#include-once #Include #Region Global Variables and Constants ; #VARIABLES# =================================================================================================================== ; =============================================================================================================================== ; #CONSTANTS# =================================================================================================================== Global Const $REG_KEY_DONT_VIRTUALIZE = 2 Global Const $REG_KEY_DONT_SILENT_FAIL = 4 Global Const $REG_KEY_RECURSE_FLAG = 8 ; =============================================================================================================================== #EndRegion Global Variables and Constants #Region Functions list ; #CURRENT# ===================================================================================================================== ;~ ORCloseHive ;~ ORCloseKey ;~ ORCreateHive ;~ ORCreateKey ;~ ORDeleteKey ;~ ORDeleteValue ;~ OREnumKey ;~ OREnumValue ;~ ORGetValue ;~ ORGetVersion ;~ ORGetVirtualFlags ;~ OROpenHive ;~ OROpenKey ;~ ORQueryInfoKey ;~ ORSaveHive ;~ ORSetValue ;~ ORSetVirtualFlags ; =============================================================================================================================== #EndRegion Functions list ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORCloseHive ; Description ...: Closes the specified offline registry hive and frees memory allocated for the hive. ; Syntax ........: _WinAPI_ORCloseHive($hHive) ; Parameters ....: $hHive - A handle to the root key of the offline registry hive to be closed. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORCloseHive($hHive) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORCloseHive', 'handle', $hHive) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORCloseHive ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORCloseKey ; Description ...: Closes a handle to the specified registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORCloseKey($hKey) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. . ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORCloseKey($hKey) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORCloseKey', 'handle', $hKey) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORCloseKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORCreateHive ; Description ...: Creates an offline registry hive that contains a single empty root key. ; Syntax ........: _WinAPI_ORCreateHive() ; Parameters ....: None ; Return values .: Succes - Handle to the created hive. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORCreateHive() Local $aRet = DllCall('Offreg.dll', 'dword', 'ORCreateHive', 'handle*', 0) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return $aRet[1] EndFunc ; ===> _WinAPI_ORCreateHive ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORCreateKey ; Description ...: Creates the specified registry key in an offline registry hive. If the key already exists, the function opens ; it. ; Syntax ........: _WinAPI_ORCreateKey($hKey, $sSubKey[, $iOptions = 0[, $tSecurity = 0]]) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. . ; $sSubKey - The name of a subkey that this function opens or creates. ; $iOptions - [optional] This parameter can be 0 or one of the following values : ; $REG_OPTION_CREATE_LINK : The key is a symbolic link. The target path is assigned to ; the L"SymbolicLinkValue" value of the key. The target path must be an absolute ; registry path. If this option is set, $REG_OPTION_NON_VOLATILE must also be set. ; If the lpSubKey parameter specifies an existing key, it must have been created ; with $REG_OPTION_CREATE_LINK. ; Registry symbolic links should be used only when absolutely necessary for ; application compatibility. ; $REG_OPTION_NON_VOLATILE : The key is not volatile; this is the default. ; The information is stored in a file and is preserved when ; the system is restarted. The _WinAPI_ORSaveHive() function ; saves keys that are not volatile. ; $tSecurity - [optional] $tagSECURITY_ATTRIBUTES structure that determines whether the returned ; handle can be inherited by child processes. If this parameter is 0 (Default), the ; handle cannot be inherited.. ; Return values .: Success - Handle to the opened or created key, @extended flag will contain one of the following ; disposition values: ; 0 (False) - The key existed and was simply opened without being changed. ; 1 (True) - The key did not exist and was created. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORCreateKey($hKey, $sSubKey, $iOptions = 0, $tSecurity = 0) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORCreateKey', 'handle', $hKey, 'wstr', $sSubKey, 'ptr', 0, _ 'dword', $iOptions, 'struct*', $tSecurity, 'handle*', 0, 'dword*', 0) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return SetExtended(Number($aRet[7] = 1), $aRet[6]) EndFunc ; ===> _WinAPI_ORCreateKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORDeleteKey ; Description ...: Deletes a subkey and its values from an offline registry hive. ; Syntax ........: _WinAPI_ORDeleteKey($hKey, $sSubKey) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. This handle is returned ; by the _WinAPI_ORCreateKey() or _WinAPI_OROpenKey() function. ; $sSubKey - The name of the key to be deleted. It must be a subkey of the key that Handle ; identifies, but it cannot have subkeys. