I'm creating a shadow copy and I want to mount a registry hive from that shadow copy using RegLoadKey() so I go over its content using the normal registry functions.
This usually works well except in certain machines where it doesn't work at all.
I create the shadow copy and get its mount point - something like
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8
I then call
RegLoadKeyW(HKEY_LOCAL_MACHINE, "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8\Windows\System32\config\SOFTWARE", "mntpoint");
This call returns 1009 - The configuration registry database is corrupt.
If I use CreateFileW() I can open this file successfully using that path so it is definitely there.
I've made sure that the shadow copy is created with the registry writer so I don't think that's the issue.
There's no difference if I create the shadow copy and try this after a reboot.
This only happens on some machines. on most it works just fine. I'm not sure what differentiates the machines it doesn't work on.
The machine is a windows 2008 64-bit.
Turns out the problem was that to use
RegLoadKeyW()The loaded hive needs to be somewhere writable. Since the shadow copy is read-only, it failed.When I copied the mounted file outside the shadow copy it worked fine.