|
Virtual Registry vs. "Real registry" |
Post Reply 
|
| Author | ||||||||
Skeeto 
Newbie 
Joined: 25 May 2007 Location: Denmark Online Status: Offline Posts: 7 |
 Quote Reply
 Topic: Virtual Registry vs. "Real registry"Posted: 25 May 2007 at 1:06am |
|||||||
|
Hi All Is there any way to read a registry value and know if it's really in registry or only existing in virtual registry?
It seems if a value is written in a users virtual registry, a call to read registry will return the value in virtual registry, even if the original values are deleted from registry (eg by uninstall).
Is there any way to delete a key in virtual registry without knowing the user? Or am I understanding this correctly: A delete in registry will not delete virtual registry keys for that user too?
All the best
Skeeto
|
||||||||
 |
||||||||
|
molotov
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 25 May 2007 at 6:00am |
|||||||
|
Hi Skeeto,
Perhaps you would like to read Mark's "Inside Windows Vista User Account Control" article on TechNet - it may not answer all of your questions completely, but could at least give you some hints / suggestions. I suspect that the answers to your questions may vary based on specific scenarios (64-bit process? manifest file? admin rights?).
|
||||||||
|
Daily affirmation:
net helpmsg 4006 |
||||||||
|
||||||||
|
Skeeto
Newbie
Joined: 25 May 2007 Location: Denmark Online Status: Offline Posts: 7 |
Quote Reply
Posted: 27 May 2007 at 12:33am |
|||||||
|
Hi Molotov
Thanks for answering. I will try to clarify a bit.
We have been doing children games for Windows since 1996. It was the happy days of 3.11, hehe. Through all the changes we have done a lot to be compatible and do "the right thing". XP was a big change and we redesigned our programs to read/write the correct places in registry and folders. Old versions wouldnt work.
With Vista there is a change. Some of the older versions work again (well to some extent) . Users never know the difference, the program writes to virtual registry etc.
Our problems start if a user installs an old version they got somehow. Should the try to upgrade to the latest version, uninstall of old program will leave some keys in virtual registry (and some files in folders too, but nvm them). The problem is after installation of newest program, a read in registry will return the key and key value in the virtual registry, even if there is nothing in the "real" registry. Nowadays we ofc dont write to local machine, except during install, but we do read there.
I hope i have clarified the problem a bit.
Thanks for your time.
Skeeto
|
||||||||
|
||||||||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 28 May 2007 at 8:19pm |
|||||||
|
Hi Skeeto,
Some of my thoughts...
It appears that it is easier to tell if a key only exists in the global store, than to tell if it exists in the virtual store. Check the explanation of the flags (REG_ KEY_DONT_VIRTUALIZE, REG_KEY_DONT_SILENT_FAIL, REG_KEY_RECURSE_FLAG) in Mark's Technet article.
Values, yes - it seems that an approximation of this scenario is described in Registry Virtualization on MSDN. Keys, it would seem to be no, as the flags are stored with the key; if the global key is gone it would seem that there is no flag to tell that it should or should not be virtualized.
I suspect for keys a delete from the global store would result in at least the inability to access them from the virtual store, for the reason mentioned above. However, this theory is untested by me, so it is just that - a theory.
Have you verified this with Process Monitor? It would seem that if you would set the aforementioned registry flags on the key(s) you were having problems with, there should be no concern as any values that might be stored in the virtualized registry would be irrelevant. Alternatively, if you made your app compatible with Vista and include a manifest, it would seem like you would be OK as well, as Mark writes:
|
||||||||
|
Daily affirmation:
net helpmsg 4006 |
||||||||
|
||||||||
|
Skeeto
Newbie
Joined: 25 May 2007 Location: Denmark Online Status: Offline Posts: 7 |
Quote Reply
Posted: 30 May 2007 at 12:34am |
|||||||
|
Hi Molotov
Thanks a lot for your input.
Some more facts and thoughts:
1) The flags (REG_ KEY_DONT_VIRTUALIZE, REG_KEY_DONT_SILENT_FAIL, REG_KEY_RECURSE_FLAG) it appears they can be set using a command line interface with reg.exe. Is this correct or is there a windows api call?
