COM Log Parser Registry Forcing WOW64 references in 64-bit OS EnvironmentsRSS

1 reply

Last post Jul 22, 2020 07:27 AM by lextm

‹ Previous Thread|Next Thread ›
  • COM Log Parser Registry Forcing WOW64 references in 64-bit OS Environments

    Jul 22, 2020 02:17 AM|trentfromrid|LINK

    I've been searching around all day trying to find an explanation for this, and eventually through trial and error identified the problem, but am unaware if there is a solution.

    Effectively, when attempting to query the registry using LogParser.dll COM reference on a 64-bit OS and a 64-bit C# application, it will force the key to use the WOW64 reference version of whatever path its been given, even if the exactly path its been given does not produce the same values as the WOW64 version. Microsoft.Win32.RegistryKey.GetValue and PowerShell ($keyEntryValue = Get-ItemPropertyValue -Path "Registry::$RegistryPath" -Name $keyEntryName) both show values matching RegEdit. 

    Example:

    Registry Path: HKCR\CLSID\{02AF6DD2-77E6-44DF-B3E1-57CF1476D8EA}\DefaultIcon

    Key Value Name: (Default)

    Expected Key Value: C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL,0

    RegEdit C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL,0
    Log Parser 2.2 COM in 64-bit C# Application test
    PowerShell C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL,0
    System.Win32.RegistryKey in 64-bit C# Application C:\Program Files\Microsoft Office\Root\VFS\System\FM20.DLL,0

    Registry Path: HKCR\WOW6432Node\CLSID\{02AF6DD2-77E6-44DF-B3E1-57CF1476D8EA}\DefaultIcon

    Key Value Name: (Default)

    Expected Key Value: test

    RegEdit test
    Log Parser 2.2 COM in 64-bit C# Application test
    PowerShelltest test
    System.Win32.RegistryKey in 64-bit C# Application test

    Basically if I am intentionally querying the explicit WOW64 reference, then Log Parser works great. But if I am wanting to have it explicitly search for the key I've given it, ignoring its WOW64 equivalent (as the other 3 mediums do), it doesn't work and that's very problematic for me. The Path column still refers to the path I gave it, but the value refers to the WOW64 version if one exists.

    TL;DR

    Is it possible to make Log Parser explicitly return query results for key paths as they are written, rather than using the WOW64 reference key path? Given there's quite a few key paths that are impacted by WOW64, I would hope there would be a workaround: https://docs.microsoft.com/en-us/windows/win32/winprog64/shared-registry-keys

  • Re: COM Log Parser Registry Forcing WOW64 references in 64-bit OS Environments

    Jul 22, 2020 07:27 AM|lextm|LINK

    LogParser does not have 64 bit support, so I wonder if you hit a dead end.

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
‹ Previous Thread|Next Thread ›