PDA

View Full Version : Reading Windows Registry hive files


dinesh123
8th December 2015, 09:53
Hi,
Is it possible to read the registry hive files directly from the hard disk [say from %systemroot%/system32/config location] or from the attached mirror image hard disk using QT4 ?
If yes, then how it can be done?
Please reply
yeye_olive
8th December 2015, 10:42
There is nothing in Qt to do something this specific. However, Microsoft provides some APIs to access the registry. I mentioned the Win32 API in a previous thread you created on this forum, and I suppose you checked out the registry section of this API back then. I have, and it appears that it can only be used to access the registry of the current system. I googled "win32 offline registry api" and found out that Microsoft provides another API that lets you load and inspect any registry file (for instance, one on a disk that you mount on a rescue system for offline maintenance).
dinesh123
8th December 2015, 11:24
Thanks, I will check it.
dinesh123
9th December 2015, 08:18
I have used offreg.dll . In order to make use of this dll i have modified the .pro file as below:
TEMPLATE = app
TARGET +=
DEPENDPATH += .
INCLUDEPATH += C:/DLL
LIBS += -LC:/DLL -loffreg.dll
# Input
HEADERS += button.h tool.h
SOURCES += button.cpp main.cpp tool.cpp
And included the following code in main.cpp as follows:

QLibrary library ("offreg.dll");
library.oropenhive("C:\Windows\System32\Config\Software");

But i am getting error "QLibrary has no member named oropenhive"
Can you suggest me something on this. where i am making mistake?
yeye_olive
9th December 2015, 11:40
Well, the error message is crystal clear. Have a look at the documentation for the QLibrary class; you will see that it has no method named "oropenhive". You need to learn C++ before you try anything with Qt.

QLibrary is used to load a library at runtime; its resolve() method is the one that looks up a symbol and returns a pointer to it. QLibrary is used for things like plugins, that may be loaded/unloaded on demand during the execution of the program.

In your case the library is linked with your executable, which means that it will be automatically loaded by the OS at the same time as your executable. It will be the loader's job to resolve symbols. No need for QLibrary. All you have to do in your code is include the header files and call the library's functions, such as OROpenHive.