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORDeleteKey($hKey, $sSubKey) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORDeleteKey', 'handle', $hKey, 'wstr', $sSubKey) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORDeleteKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORDeleteValue ; Description ...: Removes a named value from the specified registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORDeleteValue($hKey, $sValueName) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $sValueName - The registry value to be removed. If this parameter is NULL or an empty string, the ; default unnamed value set by the _WinAPI_ORSetValue function is removed. ; Value names are not case sensitive. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORDeleteValue($hKey, $sValueName) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORDeleteValue', 'handle', $hKey, 'wstr', $sValueName) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORDeleteValue ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_OREnumKey ; Description ...: Enumerates the subkeys of the specified open registry key in an offline registry hive. ; The function retrieves information about one subkey each time it is called. ; Syntax ........: _WinAPI_OREnumKey($hKey, $iIndex) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $iIndex - The index of the subkey to retrieve. This parameter should be zero for the first call ; to the function and then incremented for subsequent calls. ; Because subkeys are not ordered, any new subkey will have an arbitrary index. ; This means that the function may return subkeys in any order. ; Return values .: Success - The string that contains the name of the subkey. ; Failure - An empty string. Sets the @error flag to non-zero, @extended flag may contain the ; system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_OREnumKey($hKey, $iIndex) Local $aRet = DllCall('Offreg.dll', 'dword', 'OREnumKey', 'handle', $hKey, 'dword', $iIndex, 'wstr', '', 'dword*', 256, _ 'ptr', 0, 'ptr', 0, 'ptr', 0) If @error Then Return SetError(@error, @extended, '') If $aRet[0] Then Return SetError(10, $aRet[0], '') Return $aRet[3] EndFunc ; ===> _WinAPI_OREnumKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_OREnumValue ; Description ...: Enumerates the values for the specified open registry key in an offline registry hive. ; The function retrieves information for one value under the specified key each time the function is called. ; Syntax ........: _WinAPI_OREnumValue($hKey, $iIndex) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $iIndex - The index of the value to be retrieved. This parameter should be zero for the first ; call to the function and then be incremented for subsequent calls. ; Because values are not ordered, any new value will have an arbitrary index. ; This means that the function may return values in any order. ; Return values .: Succes - The string that contains the name of the value, @extended flag will contain the code ; indicating the type of data ($REG_*) stored in the specified value. ; Failure - An empty string. Sets the @error flag to non-zero, @extended flag may contain the ; system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_OREnumValue($hKey, $iIndex) Local $aRet = DllCall('Offreg.dll', 'dword', 'OREnumValue', 'handle', $hKey, 'dword', $iIndex, 'wstr', '', 'dword*', 16384, _ 'ptr', 0, 'ptr', 0, 'ptr', 0) If @error Then Return SetError(@error, @extended, '') If $aRet[0] Then Return SetError(10, $aRet[0], '') Return SetExtended($aRet[5], $aRet[3]) EndFunc ; ===> _WinAPI_OREnumValue ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORGetValue ; Description ...: Retrieves the type and data for the specified registry value in an offline registry hive. ; Syntax ........: _WinAPI_ORGetValue($hKey, $sKey, $sValueName) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $sKey - The name of the registry key. This key must be a subkey of the key specified by the ; Handle parameter. This parameter can be NULL. ; Key names are not case sensitive. ; $sValueName - The name of the registry value. If this parameter is NULL or an empty string, "", the ; function retrieves the type and data for the key's unnamed or default value, if any. ; Return values .: Success - The value data. @extended flag contains the value type. ; Failure - An empty string. Sets the @error flag to non-zero, @extended flag may contain the ; system error code. - ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORGetValue($hKey, $sKey, $sValueName) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORGetValue', 'handle', $hKey, 'wstr', $sKey, 'wstr', $sValueName, _ 'dword*', 0, 'wstr', '', 'dword*', 16384) If @error Then Return SetError(@error, @extended, '') If $aRet[0] Then Return SetError(10, $aRet[0], '') Return SetExtended($aRet[4], $aRet[5]) EndFunc ; ===> _WinAPI_ORGetValue ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORGetVersion ; Description ...: This function retrieves the version of the offline registry library. ; Syntax ........: _WinAPI_ORGetVersion() ; Parameters ....: None ; Return values .: Success - The array containing the following information : ; [0] - The major version of the offline registry library. ; [1] - The minor version of the offline registry library. ; Failure - An empty string. Sets the @error flag to non-zero, @extended flag may contain the ; system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORGetVersion() Local $aResult[2] Local $aRet = DllCall('Offreg.dll', 'none', 'ORGetVersion', 'dword*', 0, 'dword*', 0) If @error Then Return SetError(@error, @extended, '') $aResult[0] = $aRet[1] $aResult[1] = $aRet[2] Return $aResult EndFunc ; ===> _WinAPI_ORGetVersion ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORGetVirtualFlags ; Description ...: Retrieves the virtual flags on the specified open registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORGetVirtualFlags($hKey) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive ; Return values .: Success - The virtualization flags set for the key. this parameter can be one or more of the ; following values : ; $REG_KEY_DONT_SILENT_FAIL : If this flag is set and an Open operation fails on a key ; that has virtualization enabled, the registry does not attempt to reopen the key. ; $REG_KEY_DONT_VIRTUALIZE : If this flag is set and a Create Key operation fails ; because the caller does not have the KEY_CREATE_SUB_KEY right on the parent key, ; the registry fails the Create operation. If this flag is clear, the registry ; attempts to create the key in the virtual store. ; Failure - An empty string. Sets the @error flag to non-zero, @extended flag may contain the ; system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORGetVirtualFlags($hKey) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORGetVirtualFlags', 'handle', $hKey, 'dword*', 0) If @error Then Return SetError(@error, @extended, '') If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return $aRet[0] EndFunc ; ===> _WinAPI_ORGetVirtualFlags ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_OROpenHive ; Description ...: Loads the specified registry hive file into memory and validates the hive. ; Syntax ........: _WinAPI_OROpenHive($sHivePath) ; Parameters ....: $sHivePath - a string value. ; Return values .: Success - Handle to the root key of the loaded offline registry hive. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_OROpenHive($sHivePath) Local $aRet = DllCall('Offreg.dll', 'dword', 'OROpenHive', 'wstr', $sHivePath, 'handle*', 0) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return $aRet[2] EndFunc ; ===> _WinAPI_OROpenHive ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_OROpenKey ; Description ...: Opens the specified registry key in an offline registry hive. ; Syntax ........: _WinAPI_OROpenKey($hHive, $sSubKey) ; Parameters ....: $hHive - A handle to an open registry key in an offline registry hive.. ; $sSubKey - The name of the registry key to be opened. ; This key must be a subkey of the key identified by the Handle parameter. ; Key names are not case sensitive. ; Return values .: Success - Handle to the opened key. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_OROpenKey($hHive, $sSubKey) Local $aRet = DllCall('Offreg.dll', 'dword', 'OROpenKey', 'handle', $hHive, 'wstr', $sSubKey, 'handle*', 0) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return $aRet[3] EndFunc ; ===> _WinAPI_OROpenKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORQueryInfoKey ; Description ...: Retrieves information about the specified registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORQueryInfoKey($hKey) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; Return values .: Success - The array containing the following information : ; [0] - The number of subkeys that are contained by the specified key. ; [1] - The size of the key's subkey with the longest name. ; [2] - The number of values that are associated with the key. ; [3] - The size of the key's longest value name. ; [4] - The size of the longest data component among the key's values, in bytes. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORQueryInfoKey($hKey) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORQueryInfoKey', 'handle', $hKey, 'ptr', 0, 'ptr', 0, 'dword*', 0, _ 'dword*', 0, 'ptr', 0, 'dword*', 0, 'dword*', 0, 'dword*', 0, 'ptr', 0, 'ptr', 0) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Local $aResult[5] $aResult[0] = $aRet[4] $aResult[1] = $aRet[5] $aResult[2] = $aRet[7] $aResult[3] = $aRet[8] $aResult[4] = $aRet[9] Return $aResult EndFunc ; ===> _WinAPI_ORQueryInfoKey ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORSaveHive ; Description ...: Writes the specified offline registry hive to a file. ; Syntax ........: _WinAPI_ORSaveHive($hHive, $sHivePath, $iOsMajorVersion, $iOsMinorVersion) ; Parameters ....: $hHive - A handle to the offline registry hive to save. ; $sHivePath - A pointer to a Unicode string that specifies