473,378 Members | 1,393 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > odd registry behaviour

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Odd registry behaviour

Hi,

can someone explain me this behaviour:

(steps to reproduce)
1. Open HKLM/SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion
2. Look at the "Sources" value
3. Now create new key under the "Application"
4. The new key is magically added to the "Sources" value (along with "New
key #") when you refresh the view

And what is more strange, when you delete all the changes (the value is not
restored back when you delete the key) and do the steps again with the same
new key name, the "Sources" value is not modified.
And when you use different name for the new key, the "Sources" is again
modified and all the new keys that you created/erased somehow magically
reappear.

Regards, Jan

PS: Works for me on Win2k and WinNT (remotely modified from Win2k machine
with regedt32)
PS2: Also works when you use registry API to create the new key (I am
fiddling with services)

Nov 17 '05 #1
5 1249
Interesting! But not magic. :)

Using regmon from sysinternals.com you can see services.exe makes this
change... services.exe is (at least) the EventLog service.

You can be notified of registry changes with RegNotifyChangeKeyValue.

The question is why does services.exe do this.

Maybe it's some optimisation - saves having to scan all keys when
writing each event. But why "cache" it back in the registry? I don't
know...


Jan Bares wrote:
Hi,

can someone explain me this behaviour:

(steps to reproduce)
1. Open HKLM/SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion
2. Look at the "Sources" value
3. Now create new key under the "Application"
4. The new key is magically added to the "Sources" value (along with "New
key #") when you refresh the view

And what is more strange, when you delete all the changes (the value is not
restored back when you delete the key) and do the steps again with the same
new key name, the "Sources" value is not modified.
And when you use different name for the new key, the "Sources" is again
modified and all the new keys that you created/erased somehow magically
reappear.

Regards, Jan

PS: Works for me on Win2k and WinNT (remotely modified from Win2k machine
with regedt32)
PS2: Also works when you use registry API to create the new key (I am
fiddling with services)


Nov 17 '05 #2
> Interesting! But not magic. :)

Using regmon from sysinternals.com you can see services.exe makes this
change... services.exe is (at least) the EventLog service.

You can be notified of registry changes with RegNotifyChangeKeyValue.
Yes, I know that this is possible

The question is why does services.exe do this.

Maybe it's some optimisation - saves having to scan all keys when
writing each event. But why "cache" it back in the registry? I don't
know...


Then why when I delete the key the "Sources" are not updated too?
And the caching of old values is really strange things, seems like bug.

Jan
Nov 17 '05 #3
>>The question is why does services.exe do this.

Maybe it's some optimisation - saves having to scan all keys when
writing each event. But why "cache" it back in the registry? I don't
know...

Then why when I delete the key the "Sources" are not updated too?
And the caching of old values is really strange things, seems like bug.


Maybe it fixes up "Sources" when the EventLog service restarts... Maybe
not.

Without knowing the intended behaviour, it's hard to call it a bug.
Nov 17 '05 #4
Hi Doug and Jan,
Maybe it's some optimisation - saves having to scan all keys when
writing each event. But why "cache" it back in the registry? I don't
know...


On the scenario of manipulating the registry key Eventlog\Application
directly, it will seem a little odd, however this behavior is designed for
the use of services.exe, it uses this approach to add the event source
names to the "Sources" value for *itself*, and deletes the expired source
name with another method.

We recommend the developers use the proper way to registry an event log
source application as you know :)
Thanks for your understanding!

Best regards,

Gary Chang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Nov 17 '05 #5
Hi Gary
On the scenario of manipulating the registry key Eventlog\Application
directly, it will seem a little odd, however this behavior is designed for
the use of services.exe, it uses this approach to add the event source
names to the "Sources" value for *itself*, and deletes the expired source
name with another method.

We recommend the developers use the proper way to registry an event log
source application as you know :)


What is the proper way then? Call RegisterEventSource() and create the
registry key in SYSTEM\\CurrentControlSet\\Services\\EventLog\\App lication\\
and do not modify "Sources"?
And during uninstall call DeregisterEventSource() and delete the key?

Where should I delete the entries that appear in Event Viewer
View/Filter/EventSource? During debugging I added new values and now I don't
know how to delete them, because they are not present in "Sources" but I
still see them in the Event Viewer filter settings...

Thank you, Jan
Nov 17 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
.NET and registry
by: Rohit Santhanam | last post by:
As I am reading the .NET documentation, I get the feeling that Microsoft is trying to get rid of the registry. My understanding is that an application built using .NET does not use the registry...
.NET Framework
0
Interpretation of registry log of tweakui produced registry alteration
by: vincemoon | last post by:
Below is an excerpt from my Registry Log, created by Redmon, showing the process whereby TweakUI added the compressed folder option to the new sub-menu in the right click context menu for open...
.NET Framework
8
New Registry Variables in 8.2.2 (FP9)
by: Mark A | last post by:
Here is the description of a new feature in 8.2.2 (FP9) from the InfoCenter: "DB2_SKIPINSERTED registry variable You can use the DB2_SKIPINSERTED registry variable to skip uncommitted inserted...
DB2 Database
1
File Sharing Lock Count Error -- ??
by: rdavis7408 | last post by:
I have a database that has a form that opens a report using date parameters. I have been using it for six months and last week I began to get the following Error Message: "File sharing lock...
Microsoft Access / VBA
21
HKEY_LOCAL_MACHINE Registry Access
by: Kevin Swanson | last post by:
I'm attempting some remote registry manipulation via C#. I've written a test app to simply grab a specified key from a specified hive on a specified machine. The call to OpenSubKey is throwing...
C# / C Sharp
3
Registry Key Orphan
by: eSolTec, Inc. 501(c)(3) | last post by:
Thank you in advance for any and all assistance. Is there a way to create a registry key, but orphan it from the program that created it? Reason: Create a key, but not associate it with the...
Visual Basic .NET
3
problem save and reading from the registry
by: Aussie Rules | last post by:
Hi, I want to store some data in the registry, however I have not been able to do this, and think my logic maybe flawed. Firstly I try to open the registry and read in any existing values....
Visual Basic .NET
6
Registry enigma - please help!
by: JOSII | last post by:
Getting a string of boolean value into and out of the registry is no problem. Here's the problem: Although you can place an object into the registry and retreive it, I need to place an ArrayList...
Visual Basic .NET
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!