注册表重定向器(64位系统注册表WOW6432Node节点有什么用?)
注册表重定向器通过在 WOW64 上提供注册表某些部分的单独逻辑视图来隔离 32 位和 64 位应用程序。注册表重定向器拦截 32 位和 64 位注册表调用到它们各自的逻辑注册表视图,并将它们映射到相应的物理注册表位置。重定向过程对应用程序是透明的。因此,32 位应用程序可以访问注册表数据,就像它在 32 位 Windows 上运行一样,即使数据存储在 64 位 Windows 上的不同位置。
注册表重定向就是重定向的密钥映射到 Wow6432Node 下的物理位置。 例如, HKEY_LOCAL_MACHINE\Software 重定向到 HKEY_LOCAL_MACHINE\Software\Wow6432Node。关于注册表重定向器参阅微软文档:注册表重定向程序。
以在HKEY_LOCAL_MACHINE\Software创建test节点为例
如果以32位编译运行,创建在:
计算机\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\test
如果以64位编译运行,创建在:
计算机\HKEY_LOCAL_MACHINE\SOFTWARE\test
这就是受到注册表重定向影响的效果,那么如何强制访问其它平台的注册表呢?比如32位访问64位注册表。
微软文档里有写到: 系统应考虑重定向密钥的物理位置。 应用程序不应直接访问密钥的物理位置,因为此位置可能会更改。 有关详细信息,请参阅 访问备用注册表视图。
也就是说,通过添加备用注册表标志即可访问其它平台的注册表位置。
备用注册表视图
| 标志名称 | 值 | 说明 |
| KEY_WOW64_64KEY | 0x0100 | 从 32 位或 64 位应用程序访问 64 位密钥。 |
| KEY_WOW64_32KEY | 0x0200 | 从 32 位或 64 位应用程序访问 32 位密钥。 ARM 上的Windows 10:这指的是 32 位 ARM 进程的 32 位 ARM 注册表视图,以及 32 位 x86 和 64 位 ARM64 进程的 32 位 x86 注册表视图。 |
如何使用备用注册表
由上面例子我们可以知道,32位程序访问HKEY_LOCAL_MACHINE\SOFTWARE\会被重定向到HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\,那么32程序如何强制访问64位程序的注册表呢?
方法就是访问注册表时加上,KEY_WOW64_64KEY标志:
int main() {
HKEY hkey = nullptr;
DWORD dwDisposition = REG_CREATED_NEW_KEY;
HRESULT ret = ::RegCreateKeyEx(HKEY_LOCAL_MACHINE, L"Software\\test", 0, nullptr, 0,
KEY_ALL_ACCESS | KEY_WOW64_64KEY, nullptr, &hkey, &dwDisposition);
if (ret != ERROR_SUCCESS || !hkey)
return 0;
::RegCloseKey(hkey);
return 0;
}以32位编译运行:
可以看到访问的是64位的注册表位置
反过来如果是64位程序需要强制访问32位注册表加上KEY_WOW64_32KEY标志即可,此时将会访问HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\位置,也就是32位程序原有的位置。
受 WOW64 影响的注册表项
微软文档地址:受 WOW64 影响的注册表项
| Key | Windows Server 2008 R2, Windows 7, and Newer | Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP |
|---|---|---|
| HKEY_LOCAL_MACHINE | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE | Redirected | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes | Shared | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Appid | Shared | Redirected and reflected with one exception: the DllSurrogate and DllSurrogateExecutable registry values are not reflected if their value is an empty string. |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID | Redirected | Redirected and reflected only for CLSIDs that do not specify InprocServer32 or InprocHandler32. |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectShow | Redirected | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface | Redirected | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Media Type | Redirected | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation | Redirected | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Clients | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3 | Shared | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Current | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Readers | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFS | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem | Shared | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Notepad\DefaultFonts | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE | Shared | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC | Shared | Redirected and reflected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SOFTWARE\Microsoft\Shared Tools\MSInfo | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TermServLicensing | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TransactionServer | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Locations | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDpi | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Gre_Initialize | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Language Pack | Shared | Redirected |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies | Shared | Shared |
| HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications | Shared | Shared; Windows Server 2003 and Windows XP: This key was added in Windows Vista. |
| HKEY_CURRENT_USER | Shared | Shared |
| HKEY_CURRENT_USER\SOFTWARE | Shared | Shared |
| HKEY_CURRENT_USER\SOFTWARE\Classes | Shared | Redirected and reflected |
| HKEY_CURRENT_USER\SOFTWARE\Classes\Appid | Shared | Redirected and reflected with one exception: the DllSurrogate and DllSurrogateExecutable registry values are not reflected if their value is an empty string. |
| HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID | Redirected | Redirected and reflected |
| HKEY_CURRENT_USER\SOFTWARE\Classes\DirectShow | Redirected | Redirected and reflected |
| HKEY_CURRENT_USER\SOFTWARE\Classes\Interface | Redirected | Redirected and reflected |
| HKEY_CURRENT_USER\SOFTWARE\Classes\Media Type | Redirected | Redirected and reflected |
| HKEY_CURRENT_USER\SOFTWARE\Classes\MediaFoundation | Redirected | Redirected and reflected |
文章作者:xuwenyan
版权声明:本文为本站原创文章,转载请注明出处,非常感谢,如版权漏申明或您觉得任何有异议的地方欢迎与本站取得联系。
沪公网安备 31011502017681 号