Jump to content
Sign in to follow this  

Write/delete to/from Registry (HKLM64) when running in 32-bit

Recommended Posts


Hi everybody,

currently I'm optimizing a script (compiled as 32-bit) for copying/deleting/writing to Registry HKLM64.

The main problem is the following code line:

RunAsWait($envOperator, $envLogonDomain, $envPassword, 0, _
    @ComSpec & " /C " & _
    @SystemDir & "\reg.exe COPY " & _
        Chr(034) & "HKU\" & $envUserSID & "\.\HKLM" & Chr(034) & " " & _
        Chr(034) & "HKLM" & Chr(034) & " /F /S", _
    @TempDir, @SW_HIDE)

Notes: Somewhere in the script there is a Registry (HKLM) copy operation,

which requires administrative privileges. Therefore the script uses RunAs(Wait),

so this operation can be done when running the script as a standard user.

When I run the compiled script (32-bit) REG.EXE copies to "HKLM32" (= e. g. "HKLM\Software\Wow6432Node"),

running it in native 64-bit mode REG.EXE copies to HKLM (= "HKLM64"). For a complete solution of my problem,

I have to find out a way how to copying/deleting/writing to Registry HKLM and HKLM64 using RunAs(Wait) and REG.EXE

when running the compiled 32-bit script on a 64-bit operating system.

Sure, I could offer a 32- and 64-bit version, but I would like to avoid that.

May be it's possible to use a DllCall() like this:

DllCall("advapi32.dll", "long", "RegDeleteKeyEx", "long", 2147483650, "string", $keyStr, "long", $KEY_WOW64_32KEY, "long", 0);

or may be there is an alternative to REG.EXE?

Any ideas?



Edited by supersonic

Share this post

Link to post
Share on other sites

Using "HKLM64" or "HKCU64" works only with AutoIt.

REG.EXE can't handle such registry keys.

Share this post

Link to post
Share on other sites

I have found out a way to realize this:

Local $envLogonDomain   = "DOMAIN"
Local $envOperator      = "Administrator"
Local $envPassword      = "password"
RunWait(@ComSpec & ' /C ' & @TempDir & '\psexec.exe \\localhost -u ' & $envLogonDomain & '\' & $envOperator & ' -p "' & $envPassword & '" REG.EXE COPY "HKU\.\TEST" "HKLM\SOFTWARE" /F /S', @TempDir, @SW_HIDE)

When running REG.EXE remotely Windows "thinks" it has to run REG.EXE in 64-bit environment.

This is not my favorite solution...

In order to work you have to make sure

that a firewall is configured properly

and you need PSEXEC.EXE from www.sysinternals.com.

But it works...

Is there a solution for remote executing done in AutoIt nativly?

A more handy solution will be to avoid using PSEXEC.EXE...



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this