Click here to Skip to main content
15,867,771 members
Articles / Desktop Programming / Win32

A .NET NT Registry Library and NT Registry Editor

Rate me:
Please Sign up or sign in to vote.
4.82/5 (7 votes)
26 May 2012CPOL3 min read 23.5K   1.5K   17   3
A .NET wrapper for NT Registry and a .NET NT RegEdit demo

Introduction

This article contributes a .NET wrapper for manipulating Windows Registry with NT native APIs, so-called NtRegistry. The library has almost identical interface to the Win32 Registry library of .NET framework. I also created an NT Registry Editor (ie NtRegEdit) both to demonstrate how to use the library, and potentially a(nother) registry editor. An interesting point is NtRegEdit can deal with hidden keys, as described in Dan Madden's article (see Background). 

Background 

This article is inspired from the popular article Registry Manipulation Using NT Native APIs by Dan Madden. Naughty readers are encouraged to read his article to gain some understanding about the NT native functions, and how it is possible to hide a key from Win32 registry API. 

Anyway, I will give a quick explanation: NT native functions work with Unicode string, with specified length, while Win32 uses NULL-terminated ANSI (8-bit) or wide character (16-bit), therefore if a key is created with NT native API and contain a NULL character, Win32 API will not be able to read it. Since many Registry Editor use Win32 API, the hidden key will remain hidden for them. Not for my NtRegEdit thought!  

Using the code 

Using the NTRe<code>gistry library should be straight forward, since class structure is identical to that of .NET registry library. All methods are well-documented. 

The following code demonstrates how to open the HKEY_CURRENT_USER and create a subkey "My Key" and add a value "Pi" into the newly created key. Note that if "My Key" already exists, it will simply be open, and if "Pi" already exists, it will simply be overwritten. 

C#
using NTRegistry; 

...

var hkcu = NtRegistry.CurrentUser;
var myKey = hkcu.CreateSubKey("My Key");
myKey.SetValue("Pi", "3.14");    

If you want to create a hidden key, simply put a "\0" into the key name.

C#
var myKey = hkcu.CreateSubKey("My\0Key");

Run regedit, and try to access the hidden key (it will be displayed as "My", since the rest has been stripped away when Win32 API encounters the NULL character), and you will see an error message, like below. 

  

Enumerate subkeys of a key:

C#
foreach (var subkeyName in key.GetSubKeyNames())
{
    var subkey = key.OpenSubKey(subkeyName);
    // Do whatever here...
}  

Enumerate values of a key: 

C#
foreach (var valueName in key.GetValueNames())
{
    var kind = key.GetValueKind(valueName);
    var data = key.GetValue(valueName);
    // Do whatever here...
}  

Easy, isn't it?

Using the NtRegEdit  

NtRegEdit mimics functionalities of Windows RegEdit utilities, but is less powerful. It is mainly for demo purpose, so don't ask too much.

However it can create / delete hidden keys, which is a fun thing to play with. I like seeing how Windows RegEdit complains about those keys. Hidden keys are displayed with backslashes replacing NULL character, eg if a key is displayed as "My\Secret" in NtRegEdit, that means its real name is {"M", "y", NULL, "S", "e", "c", "r", "e", "t"}

Known Problems   

Thought the class structure remains almost the same as .NET registry library,  NtRegistry may behave slightly different and not very optimized. It was not designed with speed in mind, but it should be fast enought for most purposes, unless you plan to massively flood the registry. 

NtRegEdit encounters some privilege-related problems when trying to access certain keys (this happens not very often). I just ignore these "invalid" keys.

Credits   

Apart from Dan Madden's article, the ntdll wrapper functions were copied from open source project Process Hacker. Icons were acquired from IconArchive.

History 

26 May, 2012 - Submitted first version.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer (Senior)
Australia Australia
Master of IT, University of Technology Sydney

Bachelor Degree in Telecommunication, Hochiminh University of Technology, Vietnam

A few years of experience with .NET technology, computer graphics + animation, web development, algorithm design and many other things.

Comments and Discussions

 
QuestionQuestion Pin
Member 1255218723-May-17 13:14
Member 1255218723-May-17 13:14 
QuestionWindows 10 is locking developers and sys-admin out Pin
stopthespying19-Apr-16 0:18
stopthespying19-Apr-16 0:18 
More and more Microsoft is annomizing the windows registry using GUID's and encrypted values and the windows registry already contained over 400,000 keys in windows 8 and some keys are twelve levels deep and i have never managed to backup and restore the windows registry since version eight was released and just end up with a machine that won't boot.

What really upsets me is that in Windows ten we have been locked out even when running regedit as an administrator and taking ownership of keys you are not allowed to changed values and the windows UI just leaves you running around as if it must be your fault

Try playing with the startup value for defender at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
to see what I am saying on windows 10 and Microsoft is also doing the same with schedule tasks so you cannot stop them but for some reason they forgot to block us from deleting them.

Task manager on windows 10 offers the option of rebooting if you want to kill process that you could kill without trouble in windows 7/8 which is no option at all since the same processes would load after the re-boot so i ended up having to write my own noddy task-manager but i bet Microsoft will lock that out soon too if they keep on down this path.

My computer does not feel like my own anymore even with all the registry hacks that I know about
GeneralMy vote of 5 Pin
Sperneder Patrick26-May-12 7:40
professionalSperneder Patrick26-May-12 7:40 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.