1

I've recently been working on a very nice Registry Editor.

However, certain Registry keys, pointed out below in Regedit, will not show up in my program, as they raise an error of insufficient privileges when opened, and so are caught by error handling and skipped:

Regedit:

Registry 1

My program:

Registry 2

As you can see, the SECURITY key is missing, and the SAM key is not expandable, even though I am running the program with administrator privileges.

This can obviously be fixed by making fake keys and putting them there, and just displaying an empty default value for them, however that isn't a concrete solution, just a way to make it seem to the user as if the issue is solved.

I was wondering if there is a way to fix the issue in a concrete way, or in other words, to receive registry access to those keys?

All they display is an empty default value any way, including the expandable SAM key - it just has a subkey named 'SAM' with an empty default value as well.

However, to the user, it's much better if the program displays exactly as in Regedit, as it means that it's a fully functional piece of software.

Thanks for the help.

Edit (code included):

public static void TreeViewItemExpanded(TreeViewItem sender)
        {
            if (sender.Items[0] is string)
            {
                sender.Items.Clear();

                RegistryKey expandedKey = (RegistryKey)sender.Tag;

                foreach (string key in expandedKey.GetSubKeyNames().OrderBy(x => x)) try { sender.Items.Add(CreateTreeViewItem(expandedKey.OpenSubKey(key))); } catch { }
            }
        }

        private static TreeViewItem CreateTreeViewItem(RegistryKey key)
        {
            TreeViewItem treeViewItem = new TreeViewItem() { Header = new RegistryEditor_RegistryStructure_TreeView() { Name = Path.GetFileName(key.ToString()) }, Tag = key };

            try { if (key.SubKeyCount > 0) treeViewItem.Items.Add("Loading..."); } catch { }

            return treeViewItem;
        }
Improve this question

2 Answers 2

Reset to default
1

You did not supply sample code to your routine, but I have a suspision that you are using a default registry security descriptor.

You can specify a security descriptor for a registry key when you call the RegCreateKeyEx or RegSetKeySecurity function.

When you call the RegOpenKeyEx function, the system checks the requested access rights against the key's security descriptor. If the user does not have the correct access to the registry key, the open operation fails. If an administrator needs access to the key, the solution is to enable the SE_TAKE_OWNERSHIP_NAME privilege and open the registry key with WRITE_OWNER access.

This information is taken from: MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724878(v=vs.85).aspx

In C# You should be using the Registery Permission Class https://msdn.microsoft.com/en-us/library/system.security.permissions.registrypermission(v=vs.110).aspx

A good example of how to handle Registry Permissions can be found here: https://msdn.microsoft.com/en-us/library/microsoft.win32.registrykey.setaccesscontrol(v=vs.110).aspx

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I've edited to include code used whenever keys are expanded, and so created. I am using RegistryKey.OpenSubKey(subkey) How can I use RegCreateKeyEx?
@Aleksbgbg I added a couple more links which explains how you can handle Registry Security in .NET. The 3rd link show an example in C# which should help you. Good luck!
0

you need enable SE_RESTORE_PRIVILEGE and SE_BACKUP_PRIVILEGE and use RegOpenKeyEx or ZwOpenKeyEx with REG_OPTION_BACKUP_RESTORE flag (but this will be work only begin from Windows 7 and later versions of Windows)

If this flag is set, the function ignores the samDesired parameter and attempts to open the key with the access required to backup or restore the key. If the calling thread has the SE_BACKUP_NAME privilege enabled, the key is opened with the ACCESS_SYSTEM_SECURITY and KEY_READ access rights. If the calling thread has the SE_RESTORE_NAME privilege enabled, beginning with Windows Vista, the key is opened with the ACCESS_SYSTEM_SECURITY, DELETE and KEY_WRITE access rights. If both privileges are enabled, the key has the combined access rights for both privileges.

for example

#define LAA(se) {{se},SE_PRIVILEGE_ENABLED|SE_PRIVILEGE_ENABLED_BY_DEFAULT}
#define BEGIN_PRIVILEGES(tp, n) static const struct {ULONG PrivilegeCount;LUID_AND_ATTRIBUTES Privileges[n];} tp = {n,{
#define END_PRIVILEGES }};

ULONG AdjustBackupRestore()
{
    HANDLE hToken;
    if (OpenProcessToken(NtCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
    {
        BEGIN_PRIVILEGES(tp, 2)
            LAA(SE_RESTORE_PRIVILEGE),
            LAA(SE_BACKUP_PRIVILEGE),
        END_PRIVILEGES

        AdjustTokenPrivileges(hToken, FALSE, (::PTOKEN_PRIVILEGES)&tp, 0, 0, 0);
        ULONG err = GetLastError();
        CloseHandle(hToken);

        return err;
    }

    return GetLastError();
}

if (!AdjustBackupRestore())//called once on startup
{
    HKEY hKey;
    if (!RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SECURITY\\SAM", REG_OPTION_BACKUP_RESTORE|REG_OPTION_OPEN_LINK, 0, &hKey))
    {
        RegCloseKey(hKey);
    }
}

however for get full power for registry editor/viewer I be use native api

enter image description here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.