My question: Is it possible to edit a registry key's value when it was created using a custom security descriptor? Do I need to call RegSetKeyValueEx with a SECURITY_ATTRIBUTES structure? If not, then I would need to delete the key then recreate it.
I am attempting to edit(or delete then rewrite) a registry key value but its not working. Some important information is that I created the registry key with a custom Security Descriptor. The custom security descriptor only has the KEY_READ Registry Key Security and Access Rights set.
But I cant even delete the key because of its ACL security descriptor. This is a problem because when I uninstall I wont even be able to delete the registry key then either. The reason why I create the registry key with a custom security descriptor is so the user cant change it accidentally or on purpose. The key tells me if my application has run before.
Does anyone know how I can edit/delete a registry key of this type?
My code(that attempts to edit my key and shows how I created the key in the first place):
// Code to change key value
LONG lResult = RegOpenKeyEx(HKEY_CURRENT_USER, _T("Software/MyApplication"), 0, KEY_READ, &hKey);
LONG setValueRes = RegSetValueEx(hKey, _T("FirstRunSignafier"), 0, REG_DWORD, (LPBYTE) &firstRunSignafierValue,
(DWORD) sizeof(firstRunSignafierValue));
// Error Value of setValueRes is 5. lResult succeeds
// Code that creates the registry key
int recordFirstApplicationRun()
{
tstring REG_FIRST_RUN_SIGNIFIER = _T("Software\\MyApplication");
HKEY hKey;
LONG lResult;
int res = 1;
DWORD dwValue, dwType, dwSize = sizeof(dwValue);
DWORD firstRunSignafierValue = 1;
DWORD keyAlreadyExists; // Two potential values: REG_CREATED_NEW_KEY or REG_OPENED_EXISTING_KEY
PSID pEveryoneSID = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
SECURITY_ATTRIBUTES secAttr;
createSecurityAttributes(&secAttr, pEveryoneSID, pACL, pSD);
LONG createRes = RegCreateKeyEx(HKEY_CURRENT_USER, ®_FIRST_RUN_SIGNIFIER[0], 0, NULL, REG_OPTION_NON_VOLATILE,
KEY_WRITE|KEY_WRITE, &secAttr, &hKey, &keyAlreadyExists);
if (createRes != ERROR_SUCCESS) {
//_tprintf(_T("Failed to create key: Last Error: %x, Return Val: %x\n"), GetLastError(), createRes);
CPP_Utilities::outputLastError("Failed to create key");
res = -1;
goto Cleanup;
}
//CPP_Utilities::outputLastErrorEx( (keyAlreadyExists == REG_CREATED_NEW_KEY) ? _T("Created new registry key"):_T("Registry key already exists") );
_tprintf( (keyAlreadyExists == REG_CREATED_NEW_KEY) ? _T("Created new registry key\n"):_T("Registry key already exists\n") );
// To Write a DWORD to the registry
LONG setValueRes = RegSetValueEx(hKey, _T("FirstRunSignafier"), 0, REG_DWORD, (LPBYTE) &firstRunSignafierValue,
(DWORD) sizeof(firstRunSignafierValue));
if (setValueRes != ERROR_SUCCESS) {
_tprintf(_T("B: %X\n"), setValueRes);
CPP_Utilities::outputLastError("Failed to set registry value");
res = -2;
goto Cleanup;
}
Cleanup:
if (pEveryoneSID)
FreeSid(pEveryoneSID);
if (pACL)
LocalFree(pACL);
if (pSD)
LocalFree(pSD);
if (hKey)
RegCloseKey(hKey);
return res;
}
int createSecurityAttributes(SECURITY_ATTRIBUTES* secAttr, PSID pEveryoneSID, PACL pACL, PSECURITY_DESCRIPTOR pSD)
{
// Pre: Memory release for parameters MUST be handled by caller
EXPLICIT_ACCESS ea;
DWORD dwRes;
/*PSID*/ pEveryoneSID = NULL;
/*PACL*/ pACL = NULL;
/*PSECURITY_DESCRIPTOR*/ pSD = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
// Create a well-known SID for the Everyone group.
if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) {
_tprintf(_T("AllocateAndInitializeSid Error %u\n"), GetLastError());
CPP_Utilities::outputLastError("AllocateAndInitializeSid Error");
return -1;
}
// Initialize an EXPLICIT_ACCESS structure for an ACE. The ACE will allow Everyone read access to the key.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = KEY_READ;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID;
// Create a new ACL that contains the new ACEs.
dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
if (ERROR_SUCCESS != dwRes) {
_tprintf(_T("SetEntriesInAcl Error %u\n"), GetLastError());
CPP_Utilities::outputLastError("SetEntriesInAcl Error");
return -2;
}
// Initialize a security descriptor.
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (NULL == pSD) {
_tprintf(_T("LocalAlloc Error %u\n"), GetLastError());
CPP_Utilities::outputLastError("LocalAlloc Error");
return -3;
}
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
_tprintf(_T("InitializeSecurityDescriptor Error %u\n"), GetLastError());
CPP_Utilities::outputLastError("InitializeSecurityDescriptor Error");
return -4;
}
// Add the ACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
_tprintf(_T("SetSecurityDescriptorDacl Error %u\n"), GetLastError());
CPP_Utilities::outputLastError("SetSecurityDescriptorDacl Error");
return -5;
}
// Initialize a security attributes structure.
secAttr->nLength = sizeof (SECURITY_ATTRIBUTES);
secAttr->lpSecurityDescriptor = pSD;
secAttr->bInheritHandle = FALSE;
return 1;
}
