SetNamedSecurityInfo for a 64Bit registry key from a 32Bit Process
Question
I am trying to use SetNamedSecurityInfo from a 32Bit application to set ACLs for a 64Bit registry key. Due to SetNamedSecurityInfo limitation that has only KEY_WOW64_32KEY flag this is not possible.
Copy paste from some post on MSDN: No way to access 64-bit registry keys in WOW64
Note: When getting or setting the ACLs in the registry using SetNamedSecurityInfo or GetNamedSecurityInfo there is no way to access the 64-bit registry keys from a 32-bit DLL or EXE. A new SE_OBJECT_TYPE named SE_REGISTRY_WOW64_64KEY is needed that sets KEY_WOW64_64KEY in NTMARTA.DLL.
This means, for example, there is no way to create a 32/64bit agnostic SETUP.EXE that can adjust registry security settings during an installation. The workaround is to create a 64-bit DLL or EXE and distribute bot
My Question: There is any workaround to solve this problem without creating a 64Bit application?
1 answers
solution1
0 2014-11-15 01:58:03
Use SetSecurityInfo instead:
HKEY hSecKey;
if( RegOpenKeyEx( hHive, Subkey.c_str(), 0, ACCESS_SYSTEM_SECURITY | KEY_WOW64_64KEY, &hSecKey ) != ERROR_SUCCESS )
return;
SetSecurityInfo(hSecKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pDacl, NULL);
You have to obtain SE_SECURITY_NAME privilege first to open a key with ACCESS_SYSTEM_SECURITY.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.