接上篇 闲聊Windows注册表-键值 讲到Windows注册表中除常规的值类型外,还有一些特殊的值类型,一般可能大家也用不到,算是科普吧。这些值通常是没有权限访问到的,需要用到工具Nsudo.exe:
用Nsudo.exe以系统权限运行regedit.exe
按上图方式打开regedit.exe后,就可以顺利的访问一些特殊的注册表项了,其实这种方式打开后任何注册表项都能访问了,注册表所谓的权限限制基本可以忽略。来看看特殊值类型的展示:
特殊值类型
有一定编程经验的人,从图中0xffff0012可以大概推测出,可能高16位0xffff代表个什么意思,低16位0012代表个什么意思,而实际是就是这么回事儿。这种类型的值是微软称作Device property key的类型的值,我们来看下微软的定义(在devpropdef.h头文件里):
//
// Property type modifiers. Used to modify base DEVPROP_TYPE_ values, as
// appropriate. Not valid as standalone DEVPROPTYPE values.
//
#define DEVPROP_TYPEMOD_ARRAY 0x00001000 // array of fixed-sized data elements
#define DEVPROP_TYPEMOD_LIST 0x00002000 // list of variable-sized data elements
//
// Property data types.
//
#define DEVPROP_TYPE_EMPTY 0x00000000 // nothing, no property data
#define DEVPROP_TYPE_NULL 0x00000001 // null property data
#define DEVPROP_TYPE_SBYTE 0x00000002 // 8-bit signed int (SBYTE)
#define DEVPROP_TYPE_BYTE 0x00000003 // 8-bit unsigned int (BYTE)
#define DEVPROP_TYPE_INT16 0x00000004 // 16-bit signed int (SHORT)
#define DEVPROP_TYPE_UINT16 0x00000005 // 16-bit unsigned int (USHORT)
#define DEVPROP_TYPE_INT32 0x00000006 // 32-bit signed int (LONG)
#define DEVPROP_TYPE_UINT32 0x00000007 // 32-bit unsigned int (ULONG)
#define DEVPROP_TYPE_INT64 0x00000008 // 64-bit signed int (LONG64)
#define DEVPROP_TYPE_UINT64 0x00000009 // 64-bit unsigned int (ULONG64)
#define DEVPROP_TYPE_FLOAT 0x0000000A // 32-bit floating-point (FLOAT)
#define DEVPROP_TYPE_DOUBLE 0x0000000B // 64-bit floating-point (DOUBLE)
#define DEVPROP_TYPE_DECIMAL 0x0000000C // 128-bit data (DECIMAL)
#define DEVPROP_TYPE_GUID 0x0000000D // 128-bit unique identifier (GUID)
#define DEVPROP_TYPE_CURRENCY 0x0000000E // 64 bit signed int currency value (CURRENCY)
#define DEVPROP_TYPE_DATE 0x0000000F // date (DATE)
#define DEVPROP_TYPE_FILETIME 0x00000010 // file time (FILETIME)
#define DEVPROP_TYPE_BOOLEAN 0x00000011 // 8-bit boolean (DEVPROP_BOOLEAN)
#define DEVPROP_TYPE_STRING 0x00000012 // null-terminated string
#define DEVPROP_TYPE_STRING_LIST (DEVPROP_TYPE_STRING|DEVPROP_TYPEMOD_LIST) // multi-sz string list
#define DEVPROP_TYPE_SECURITY_DESCRIPTOR 0x00000013 // self-relative binary SECURITY_DESCRIPTOR
#define DEVPROP_TYPE_SECURITY_DESCRIPTOR_STRING 0x00000014 // security descriptor string (SDDL format)
#define DEVPROP_TYPE_DEVPROPKEY 0x00000015 // device property key (DEVPROPKEY)
#define DEVPROP_TYPE_DEVPROPTYPE 0x00000016 // device property type (DEVPROPTYPE)
#define DEVPROP_TYPE_BINARY (DEVPROP_TYPE_BYTE|DEVPROP_TYPEMOD_ARRAY) // custom binary data
#define DEVPROP_TYPE_ERROR 0x00000017 // 32-bit Win32 system error code
#define DEVPROP_TYPE_NTSTATUS 0x00000018 // 32-bit NTSTATUS code
#define DEVPROP_TYPE_STRING_INDIRECT 0x00000019 // string resource (@[path\]<dllname>,-<strId>)
//
// Max base DEVPROP_TYPE_ and DEVPROP_TYPEMOD_ values.
//
#define MAX_DEVPROP_TYPE 0x00000019 // max valid DEVPROP_TYPE_ value
#define MAX_DEVPROP_TYPEMOD 0x00002000 // max valid DEVPROP_TYPEMOD_ value
//
// Bitmasks for extracting DEVPROP_TYPE_ and DEVPROP_TYPEMOD_ values.
//
#define DEVPROP_MASK_TYPE 0x00000FFF // range for base DEVPROP_TYPE_ values
#define DEVPROP_MASK_TYPEMOD 0x0000F000 // mask for DEVPROP_TYPEMOD_ type modifiers
从上面定义可以看到,加上DEVPROP_TYPEMOD_ARRAY(数组,元素定长)和DEVPROP_TYPEMOD_LIST(列表,元素变长)的组合可以有几十种类型,如0xffff0007是无符号32位整型类型,0xffff0012是字符串类型等,那怎么从0xfff0007或0xffff0012转换到0x7, 0x12从而明确值类型呢?将上图中的值与DEVPROP_MASK_TYPE逻辑与,得到低12位的值就是值类型,即0xffff0012 & 0x00000fff= 0x12 = DEVPROP_TYPE_STRING。
其实上图这个Porperties注册表很有意思,它是微软Unified Device Property Model(统一设备属性模型)定义下的注册表,值得下回再详细讲一下,欢迎关注哦!
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/82086.html
