I am trying to get a handle to the Registry hive "\REGISTRY\A{GUID}" and enumerate the keys under that handle. I been searching for hours but still hasn't got a clue on how to open or enumerate it.Please help me get to the correct API to do so. Btw, RegOpenKeyEx() and RegEnumKeyEx() doesn't work, I tried.
Applications with handles for "\REGISTRY\A\{GUID}" paths have either called RegLoadAppKey or NtLoadKeyEx. RegLoadAppKey loads a private application hive at an automatically generated path, "\REGISTRY\A\{GUID}". It returns a handle for the hive's root Key, and subkeys can be enumerated, created and opened relative to this handle.
It used to be possible to open "A" relative to a handle for "\REGISTRY" and enumerate its subkeys. This is no longer allowed in Windows 10. I assume access is restricted in the Configuration Manager's parse procedure for Key objects, CmpParseKey. However, you can still inspect this Key using a kernel debugger with commands such as !reg q \REGISTRY\A.