Link to home
Start Free TrialLog in
Avatar of evilrix
evilrixFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Is it possible to obtain REGSAM value from a HKEY

When opening or creating a key in the Windows Registry using the WIN32 C API it is possible to specify the REGSAM as one of the arguments. This details the access rights to the key, but can also be used to set the "view", be it 32 bit or 64 bit. This is achieved by passing either KEY_WOW64_64KEY or KEY_WOW64_32KEY.

My question is this: given just a HKEY, is it possible to identify the original REGSAM value that was used to open that key? The program I am writing needs to be able to make this distinction and whilst I could "cache" the original REGSAM, it would be smarter and cleaner if there was a way (using WIN32 C API) to get these details.
Avatar of sarabande
sarabande
Flag of Luxembourg image
if i read the docs rightly you should be able to retrieve the needed info by 

PACL pSacl = NULL;
PSECURITY_DESCRIPTOR pSec_desc = NULL;
dwRes = GetNamedSecurityInfo(
       "MACHINE\\SOFTWARE\\ABCD",
       SE_REGISTRY_KEY,
       DACL_SECURITY_INFORMATION,
       NULL,
       NULL,
       NULL,
       &pSacl,
       &pSec_desc);

Open in new window


the valid keywords for the root are "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".

on success the pSacl might point to an access list that contains the access rights for the given key.

Sara
Avatar of evilrix
evilrix
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Sara, I'm really sorry. I've sort of moved past this issue (after not finding a solution) and I've just not had the time to take a look at your suggestion as it's no longer relevant to me. I probably should have closed this question if I'm being honest.

Anyway, if you're able to test this and confirm it works, I'm more than happy to take your word for it and mark it as the solution. Unfortunately, I just don't have the time right now.
Avatar of sarabande
sarabande
Flag of Luxembourg image
Rix, no bother at all. I just was looking for a C or C++ question which wasn't fully answered and since I remembered (vaguely) that I already tried to get an answer to your question some decades ago (probably with little success), I made a new attempt.

I will see whether I find time to make the test and will report on success.

Sara
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.