Bug: RegAlyzer 1.5.5 endless loop on Vista 64bit in Wow6432Node

[Pythagoras]

Hi,

i just installed RegAlyzer 1.5.5.0 on Vista Ultimate 64bit.
It is a really nice "tool" but i run into problems.
When I search the registry following happens:

The search proceeds normally until
HKEY_LOCAL_MACHINE\SOFWATRE\Wow6432Node\
In this tree it starts looping so the Keys read like
HKEY_LOCAL_MACHINE\SOFWATRE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node....

It seems like it is still proceeding within this tree because there are repeated findings.


============

According to the website: http://rikkus.info/wow6432node.html

The cause might be: "Those who have had anything to do with 64 bit Windows will probably laugh at me, but I’d never heard of Wow6432Node. It seems that 32 bit applications don’t read from the part of the registry they normally would (in 32 bit Windows). When they try to read from HKLM\Software\X, they are silently redirected to HKLM\Software\Wow6432Node\X."

============

Summary: If RegAlyzer is 32bit and tries to recurse into subtree "HKLM\Softwarte\Wow6432Node" it is automatically redirected to " HKLM\Softwarte\Wow6432Node\Wow6432Node "
Enumeration is not working on the Wow6432Node.
Google returns a lot of discussions and information about this.

=============

Besides the search problem the question is if editing the registry also suffers from this redirections for 32bit registry access.

==

I can test on Vista 64bit if you find a solution.

[PepiMK]

Hmmm...
That sounds a bit like the search would already operate on the 64 bit part, while the display is still 32 bit only...

32 bit applications shouldn't even see the Wow6432Node entry... that is only visible from 64 bit to see the 32 bit part... or is it both ways on Vista? Need to restore my boot manager to be able to boot into Vista again to check this

[Pythagoras]

Hi,

are there any plans to fix this midterm?

Bye, Pythagoras.

[PepiMK]

As soon as the next Spybot-S&D version is out, which should be quite soon

[PepiMK]

Hmmmm... I just took a look, then rembered I took a look before and couldn't reproduce it!
Main reason is that the Wow6432Node key only gets seen by 64 bit applications to watch the 32 bit part, but not vice versa. So unless I would've added 64 bit support already, this shouldn't happen at all.
I'll use the chance of working on it to make a more general update to 64 bit reading then, because only then the error you described would appear (wonder how you could see it then :D ).

See this new issue) for progress.