[译]如何保存和还原注册表项

By robot-v1.0

本文链接 https://www.kyfws.com/applications/how-to-save-and-restore-registry-keys-zh/

版权声明 本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!

- 6 分钟阅读 - 2865 个词 阅读量 0

[译]如何保存和还原注册表项

原文地址:https://www.codeproject.com/Articles/7874/How-to-Save-and-Restore-Registry-Keys

原文作者:JOHN11

译文由本站 robot-v1.0 翻译

前言

This article shows how to save and restore registry keys and provides a command-line tool demonstrating how to do it.

本文介绍了如何保存和还原注册表项,并提供了一个演示如何执行此操作的命令行工具.

此更新中有什么新内容(What’s new in this update)

  • 提供的工具还有一个可选参数/F(The provided tool has one more optional parameter /F):此参数可用于强制执行还原操作.在许多情况下,包括注册表项(包括配置单元)在内的还原注册表项操作,可能需要使用此参数.(: This parameter can be used to force the restore operation. Using this parameter can be necessary in many cases in which the restore registry keys operation including hives ()**香港中文大学(HKCU)**和(and)HKLM(HKLM)),如果键已锁定,即在某些过程中某些子键上的句柄已打开但未关闭,则无法使用.() is not possible if keys are locked, i.e., handles are opened and not closed on some sub-keys by some processes.)
  • 现在可以保存/还原整个注册表(Saving/Restoring whole registry is now possible):由于使用了参数(: As a consequence of using the parameter)**/F(/F)**在还原注册表时,现在可以保存和还原用户注册表配置单元,例如:(in restoring the registry, it is now possible to save and restore user registry hives, for example:)
  • 如果发生某些错误,错误代码和描述会打印在DOS控制台中,但是如果成功,程序仍然返回1,否则返回0.(If some error occurs, the error code and description are printed in the DOS console, but the program still returns 1 if success and 0 otherwise.)

介绍(Introduction)

首先,我为我的英语不好对不起.本文介绍如何使用Windows API函数保存和还原注册表项:(First of all, I apologize for my bad English. This article shows how to save and restore registry keys using the Windows API functions:) RegSaveKey 和(and) RegRestoreKey 分别提供了实现这两项任务的工具.(respectively and provides a tool to achieve these two tasks.)

根据MSDN,这两个API函数需要两个特权,即(According to MSDN, these two API functions require two privileges, namely) SE_BACKUP_NAME ((() SeBackupPrivilege )和/或() and/or) SE_RESTORE_NAME ((() SeRestorePrivilege ),即使当前流程令牌具有管理员权限.因此,管理员帐户应使用本文中介绍的工具.() even if the current process token has administrator rights. As a consequence, the tool presented in this article should be used by an administrator account.)

在某些情况下,可以使用本文附带的实用程序:(These are some situations where the article’s attached utility program can be used:)

  • **个人档案经理(Profiles manager)**仅用于必须保存和还原的注册表的重要部分,而不是整个用户注册表.(for only important parts of the registry that must be saved and restored and not necessarily the whole user registry.)
  • **打印机经理(Printers manager)**例如,在OS迁移过程中保存和恢复用户的打印机配置.(to save and restore users' printer configurations in the OS migration process, for example.)
  • 软件配置(Software configuration).而不是使用(. Instead of using).REG(.REG*)*通过导出注册表项然后导入它们来导出文件,我们可以使用此实用程序将密钥保存到文件中,当需要配置软件时,我们将生成的输出文件还原到注册表中.(*files by exporting registry keys and then importing them, we can save keys to files using this utility and when it’s time to configure the software, we restore the produced output files to the registry.*)

如何使用工具(How to use the tool)

句法:(Syntax:)

这是工具语法,如上图所示:(This is the tool syntax as indicated in the picture above:)

RegSaveRestore /S|/R ROOT KEY FILE [/F]
/S   To save a registry key to file.
/R   To restore a registry key from file.
ROOT Take HKCU or HHLM.
KEY  Subkey path.
FILE Input file in restore mode or Output file in save mode.
/F   This parameter can be used optionnally to force restoring operation.

如果成功,该工具将返回0,否则将返回1,而不考虑实际的错误代码.(The tool returns 0 if success, otherwise it returns 1 without any consideration of the real error code.)

例子:(Examples:)

这是两个简单的示例来展示如何使用该工具.第一个将密钥HKLM \ Software \ MyKey(以及所有MyKey子项和值)保存到文件中(These are two simple examples to show how to use the tool. The first one saves the key HKLM\Software\MyKey (with all MyKey subkeys and values) to the file)*C:\ MyKey.dat(C:\MyKey.dat)*第二个文件以强制模式将此文件还原到相同的密钥HKLM \ Software \ MyKey.确保您没有使用Regedit或其他任何方式进行编辑;否则,该程序将因访问被拒绝错误而失败,因为Regedit将密钥锁定在编辑模式下.(and the second one restores this file in force mode to the same key HKLM\Software\MyKey. Make sure that you are not editing by using Regedit or any other way; otherwise the program will fail by the Access denied error, since Regedit locks the key in edit mode.)

|将HKLM \ Software \ MyKey保存在(Saving HKLM\Software\MyKey in)C:\ MyKey.dat(C:\MyKey.dat):(:)

RegSaveRestore/S HKLM软件\ MyKey C:\ MyKey.dat(RegSaveRestore /S HKLM Software\MyKey C:\MyKey.dat)
使用还原HKLM \ Software \ MyKey(Restoring HKLM\Software\MyKey using)C:\MyKey.dat:

|RegSaveRestore/R HKLM软件\ MyKey C:\ MyKey.dat/F(RegSaveRestore /R HKLM Software\MyKey C:\MyKey.dat /F)| |将HKLM \软件保存在(Saving HKLM\Software in)C:\ Software .dat(C:\Software .dat):

|RegSaveRestore/S HKLM软件C:\ Software.dat(RegSaveRestore /S HKLM Software C:\Software.dat)| |使用还原HKLM \ Software(Restoring HKLM\Software using)C:\Software.dat:

|RegSaveRestore/R HKLM软件C:\ Software.dat/F(RegSaveRestore /R HKLM Software C:\Software.dat /F)|

备注:(Remark:)

该工具不提供任何方法来保护还原阶段的备份文件.更确切地说,假设(The tool does not provide any means to secure backup files for the restore phase. To be more precise, suppose that)*MyKet.dat(MyKet.dat)*已由示例1提供.然后文件被错误地更改或损坏,然后需要恢复该文件时,该工具将失败,最糟糕的是,在以下情况下,将自动删除密钥HKLM \ Software \ MyKey(has been provided by Example 1., and then the file has been changed incorrectly or corrupted, then when it comes the time to restore it, the tool will fail, and worst, the key HKLM\Software\MyKey will be deleted automatically when) RegRestoreKey 叫做.我希望我会在以后的文章中介绍一种使99.99%安全的任务简单的方法!为了使其安全和自动,我们必须回答两个基本问题:(is called. I hope that I will present in a future article an easy way to make such a task 99.99% secure! In order to make it secure and automatic, we have to answer two basic questions:)

  • 哪个文件转到哪个密钥?(Which file goes to which key?)
  • 如何确保转到相应密钥的文件正确?(How to be sure that the file going to a corresponding key is the right one?)

使用代码(Using the code)

该工具项目是一个控制台MFC应用程序,可以通过进行一些小的更改将其自由更改为MFC.用于将注册表项保存到文件的函数是:(The tool project is a console MFC application and it can be freely changed to MFC by making some minor changes. The function used to save the registry key to a file is:)

//  Save registry key SubKey to file OutFile
//  Return TRUE if success, otherwise it returns FALSE
//  Note that the error code d is used only as a local variable information
BOOL SaveRegKeyPath(CString &Root, CString &SubKey, CString &OutFile)
{
  BOOL  ret=TRUE;
  HKEY  hKey=NULL;
  DWORD  d;
  HKEY  hRoot;

  //  Set SE_BACKUP_NAME privilege
  
  SetPrivilege(SE_BACKUP_NAME,TRUE);
  //  Determine the hive
 
  hRoot=(Root.CompareNoCase(HKCU)==0)?HKEY_CURRENT_USER:HKEY_LOCAL_MACHINE;
  //  We have to save only existing key ! (KEY_READ parameter below)
  if (RegOpenKeyEx(hRoot, SubKey,0,KEY_READ, &hKey)==ERROR_SUCCESS)  {
    if (IsFileExist(OutFile)){
      //we must delete file before saving, otherwise it doesn't work !
      if (DeleteFile(OutFile)) 
        d=RegSaveKey(hKey,OutFile,NULL);
    } else d=RegSaveKey(hKey,OutFile,NULL);
    if (d!=ERROR_SUCCESS)
      ret=FALSE;
   
    RegCloseKey(hKey); 
  }
  else {
    if (IsKeyExist(hRoot,SubKey)==FALSE)
      d=ERROR_FILE_NOT_FOUND;
    else d=0;
    ret=FALSE;
  }
 
  SetPrivilege(SE_BACKUP_NAME,FALSE);

  return ret;
}

用于从文件还原注册表项的函数是:(The function used to restore the registry key from a file is:)

// Restore registry key SubKey from file InFile
// If Force=TRUE then we force the restore operation
// Return TRUE if success, otherwise it returns FALSE
BOOL LoadRegKeyPath(CString &Root, CString &SubKey, CString &InFile, BOOL Force)
{
    BOOL    ret=TRUE;
    HKEY    hKey=NULL;
    DWORD    d;
    HKEY    hRoot;

    SetPrivilege(SE_RESTORE_NAME,TRUE);
    SetPrivilege(SE_BACKUP_NAME,TRUE);

    hRoot=(Root.CompareNoCase(HKCU)==0)?HKEY_CURRENT_USER:HKEY_LOCAL_MACHINE;
    if (!IsFileExist(InFile)) {
        d=ERROR_FILE_NOT_FOUND;
        PrintError(d);
        ret=FALSE;
    }
    else {
        HKEY    hhKey;
        char    lpClass[80];
        DWORD    lpDisposition=0;
        if (RegCreateKeyEx(hRoot,SubKey,0,lpClass, REG_OPTION_BACKUP_RESTORE,
            KEY_ALL_ACCESS, NULL, &hhKey, 
            &lpDisposition)==ERROR_SUCCESS) {

            d=RegRestoreKey(hhKey,InFile,
              (Force==FALSE)?REG_NO_LAZY_FLUSH:REG_FORCE_RESTORE);
            RegCloseKey(hhKey);
            if (d!=ERROR_SUCCESS) {
                PrintError(d);
                ret=FALSE;
            }
        } else ret=FALSE; 
    }

    SetPrivilege(SE_RESTORE_NAME,FALSE);
    SetPrivilege(SE_BACKUP_NAME,FALSE);

    return ret;
}

我邀请读者进入源代码看看中间功能(I invite readers to go into the source code to take a look at the intermediate functions) SetPrivilege ,(,) IsKeyExist 和(and) IsFileExist 在上面的代码中使用.(used in the code above.)

结论(Conclusion)

我希望您已经学到了本文中的一些新内容,并且随附的工具将对您有所帮助.如前所述,我希望在以后的文章中,我将提供一种使用此工具的安全方法.实际上,本文应该仅回答上述两个问题.(I hope that you have learned some thing new in this article and the accompanying tool will be of help for you. As I said before, I hope that in a future article I will provide a secure method to use this tool. In fact, the article should just answer the two questions above.)

历史(History)

  • 1.0.0.1版-2004年8月1日(Version 1.0.0.1 - August 1, 2004)
  • 版本2.0.0.0-2005年11月16日(Version 2.0.0.0 - November 16, 2005)

许可

本文以及所有相关的源代码和文件均已获得The Code Project Open License (CPOL)的许可。

C++ VC6 Windows Visual-Studio Dev 新闻 翻译