SetNamedSecurityInfo用于32位进程中的64位注册表项
[英]SetNamedSecurityInfo for a 64Bit registry key from a 32Bit Process
问题描述
I am trying to use SetNamedSecurityInfo from a 32Bit application to set ACLs for a 64Bit registry key. 
我试图从32位应用程序使用SetNamedSecurityInfo来为64位注册表项设置ACL。 Due to SetNamedSecurityInfo limitation that has only KEY_WOW64_32KEY flag this is not possible. 由于SetNamedSecurityInfo的限制,只有KEY_WOW64_32KEY标志,这是不可能的。
Copy paste from some post on MSDN: No way to access 64-bit registry keys in WOW64 从MSDN上的某些帖子中复制粘贴:无法访问WOW64中的64位注册表项
Note: When getting or setting the ACLs in the registry using SetNamedSecurityInfo or GetNamedSecurityInfo there is no way to access the 64-bit registry keys from a 32-bit DLL or EXE. 注意:使用SetNamedSecurityInfo或GetNamedSecurityInfo获取或设置注册表中的ACL时,无法从32位DLL或EXE访问64位注册表项。 A new SE_OBJECT_TYPE named SE_REGISTRY_WOW64_64KEY is needed that sets KEY_WOW64_64KEY in NTMARTA.DLL. 需要一个名为SE_REGISTRY_WOW64_64KEY的新SE_OBJECT_TYPE,它可以在NTMARTA.DLL中设置KEY_WOW64_64KEY。
This means, for example, there is no way to create a 32/64bit agnostic SETUP.EXE that can adjust registry security settings during an installation. 例如,这意味着无法创建可在安装过程中调整注册表安全设置的32/64位不可知SETUP.EXE。 The workaround is to create a 64-bit DLL or EXE and distribute bot 解决方法是创建一个64位DLL或EXE并分发bot。
My Question: There is any workaround to solve this problem without creating a 64Bit application? 我的问题:有什么解决方法可以在不创建64Bit应用程序的情况下解决此问题?
1 个解决方案
解决方案1
0 2014-11-15 01:58:03
Use SetSecurityInfo instead: 使用SetSecurityInfo代替:
HKEY hSecKey;
if( RegOpenKeyEx( hHive, Subkey.c_str(), 0, ACCESS_SYSTEM_SECURITY | KEY_WOW64_64KEY, &hSecKey ) != ERROR_SUCCESS )
return;
SetSecurityInfo(hSecKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pDacl, NULL);
You have to obtain SE_SECURITY_NAME privilege first to open a key with ACCESS_SYSTEM_SECURITY. 您必须首先获得SE_SECURITY_NAME特权才能使用ACCESS_SYSTEM_SECURITY打开密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.