Skip to content

Instantly share code, notes, and snippets.

@ssfang

ssfang/ReadRegistryEntryUnderWow6432Node.md

Last active July 29, 2016 03:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ssfang/077e502e23d01e9d007068f219d1e132 to your computer and use it in GitHub Desktop.
Save ssfang/077e502e23d01e9d007068f219d1e132 to your computer and use it in GitHub Desktop.
Download ZIP
A 32bit app read a registry entry on a 64bit windows
Raw
ReadRegistryEntryUnderWow6432Node.md

A. The Wow6432 registry entry indicates that you're running a 64-bit version of Windows. The OS uses this key to present a separate view of HKEY_LOCAL_MACHINE\SOFTWARE for 32-bit applications that run on a 64-bit version of Windows. When a 32-bit application queries a value under the HKEY_LOCAL_MACHINE\SOFTWARE<company><product> subkey, the application reads from the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node<company><product> subkey.

The figure below shows the structure under Wow6432Node that 32-bit applications will see. A "registry reflector" copies certain values between the 32-bit and 64-bit registry views (e.g., mainly for COM registration) and resolves any conflicts using a last-writer-wins approach.

If we run cmd by the Win+R shortcut, in that case a 64-bit cmd.exe will be launched, only if by %systemroot%\syswow64\cmd.

@echo off
setlocal ENABLEEXTENSIONS

:: bad, The **Wow6432Node** key is reserved. For compatibility, applications should not use this key directly.
set KEY_NAME="HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\xx"
set VALUE_NAME=ExePath


set "Reg32=%SystemRoot%\SysWOW64\reg.exe" 
if not exist "%Reg32%" SET "Reg32=%SystemRoot%\System32\reg.exe"

:: On win64, Reg32 handles 32bit the Registry node
:: e.g. KEY_NAME = HKEY_LOCAL_MACHINE\SOFTWARE\xx will be redirect to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\xx
:: "%Reg32%" query "%KEY_NAME%" /v "%VALUE_NAME%"

FOR /F "tokens=1,2*" %%A IN ('%Reg32% query %KEY_NAME% /v %VALUE_NAME%') DO (echo %%A, %%B, %%C)
::FOR /F "tokens=2*" %%A IN ('%Reg32% query %KEY_NAME% /v %VALUE_NAME%') DO (set ValueValue=%%~dpB )
::echo %ValueValue%




::http://stackoverflow.com/questions/445167/how-can-i-get-the-value-of-a-registry-key-from-within-a-batch-script
:: http://www.robvanderwoude.com/ntfortokens.php
:: Use 1-2* rather than 1-3 in case that there is more than on space in <ValueValue>, e.g. "Path REG_SZ C:\Program Files (x86)"
FOR /F "usebackq skip=2 tokens=1-2*" %%A IN (`REG QUERY %KEY_NAME% /v %VALUE_NAME% 2^>nul`) DO (
    set ValueName=%%A
    set ValueType=%%B
    set ValueValue=%%C
)

if defined ValueName (
    @echo Value Name = %ValueName%
    @echo Value Type = %ValueType%
    @echo Value Value = "%ValueValue%"
) else (
    @echo "%KEY_NAME:"=%\%VALUE_NAME%" not found.
)

pause


FOR /F "tokens=2*" %%A IN ('REG.exe query "%KEY_NAME%" /v "%VALUE_NAME%"') DO (set ValueValue=%%B)
echo %ValueValue%

:: input on the cmd.exe console windows 
:: FOR /F "tokens=2*" %A IN ('REG.exe query "%KEY_NAME%" /v "%VALUE_NAME%" /reg:32') DO (set ValueValue=%B)

:eof
endlocal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment