Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Tracereg example in detours does not work in Win7. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

     Not all cases of Kernel32!RegOpenKeyExw (or any other registry calls) are detoured as expected. It used to work fine in WinXP  where the hook was on Advapi32!RegOpenKeyExw

    I have screen shot of 1 working and non working stack from Procmon. My case was a 2 line vbs script as below..

    Set WshShell = WScript.CreateObject("WScript.Shell")
    WScript.Echo WshShell.RegRead("HKCR\._sln\v1")

    Displaying image.png

    Not working case:

    Displaying image.png

    Thanks Babraham

    • Moved by Jamles Hez Tuesday, September 8, 2015 1:46 AM
    Thursday, September 3, 2015 7:03 AM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Babraham,

    The screen shot seems not work and I don't think the question related with MSBuild.

    I will move your question to "Where is the forum for" forum to see where is the best place for your question.

    Thanks for your understanding

    --James

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, September 8, 2015 1:45 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I'd ask in the Windows 7 IT Pro forums:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=w7itpro

    Karl

    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join('6D73646E5F6B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

    Tuesday, September 8, 2015 2:32 PM