Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: Windows registry
I wanna read SAM subkeys on Windows 7 using this code
int retVal = RegLoadKey(HKEY_LOCAL_MACHINE, "SAM_AUX", @"E:\Auxiliar Registry\SAM");
    RegistryKey accountKeys = Registry.LocalMachine.OpenSubKey(@"SAM_AUX\SAM\Domains\Account\Users\Names", false);
But I always receive Acces Denied, and I can't view SAM subkeys using regedit. What could be the problem?
 
Thanks
Posted 24-Jun-13 8:28am
Comments
Ron Beyer at 24-Jun-13 13:31pm
   
Is your application running with administrator privileges?
Gabi Cea at 24-Jun-13 14:02pm
   
I think so. I had have a manifest to indicate that the application have to run with administrator privileges, but it doesn't work. Is normal that I can't view SAM subkeys on windows registry?
Andrew Cherednik at 25-Jun-13 1:49am
   
What happens if you right click on your application and select "Run As Administrator"?
Gabi Cea at 25-Jun-13 13:02pm
   
It happens the same. If I open regedit just after the error, and right click on SAM_AUX hive, I can change it the permissions, and then, re-execute the application and it working right. The problem if I load another SAM, the problem come back, and I have to change SAM permission every time I load it...
Andrew Cherednik at 25-Jun-13 20:01pm
   
I have a chunk of code that I use in my application to change the permission of a registry key. It is Win32 C. If interested I can post it here
Gabi Cea at 26-Jun-13 12:58pm
   
Of course. Maybe, your code could help me to solve my problem.

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

If you need to Add "Everyone" to a registry key's Permissions you can use the following chunk of code (this is a "very old code". It was written back in the ages where we had to support Win95/98 clients together with Win2k/WinXP clients. You may need to adjust the code to statically link to the functions that are used by GetProcAddress below):
 
typedef BOOL(WINAPI* AllocateAndInitializeSidType)(
  PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, // authority
  BYTE nSubAuthorityCount,                        // count of subauthorities
  DWORD dwSubAuthority0,                          // subauthority 0
  DWORD dwSubAuthority1,                          // subauthority 1
  DWORD dwSubAuthority2,                          // subauthority 2
  DWORD dwSubAuthority3,                          // subauthority 3
  DWORD dwSubAuthority4,                          // subauthority 4
  DWORD dwSubAuthority5,                          // subauthority 5
  DWORD dwSubAuthority6,                          // subauthority 6
  DWORD dwSubAuthority7,                          // subauthority 7
  PSID *pSid                                      // SID
);
 
typedef DWORD(WINAPI* SETENTRIESINACL)(
  ULONG cCountOfExplicitEntries,           // number of entries
  PEXPLICIT_ACCESS pListOfExplicitEntries, // buffer
  PACL OldAcl,                             // original ACL
  PACL *NewAcl                             // new ACL
);
 
typedef BOOL(WINAPI* InitializeSecurityDescriptorType)(
  PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD
  DWORD dwRevision                          // revision level
);
 
typedef LONG(WINAPI* REGSETKEYSECURITY)(
  HKEY hKey,                                // handle to key
  SECURITY_INFORMATION SecurityInformation, // request
  PSECURITY_DESCRIPTOR pSecurityDescriptor  // SD
);
 
typedef BOOL(WINAPI* SetSecurityDescriptorDaclType)(
  PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD
  BOOL bDaclPresent,                        // DACL presence
  PACL pDacl,                               // DACL
  BOOL bDaclDefaulted                       // default DACL
);
 
typedef PVOID(WINAPI* FreeSidType)(
  PSID pSid   // SID to free
);
 
BOOL SetRegFullAccessPermission(HKEY hKey)
{
  DWORD dwRes = ERROR_SUCCESS;
  BOOL bRet = TRUE;
  PSID pEveryoneSID = NULL;
  PACL pACL = NULL;
  PSECURITY_DESCRIPTOR pSD = NULL;
  EXPLICIT_ACCESS ea[1];
  SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
  TCHAR szErr[1024] = {0};
  int i = 0;
  TCHAR szSubKey[1024] = {0};
  HMODULE hDll = NULL;
  AllocateAndInitializeSidType AllocateAndInitializeSidFunc;
  SETENTRIESINACL SetEntriesInAclFunc;
  InitializeSecurityDescriptorType InitializeSecurityDescriptorFunc;
  REGSETKEYSECURITY RegSetKeySecurityFunc;
  SetSecurityDescriptorDaclType SetSecurityDescriptorDaclFunc;
  FreeSidType FreeSidFunc;
 