the name of the registry hive file. ; This cannot be the name of an existing file. ; $iOsMajorVersion - The major version number of the operating system. This member can be one of the ; following values : ; 5 - If $iOsMinorVersion is 1, the operating system is Windows XP. ; If $iOsMinorVersion is 2, the operating system is Windows Server 2003 R2, ; Windows Server 2003, or Windows XP Professional x64 Edition. ; 6 - If $iOsMinorVersion is 0, the operating system is Windows Server 2008 or ; Windows Vista. ; If $iOsMinorVersion is 1, the operating system is Windows Server 2008 R2 or ; Windows 7. ; $iOsMinorVersion - The minor version number of the operating system. This member can be one of the ; following values : ; 0 - If $iOsMajorVersion is 6, the operating system is Windows Server 2008 or ; Windows Vista. ; 1 - If $iOsMajorVersion is 5, the operating system is Windows XP. ; If dwOsMajorVersion is 6, the operating system is Windows Server 2008 R2 or ; Windows 7. ; 2 - If $iOsMajorVersion is 5, the operating system is Windows Server 2003 R2, ; Windows Server 2003, or Windows XP Professional x64 Edition. ; If $iOsMajorVersion is 6, the $iOsMinorVersion parameter must be 0 or 1. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORSaveHive($hHive, $sHivePath, $iOsMajorVersion, $iOsMinorVersion) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORSaveHive', 'handle', $hHive, 'wstr', $sHivePath, _ 'dword', $iOsMajorVersion, 'dword', $iOsMinorVersion) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORSaveHive ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORSetValue ; Description ...: Sets the data for the value of a specified registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORSetValue($hKey, $sValueName, $iType, $tValueData, $iBytes) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $sValueName - The name of the value to be set. If a value with this name is not already present in ; the key, the function adds it to the key. ; If $sValueName is empty, the function sets the type and data for the key's unnamed or ; default value. ; $iType - The type of data. This parameter can be one of the following values : ; $REG_BINARY ; $REG_DWORD ; $REG_DWORD_BIG_ENDIAN ; $REG_DWORD_LITTLE_ENDIAN ; $REG_EXPAND_SZ ; $REG_LINK ; $REG_MULTI_SZ ; $REG_NONE ; $REG_QWORD ; $REG_QWORD_LITTLE_ENDIAN ; $REG_SZ ; $tValueData - The data to be stored. ; For string-based types, such as REG_SZ, the string must be null-terminated. ; For the REG_MULTI_SZ data type, the string must be terminated with two null characters. ; $iBytes - The size of the data, in bytes. If the data has the REG_SZ, REG_MULTI_SZ or ; REG_EXPAND_SZ type, this size includes any terminating null character or characters ; unless the data was stored without them. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORSetValue($hKey, $sValueName, $iType, $tValueData, $iBytes) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORSetValue', 'handle', $hKey, 'wstr', $sValueName, 'dword', $iType, _ 'struct*', $tValueData, 'dword', $iBytes) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORSetValue ; #FUNCTION# ==================================================================================================================== ; Name ..........: _WinAPI_ORSetVirtualFlags ; Description ...: Sets virtualization flags on the specified open registry key in an offline registry hive. ; Syntax ........: _WinAPI_ORSetVirtualFlags($hKey, $iFlag) ; Parameters ....: $hKey - A handle to an open registry key in an offline registry hive. ; $iFlag - This parameter controls the behavior of the registry when a Create or Open operation ; fails on a key in a virtualized hive. This parameter can be one or more of the ; following values : ; $REG_KEY_DONT_SILENT_FAIL : If this flag is set and an Open operation fails on a key ; for which virtualization is enabled, the registry does not attempt to reopen the ; key. If this flag is clear, the registry attempts to reopen the key with the ; MAXIMUM_ALLOWED access. ; REG_KEY_DONT_VIRTUALIZE : If this flag is set and a Create Key operation fails ; because the caller does not have the KEY_CREATE_SUB_KEY right on the parent key, ; the registry fails the Create operation. If this flag is clear, the registry ; attempts to create the key in the virtual store. The caller must have the ; KEY_READ right on the parent key. ; REG_KEY_RECURSE_FLAG :I f this flag is set, registry virtualization flags are ; propagated from the parent key. If this flag is clear, registry virtualization ; flags are not propagated. ; Return values .: Success - 1. ; Failure - 0. Sets the @error flag to non-zero, @extended flag may contain the system error code. ; Author ........: jguinch ; =============================================================================================================================== Func _WinAPI_ORSetVirtualFlags($hKey, $iFlag) Local $aRet = DllCall('Offreg.dll', 'dword', 'ORSetVirtualFlags', 'handle', $hKey, 'dword', $iFlag) If @error Then Return SetError(@error, @extended, 0) If $aRet[0] Then Return SetError(10, $aRet[0], 0) Return 1 EndFunc ; ===> _WinAPI_ORSetVirtualFlags