Directly querying the Mantis DB for Registry resource ownership

In a previous post we looked at how you can directly query the SQL DB's component tables for the owning component of a file resource.

However, If you wanted to query for the component owner of a registry key, change the query to this:

SELECT ExtendedProperties.StringValue, ComponentObjects.DisplayName FROM ExtendedProperties INNER JOIN ComponentObjects ON ComponentObjects.ComponentID = ExtendedProperties.OwnerID WHERE ExtendedProperties.StringValue LIKE '%SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize%' and Name = 'KeyPath' and ExtendedProperties.ResourceTypeID=2

The only difference between this and the query for the file resources is in the last line for the 'WHERE' clause. The Name = 'KeyPath' ensures wer'e looking at the correct portion of data within the key, this ExtendedProperties.ResourceTypeID=2 is also different. The Resource ID for a file type of resource is '1', the Resource ID for a registry related resource is '2'.

So as you can see that query above is just for a key path. If you're looking for registry data, change 'KeyPath' to 'RegValue' in the 'WHERE' clause. Here's an example for a query that returns most of the audio driver components:

WHERE ExtendedProperties.StringValue LIKE '%Aux Mute%' and Name = 'RegValue' and ExtendedProperties.ResourceTypeID=2

If you know the exact string to query for you can drop the '%' character, it may also reduce the time for SQL to return the results.

- Andy

Comments

• Anonymous
  June 02, 2009
  PingBack from http://patiochairsite.info/story.php?id=29737