Introduction
Did you ever wonder how RegJump from Sysinternals works? I was quite amazed when I first saw that functionality and was wondering how this could be done in C#.
The library presented here uses Windows messages to automate Regedit. The content of the tree is read by TVM_GETITEM messages and the tree is navigated by issuing WM_Keyxx messages appropriately. The only tricky part is handling memory allocation for TVM_GETITEM. Because the message is sent to another process, the memory used by the message has to be allocated in the target process. Fortunately, this can be done by using VirtualAllocEx and providing a handle to the remote process.
Jeffrey Richter has an article on MSJ that describes in detail how it's done, Cory Nelson wrote an excellent article which is using the same technique and Chris Taylor had some interop code on his blog that I could use.
Using the Code
The following code fragment shows how the code from the sample project is used:
RegEditLocator.Locate(@"HKCU\SOFTWARE\Microsoft\.NETFramework");
Points of Interest
According to MSDN, the function OpenProcess requires SeDebugPrivilege to work. I tried to verify this by running the sample program on a normal user account in XP and was quite surprised that it worked. Repeating the same test in Vista gave me the expected result: the program will not work with a limited account.
Another issue I don't feel quite comfortable with is that the implementation is basically a hack that relies on internals of Regedit.exe. This means that any hotfix or security update from Microsoft can potentially break the code.
The code is meant to be more of a guide/example on how to automate an application using messages in C# than a library ready to be used in production code.
History
- 30th August, 2007: Initial post