2) "uninstall of old program will leave some keys in virtual registry" is verified. That is, if said program has attempted write and virtualization creates keys and values in virtual registry. Is there a way to secure deletion of all virtual registry keys for every user when deleting the HKEY_LOCAL_MACHINE key?
3) After trying some times with manifest file it seems this might work for our c++ projects. However we have 8 Macromedia Director projects and trying to compile a manifest file with those exe's doesn't seem a possibility. Our conclusion is manifest files is a solution for apps made in C++, C#, VB etc. - in other words developed with Visual studio.
However, after this investigation it seems that Virtualization will not be supported in coming versions of Windows, as it is not on 64bit.
All the best
Skeeto
|
||||||||
|
||||||||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 30 May 2007 at 6:53am |
|||||||
Reg.exe has to be doing it somehow... But I honestly can't find any information on what API one might use to do it. Probably, the import tables in Vista's REG.EXE and REGEDIT.EXE (not sure offhand if it allows one to manipulate the flags) hold the answer. I'll try to check later.
I suppose from an admin account one might be able to do something like iterate through the registry virtual roots (HKEY_USERS\<USER_SID>\Software\Classes\VirtualStore\ MACHINE\SOFTWARE), looking for the (un)desired keys. Not tested though - just speculating that this might work.
Again, though - if the reg flags are set appropriately, this wouldn't seem to be an issue. And if you were able to make your programs not be considered legacy, it would also seem that virtualization would not be an issue.
"The MT.EXE tool that ships with Visual Studio or the Vista SDK can allow you to embed a manifest as a Windows Resource in an EXE file." Haven't tried it, but seems like it should work for Director.
Additional info here.
Yes, the Registry Virtual article on MSDN does state:
EDIT:
I'm a bit torn on how to interpret 64-bit Vista's support for UAC / virtualization. To me, it would seem that it is on 64-bit, but 64-bit processes are not virtualized as they are not considered legacy.
Paul Thurrott states in the May 2007 Windows IT Pro "What You Need to Know" article about "More Vista Security Technologies":
Mark's Technet article on UAC doesn't explicitly state that file system and registry virtualization are or are not available on 64-bit Vista, but I'm inclined to think that they are because there is presumably a strong chance that one might run a "legacy" 32-bit process that will need to be virtualized, on the 64-bit OS.
Mark's article does state:
Since a 64-bit process cannot run on a 32-bit version of Vista, can the distinction be interpreted as meaning that a 32-bit process running on 64-bit Vista will be considered "legacy"*, and thus subject to virtualization?
*=barring other "legacy" considerations Edited by molotov - 30 May 2007 at 1:13pm |
||||||||
|
Daily affirmation:
net helpmsg 4006 |
||||||||
|
||||||||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17287 |
Quote Reply
Posted: 30 May 2007 at 6:57pm |
|||||||
Doesn't look like REGEDIT.EXE provides an interface to inspect / adjust these flags.
REG.EXE appears to use undocumented native APIs (NtQueryKey and NtSetInformationKey) to manipulate the flags.
 |
||||||||
|
Daily affirmation:
net helpmsg 4006 |
||||||||
|
||||||||
|
Skeeto
Newbie
Joined: 25 May 2007 Location: Denmark Online Status: Offline Posts: 7 |
Quote Reply
Posted: 31 May 2007 at 5:06am |
|||||||
|
Hi Molotov
Again, many thanks for your time and advice.
I tried to embed a manifest file again on the Director projector files, with no luck though. I know for sure that previously versions of Director projector exe's was not "normal" exe files. I dont know for sure if latest version is 100% compatible. I have asked in Director forum about any experience with embedding manifest file. I do know we can digitally sign them though.
What happens is I get no error message, but the file shrinks in size and I can see the internal media are missing after embedding manifest.
I think we will leave the problem as it is and support the hopefully few customers with this problem (getting old software installed on Vista) on a per case basis.
The new versions we make will behave nicely and shouldnt create any problems with virtualization at all.
All the best
Skeeto
|
||||||||
|
||||||||
|
Post Reply
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options