I am having some issues in c++ with the aforementioned functions. Both are behaving in the exact same way. Here is the process I am seeing:
run code to get registry value. Double check that it found 10000, which it should have (10000 is the default windows limit on GDI objects per process), and it does.
change the registry using regedit to something other than 10000
run the code again, but this time it again finds 10000, when it should have found the new value.
No matter what I try, it will always only find the original value and not the updated value of the registry.
Things i've noticed/tried:
It does this for every value i've looked at, not just GDIProcessHandleQuota. (it doesn't always return 10000 since that's specific to the GDI value, it just always returns the pre-modify value for any given value)
It does this even if i reboot the computer and open regedit to verify the key actually changed before running step 3.
all the results values in the code below (results, results2, results3) are 0, indicating ERROR_SUCCESS (lol), meaning they experienced no issues.
finally, here is the code snippet in which i'm experiencing the problems:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_ALL_ACCESS,
&hKey);
DWORD dwReturn;
DWORD dwBufSize = sizeof(DWORD);
//after this line executes, dwReturn should have the DWORD data of the specified registry key/valuename
LONG result2 = RegQueryValueEx(hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&dwReturn),
&dwBufSize);
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result3 = RegGetValue(hKey,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_ANY,
NULL,
&value,
&size
);
Your issue is most likely caused by the WOW64 emulator when running a 32-bit app on a 64bit machine. Refer to the MSDN documentation for more details:
Registry Keys Affected by WOW64
32-bit and 64-bit Application Data in the Registry
Accessing an Alternate Registry View
To open a 64bit key in a 32bit app, you need to include the KEY_WOW64_64KEY flag when opening the key with RegOpenKeyEx(), or the RRF_SUBKEY_WOW6464KEY flag when opening the key with RegGetValue().
You are also opening the key with too many permissions (which could kick in Registry Virtualization under UAC, but that is disabled on the particular key you are accessing in this example, but you should be aware of it). KEY_ALL_ACCESS will only work for admin users. Most users do not have write access to HKLM, only read-only access, so opening the key with KEY_ALL_ACCESS will fail for non-admins. Always request the minimum permissions you actually need. In this case, open the key for KEY_QUERY_VALUE access.
You are also calling RegGetValue() with the wrong parameter values.
Try something more like this instead:
HKEY hKey;
//open the key for viewing in RegQueryValueEx, store opened handle in hkey
LONG result = RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
0,
KEY_QUERY_VALUE | KEY_WOW64_64KEY,
&hKey);
if (result != ERROR_SUCCESS)
{
...
}
else
{
DWORD value;
DWORD size = sizeof(DWORD);
//after this line executes, value should have the DWORD data of the specified registry key/valuename
result = RegQueryValueEx(
hKey,
"GDIProcessHandleQuota",
0,
0,
reinterpret_cast<LPBYTE>(&value),
&size);
if (result != ERROR_SUCCESS)
{
...
}
size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
result = RegGetValue(
hKey,
NULL,
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}
RegCloseKey(hKey);
}
Alternatively:
DWORD value;
DWORD size = sizeof(DWORD);
//after this executes, value should contain the DWORD data of the specified registry key/valuename
LONG result = RegGetValue(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"GDIProcessHandleQuota",
RRF_RT_REG_DWORD | RRF_SUBKEY_WOW6464KEY,
NULL,
&value,
&size);
if (result != ERROR_SUCCESS)
{
...
}