = (READ_CONTROL)
Private Const STANDARD_RIGHTS_WRITE = (READ_CONTROL)
Private Const KEY_NOTIFY = &H10
Private Const KEY_QUERY_VALUE = &H1
Private Const KEY_CREATE_LINK = &H20
Private Const KEY_CREATE_SUB_KEY = &H4
Private Const KEY_ENUMERATE_SUB_KEYS = &H8
Private Const KEY_EVENT = &H1
Private Const KEY_SET_VALUE = &H2
Private Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL Or KEY_QUERY_VALUE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Or KEY_CREATE_LINK) And (Not SYNCHRONIZE))
Private Const KEY_READ = ((STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY) And (Not SYNCHRONIZE))
Private Const KEY_EXECUTE = ((KEY_READ) And (Not SYNCHRONIZE))
Private Const KEY_WRITE = ((STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY) And (Not SYNCHRONIZE))
Private Const REG_OPTION_NON_VOLATILE = 0
Private Const REG_SZ = 1                         '' Unicode nul terminated string
Private Const REG_BINARY = 3
Private Const REG_DWORD = 4
Private Const REG_MULTI_SZ = 7                   '' Multiple Unicode strings
Private Const REG_NONE = 0                       '' No value type

'' the following allows for monitoring keys for changes
Public Event KeyChange(ByVal Change As Long)
Private m_hKeyChange As Long     ''private handle to a key that is being monitored