Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for October, 2022

Get registry key name from a handle

RegeditSometimes it can be useful to determine what registry key belongs to a registry key handle. And exampling is when hooking RegQueryValue so you can determine the registry key that a value belongs to instead of having to track the registry key when it’s opened.

To obtain the registry key we can pass a handle to the NtQueryKey API with which has the following signature:

To get the keyname we need to pass the KeyNameInformation enum and we can set the ReturnLength parameter to 0 to obtain the required buffer size:


  • Filed under: C#, Uncategorized
  • Sometimes I want to download a video from a website for offline usage, for example when I want to watch it whilst travelling.

    Most video websites don’t want you do download videos as they of course want to show their ads and receive the clicks. I am not discussing the legal side here, up to you to check if it’s legally allowed to download the video you’re interested.

    A very common way to make direct downloading of a video more difficult is to cut a video in many small video files (.ts files). Here’s an example screenshot of the Chrome developer view whilst playing a video from a popular Dutch website called Dumpert, filtering on .ts:

    Screenshot of the Chrome Developer View showing a list of files downloaded, filtered on .ts files

    You can of course manually download al the .ts files and re-encode them to a single video file but it would be a lot of work.

    The most common way to do this automatically is to use a browser extension or a separate application but in many cases they are either ridden with ads or malware.

    So let’s see if we can do this ourselves.

    We will need the following tools:

    Just the 2 binaries will work, in my case (Windows) youtube-dl.exe and ffmpeg.exe which can you place in the same folder.

    I am using the following video in this example:


    In my lab I have deployed Office 2019 to an Windows 2019 VM to do some testing with Citrix Virtual Apps and Desktops.

    The proper way to do this is to customize the Office installation using the Office Deployment Tool (ODT). The page even lists an example containing a value to accept the EULA.

    I didn’t do that, I just installed it manually (I know.) and upon first launch of any of the Office components I would always get this EULA nag screen:

    Microsoft Office EULA nag screen

    So how do you get rid of this nag screen if you didn’t use ODT?

    To figure that out I started Outlook whilst I ran SysInternals Process Monitor with the following Filters configured:

    • Process Name is outlook.exe
    • Path contains license, eula or registration:

    Screenshot of the Process Monitor Filter dialog showing Process Name is outlook.exe and Path contains license, eula or registration

    What I was looking for was (ideally) a registry key or value that was global to all users (so in HKLM) and for all Office components. And from the Procmon trace this Value seemed a good candidate:

    Showing that outlook.exe attempts to read the following value: HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\AcceptAllEulas