RegLoadKey to a hive file from within a Shadow copy [closed]

Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 8 years ago.

I'm creating a shadow copy and I want to mount a registry hive from that shadow copy using RegLoadKey() so I go over its content using the normal registry functions.
This usually works well except in certain machines where it doesn't work at all.

I create the shadow copy and get its mount point - something like
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8
I then call

RegLoadKeyW(HKEY_LOCAL_MACHINE, "\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy8\Windows\System32\config\SOFTWARE", "mntpoint");

This call returns 1009 - The configuration registry database is corrupt.

If I use CreateFileW() I can open this file successfully using that path so it is definitely there.

I've made sure that the shadow copy is created with the registry writer so I don't think that's the issue.
There's no difference if I create the shadow copy and try this after a reboot.
This only happens on some machines. on most it works just fine. I'm not sure what differentiates the machines it doesn't work on.
The machine is a windows 2008 64-bit.

Answer 1

Turns out the problem was that to use RegLoadKeyW() The loaded hive needs to be somewhere writable. Since the shadow copy is read-only, it failed.
When I copied the mounted file outside the shadow copy it worked fine.

Answer 2

Are you loading on the same machine where you created the shadow copy?

One of the RegLoadKeyW() remarks says:

There are two registry hive file formats. Registry hives created on current operating systems typically cannot be loaded by earlier ones.