Python _winreg key path incorrect

Question

When I try reading a value from this key, the proper value of this key is not returned, but instead I get a different key path's value?

import _winreg as wreg
key = wreg.OpenKey(wreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run")
print(wreg.EnumValue(key, 0))

And the output:

('SunJavaUpdateSched', u'"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe"', 1)

But this value is not part of the key I used? This value is not located at this key I should of got a different value. I searched of where the value is located of the incorrect value on RegEdit and its located at

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

When I use command prompt

REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And I get the proper output...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray    REG_SZ    "C:\Windows\system32\igfxtray.exe"
HotKeysCmds    REG_SZ    "C:\Windows\system32\hkcmd.exe"
Persistence    REG_SZ    "C:\Windows\system32\igfxpers.exe"

Then I would try using os.popen on python...

import os
buff = os.popen("REG QUERY HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run")
print(buff.read())

And the output

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched    REG_SZ    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Why are these different? How can I get the correct value using _winreg?

Answer 1

On WOW64, 32-bit applications view a registry tree that is separate from the registry tree that 64-bit applications view. Registry reflection copies specific registry keys and values between the two views.

You should disable registry reflection.

_winreg.DisableReflectionKey()
# Do stuff ...
# ...
# ...
_winreg.EnableReflectionKey()