如何获得甚至没有读取权限的注册表项的句柄

Question

I'm trying to call this function to take owner for a key.

[DllImport("Advapi32.dll", CharSet = CharSet.Auto)]
public extern static int SetSecurityInfo(IntPtr hKeySrc, SE_OBJECT_TYPE lpSubKey, SECURITY_INFORMATION securityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);

However, to call this function, I first need a handle to the key (IntPtr hKeysrc). Before I use these function to get the handle.

RegistryKey key = root.OpenSubKey(keyName);

private static IntPtr GetRegistryKeyHandle(RegistryKey registryKey)
    {
        IntPtr ret = IntPtr.Zero;
        try
        {
            Type registryKeyType = typeof(RegistryKey);

            System.Reflection.FieldInfo fieldInfo =
            registryKeyType.GetField("hkey", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance);

            SafeHandle handle = (SafeHandle) fieldInfo.GetValue(registryKey);
            ret = handle.DangerousGetHandle();
        }
        catch (Exception ex)
        {
            LogError("GetRegistryKeyHandle ERROR:" + ex.ToString());
        }
        return ret;
    }

But now the key that I'm targeting only has permission to System account!

When I try to open permissions in regedit for the key, I get the error You do not have permission to view the current permission settings, but you can make permission changes.

I don't even have read permission to the key. Then the method I used to get handle will failed with unauthorized error.

How can I get a handle to the key in this case? Actually, regedit can do it. So I think there may an API can do it. But I don't know which API to call.

Answer 1

@HarryJohnston got the right solution.

1. Enable SeTakeOwnershipPrivilege
2. Open the key for WRITE_OWNER access