Given HKEY, determine full name/path of the key?

Adam Clauss · Dec 16, 2005

If I am just given an open HKEY, is there a function I can use to retrieve
the name of the key?

Thanks

Nikolaos D. Bougalis · Dec 17, 2005

Adam said:
If I am just given an open HKEY, is there a function I can use to retrieve
the name of the key?

Thanks

Process Explorer from sysinternals.com can do that, but I don't know
how. I'm looking for similar functionality for an application that I am
developing.

-n

Carl Daniel [VC++ MVP] · Dec 17, 2005

Adam said:
If I am just given an open HKEY, is there a function I can use to
retrieve the name of the key?

No, there isn't. Regmon from sysinternals does this by intercepting all
RegOpen/RegCreate calls and building it's own map of handle -> path.

-cd

Holger Grund · Dec 19, 2005

Carl Daniel said:
No, there isn't. Regmon from sysinternals does this by intercepting all
RegOpen/RegCreate calls and building it's own map of handle -> path.

IIRC you should be able to determine the path by querying the object
name. For instance, with Zw/NtQueryObject. Although there's quite
some information available, it's not a documented feature, however.
(IIRC there's an article on codeproject about the NT API)

If one is interested in debugging only, the !handle extension might be good
enough.

-hg

Given HKEY, determine full name/path of the key?

Adam Clauss

Nikolaos D. Bougalis

Carl Daniel [VC++ MVP]

Holger Grund