Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1239
  • Last Modified:

RegUnLoadKey Fails with error code 1314 even with correct privs

Hello,

I have a function that successfully grants me the SeRestorePrivilege and SeBackupPrivilege privileges.
 I can successfully load an offline registry hive with the following code:

hiveLoaded = RegLoadKey(HKEY_LOCAL_MACHINE, L"ABOH_HIVE", L"H:\WINDOWS\system32\config\software");

and then I revoke the privileges, without errors.

Next, I grant myself the same privileges, and try to unload the registry hive, as follows:

hiveUnloaded = RegUnLoadKey(HKEY_LOCAL_MACHINE, L"ABOH_HIVE");

but it always fails with an error code of 1314, which says that I am lacking some privileges.
I have the same two privileges that I used to load.  According to MS documentation, they
should be all I need, so I am at a loss as to what to try next and would really appreciate
your help.
 

The environment is VS2008 C++, Vista Ultimate 32-bit, and everything is current. I have a solution
that contains two projects: A CLR DLL and a VB.NET application for testing the DLL. Although it
sounds complex, the registry code is in an unmanaged class that I've created.  I have another
managed class, which I am using in a VB.NET application to test this code.  The final product
will be a CLR DLL.  I have enabled adminstrator in the VB.NET manifest.  I don't have a manifest
for the DLL, but I don't think that it needs one. I am running VS2008 as Administrator.
All of this stuff is working properly and is based
upon templates that I've created for mixing managed and unmanaged code.  Help!  :)


Thanks,

Mike
0
mjgardne
Asked:
mjgardne
  • 2
  • 2
1 Solution
 
itsmeandnobodyelseCommented:
>>>> L"H:\WINDOWS\system32\config\software"
I wonder why that should work? You need double backslashes in the path for  the location.

>>>> and then I revoke the privileges, without errors.
Did you try without revoking priviliges between loading and unloading?

AFAIK, there are security attributes stored with any registry key. I don't know how you do the 'granting' and 'revoking', but if you would revoke some more privileges by accident (e. g. priviliges which were dependent on SeRestorePrivilege and SeBackupPrivilege) then the situation before RegLoadKey and RegUnLoadKey actually is not the same.

If that doesn't help, you might try to have a longer pause between loading and unloading.

Note, the registry has some deferred actions on operations, e. g. a deferred refresh of the cache used for starting new processes. These pending operations could prevent you from unloading, similar to that you can't delete a file while the  filesystem still has access to it.


0
 
jkrCommented:
>>Next, I grant myself the same privileges, and try to unload the registry hive

How are you doing that? If you grant privileges to an account, the account needs to log off and back on in order for these privileges to take effect.
0
 
mjgardneAuthor Commented:
Wow!  Thank you for your help!  I corrected the file path and then removed the revoking of privs until the end of working on the hive... and all is well!  So, I think that the issue is probably what you've mentioned...  In my test code, I loaded and then immediately unloaded the hive, which may have been happening too quickly.  Anyway, my application will work properly with these changes.  Thanks again for your help!

Mike
0
 
mjgardneAuthor Commented:
Oh, by the way...  When I only changed the fle path, it did not affect this issue, but it did affect what was loaded into the hive.  With the incorrect path, the key was made in the hive, but no subkeys were loaded from the file.  With the correct path, the key and subkeys were properly loaded.
0
 
itsmeandnobodyelseCommented:
>>>> With the incorrect path, the key was made in the hive

Yes, the key was the only information left when loading from file failed ...

I am glad that I could have helped ;-)

Regards, Alex
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now