I got a job from my leader about backup and restore system state of our company's handheld products which are using Windows Mobile 6.1. So, I start to study the Windows Mobile system architecture for the knowledge to backup the system.
This post is a study notes about the registry system in Windows Mobile.
Registry Type: RAM-base and HIVE-base
There are two types registry provides by Window CE: RAM-base and HIVE base.
RAM-base Registry means the registry keeps in Object-Stored. Of course when system shutting down, the data in RAM will lost. So OEM need to implement the architecture to save and restore the registry to/from storage when system shutdown and start up.
HIVE-base Registry means the registries are saved in file system in HIVE file (like other Windows systems). There are three HIVE files in mobile system: boot hive, system hive and user hive.
Important: Windows Mobile 6.X only support HIVE-base registry.
Boot Hive, System Hive and User Hive
Boot hive stored in ROM and will be loaded when system startup (by filesys.dll). It contents the registry roots: HKEY_CLASS_ROOT, HKEY_LOCAL_MACHINE and HKEY_USERS. Once the boot.hv has been loaded, the filesys.dll will locate and load the system hive from registry [HKLM]\init\SystemHive. Once the system hive has been loaded, the boot.hv is discarded (OEM can define the system hive location and file name in his OS design).
System hive provides the same registry roots as boot hive. Any modification about those registry roots will stored in system hive (boot hive in ROM will not change unless perform ROM upgrade).
User hive contents the registry for logon user (HKEY_CURRENT_USER). The location of the user hive can be specified in [HKLM]\init\ProfileDir, and the file name is "user.hv".
Signature link Hive in ROM and Hive in File System
When system created the hive on file system on clean boot, it keeps a signature (MD5 of hive in ROM) in the hive. When filesys.dll loads the hive file in file system, it will check if the signature is match. If not, filesys.dll will force to clean the hive in file system and create a new one for it.
Cause the hive in file system normally presents the changes of the hive in ROM, this mechanism used to ensure the hive is valid for current ROM image.
This mechanism fixed in filesys,dll and cannot be disabled.
Backup and restore system hive
To backup the system hive, you can use "RegSaveKey" API. Although the API parameter supports to input registry ROOT key for saving, but actually it save whole system hive when you input the HKLM, HKCR or their sub keys.
To restore the system hive, you can use "RegReplaceKey" API. Providing the file you got from "RegSaveKey" to this API, and the system will un-mount the system hive and replace it by your file. And then you need to reboot the system to re-mount the new system hive.
The procedure here is used only for HIVE-base registry, for RAM-base registry, you need to refer MSDN by youself.
Backup and restore user hive
Like backup system hive, you can use "RegSaveKey" API with HKCU or his sub-key to save whole user hive.
To restore the user hive, you need to logoff the current user by using "SetCurrentUser(NULL)" API, the logoff will close and release the user hive file. And then you can use "CopyFile" API to replace the "user.hv" as yours.
And then we can use "SetCurrentUser" again to login the user (re-mount user hive), or need to reboot the system? I don't know….
HIVE format
The book "Windows Internals" has chapter to descript the HIVE detail, I have not read it yet.
According the MSDN and the book, there are two types HIVE format has been used: Standard format (1.3) or lastest format (1.5), I don't know what's the format be used in Window Mobile "RegSaveKey" API. Need more study.
沒有留言:
張貼留言