  OSVERSIONINFO versionInfo = {0};
  versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
 
  GetVersionEx(&versionInfo);
 
  if(versionInfo.dwPlatformId != VER_PLATFORM_WIN32_NT)
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  hDll = LoadLibrary(_T("advapi32.dll"));
 
  if(hDll == NULL)
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(AllocateAndInitializeSidFunc =(AllocateAndInitializeSidType)GetProcAddress(hDll, _T("AllocateAndInitializeSid"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(SetEntriesInAclFunc =(SETENTRIESINACL)GetProcAddress(hDll, _T("SetEntriesInAclA"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(InitializeSecurityDescriptorFunc =(InitializeSecurityDescriptorType)GetProcAddress(hDll, _T("InitializeSecurityDescriptor"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(SetSecurityDescriptorDaclFunc =(SetSecurityDescriptorDaclType)GetProcAddress(hDll, _T("SetSecurityDescriptorDacl"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(RegSetKeySecurityFunc =(REGSETKEYSECURITY)GetProcAddress(hDll, _T("RegSetKeySecurity"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(FreeSidFunc =(FreeSidType)GetProcAddress(hDll, _T("FreeSid"))))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  // Create a well-known SID for the Everyone group.
  if(!(*AllocateAndInitializeSidFunc)(&SIDAuthWorld, 1, SECURITY_WORLD_RID,
                  0, 0, 0, 0, 0, 0, 0, &pEveryoneSID))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  // Initialize an EXPLICIT_ACCESS structure for an ACE.
  // The ACE will allow Everyone read access to the key.
  ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
  ea[0].grfAccessPermissions = KEY_ALL_ACCESS;
  ea[0].grfAccessMode = SET_ACCESS;
  ea[0].grfInheritance= NO_INHERITANCE;
  ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
  ea[0].Trustee.ptstrName  =(LPTSTR) pEveryoneSID;
 
  dwRes =(*SetEntriesInAclFunc)(1, ea, NULL, &pACL);
  if(ERROR_SUCCESS != dwRes)
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  // Initialize a security descriptor.
  pSD =(PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
  if(pSD == NULL)
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  if(!(*InitializeSecurityDescriptorFunc)(pSD, SECURITY_DESCRIPTOR_REVISION))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  // Add the ACL to the security descriptor.
  if(!(*SetSecurityDescriptorDaclFunc)(pSD, TRUE, pACL,  FALSE))
  {
    bRet = FALSE;
    goto SAFE_EXIT;
  }
 
  //Set the security descriptor
  dwRes =(*RegSetKeySecurity)(hKey, DACL_SECURITY_INFORMATION, pSD);
  if(dwRes == ERROR_SUCCESS)
    bRet = TRUE;
  else
  {
    ASSERT(FALSE);
    bRet = FALSE;
  }
 
SAFE_EXIT:
  if(pEveryoneSID)
    (*FreeSidFunc)(pEveryoneSID);
  if(pACL)
    LocalFree(pACL);
  if(pSD)
    LocalFree(pSD);
  if(hDll)
    FreeLibrary(hDll);
 
  return bRet;
}
  Permalink  
Comments
Gabi Cea at 27-Jun-13 6:11am
   
A lot of thanks. I will test my code with your solution and I will tell you if it works or not.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 280
1 Jochen Arndt 150
2 Kornfeld Eliyahu Peter 120
3 PIEBALDconsult 110
4 Richard MacCutchan 105
0 OriginalGriff 6,055
1 DamithSL 4,621
2 Maciej Los 4,087
3 Kornfeld Eliyahu Peter 3,500
4 Sergey Alexandrovich Kryukov 3,294


Advertise | Privacy | Mobile
Web02 | 2.8.141220.1 | Last Updated 26 Jun 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100