question of reading Registry through native api

OSR_Community_User · January 23, 2008, 2:18am

hi to all members
i want to resgistry value through native API . i got suceeded reading HKLM sections.
My code works. but now i want to read the "HKEY_CURRENT_USER" section. i read documentation. and found that i need to provide SID to access this section
so i did like this

“\registry\user\sid\test” : Sid -> is the current user sid:
and call this function

OBJECT_ATTRIBUTES objectAttr;
UNICODE_STRING test;
NTSTATUS st;
RtlInitUnicodeString(&m_Text, L"\registry\user\sid\test");
InitializeObjectAttributes(&objectAttr,&test, OBJ_CASE_INSENSITIVE, 0, 0);
st = ZwOpenKey(&m_Handle, KEY_ALL_ACCESS, &objectAttr);

but when i see the out put . and prints the error code. it says the “ERROR_BAD_PATHNAME 161” ie the path is invalid. do i need to load ntuser.dat or something like that to read this value. since i am able to read the HKML section.

can anybody provide any help
reagards

Loren_Wilton · January 23, 2008, 2:27am

> RtlInitUnicodeString(&m_Text, L"\registry\user\sid\test");

Is that really the literal you used, or did you type it here by hand?
You need to double the backslashes.

Loren

OSR_Community_User · January 23, 2008, 3:31am

hi loren thanks for the reply
i typed it here. sorry for that typing mistake
RtlInitUnicodeString(&test, L"\registry\user\sid\test");

i have also initialized the registry with

NTSTATUS status = ZwInitializeRegistry(REG_INIT_BOOT_SM);

it returns success

regards

OSR_Community_User · January 23, 2008, 3:46am

is the current user sid>
I’m wondering who the current user during execution of BootExecutables
should be ?
I think that at this time there’s only the system hive alive.
You’re before writing the clone set to the registry and before loading the
win32 subsys.

Regards
ELse

|---------±-------------------------------->
| | xxxxx@yahoo.co.in|
| | Sent by: |
| | bounce-312416-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/23/2008 08:19 AM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>----------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: [ntdev] question of reading Registry through native api |
>----------------------------------------------------------------------------------------------------------|

hi to all members
i want to resgistry value through native API . i got suceeded reading HKLM
sections.
My code works. but now i want to read the “HKEY_CURRENT_USER" section. i
read documentation. and found that i need to provide SID to access this
section
so i did like this

”\registry\user\sid\test" : Sid -> is the current user sid:
and call this function

OBJECT_ATTRIBUTES objectAttr;
UNICODE_STRING test;
NTSTATUS st;
RtlInitUnicodeString(&m_Text, L"\registry\user\sid\test");
InitializeObjectAttributes(&objectAttr,&test, OBJ_CASE_INSENSITIVE, 0, 0);
st = ZwOpenKey(&m_Handle, KEY_ALL_ACCESS, &objectAttr);

but when i see the out put . and prints the error code. it says the
“ERROR_BAD_PATHNAME 161” ie the path is invalid. do i need to load
ntuser.dat or something like that to read this value. since i am able to
read the HKML section.

can anybody provide any help
reagards

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · January 23, 2008, 5:27am

hi thanks
i got your point ! but suppose if i have hard coded paths in the “text file” where i can store the path with the sid
like this
“\registry\user\ S-1-5-21-3010791503-3112820070-4134981414-1174\test”
and they try to open that in the native application by reading this file.

do you mean to say that this entry is not loaded when native applications run
if so then couild i load these settings in the native code.

regards

OSR_Community_User · January 23, 2008, 5:30am

one more thing

i am not getting the SID of the user when my native application runs. i am taking this sid from the text file

regards

Tim_Roberts · January 23, 2008, 12:59pm

xxxxx@yahoo.co.in wrote:

hi thanks
i got your point ! but suppose if i have hard coded paths in the “text file” where i can store the path with the sid
like this
“\registry\user\ S-1-5-21-3010791503-3112820070-4134981414-1174\test”
and they try to open that in the native application by reading this file.

And once again, are you aware that this has to be written like this?

“\registry\user\S-1-5-21-3010791503-3112820070-4134981414-1174\test”

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

OSR_Community_User · January 23, 2008, 9:28pm

I’m not sure that HKEY_USERS exists at this point in the boot process.
Have you tried opening “\registry\user\.DEFAULT?” Many fewer chances
for typos.

Good luck,

mm

xxxxx@yahoo.co.in wrote:

hi thanks
i got your point ! but suppose if i have hard coded paths in the “text file” where i can store the path with the sid
like this
“\registry\user\ S-1-5-21-3010791503-3112820070-4134981414-1174\test”
and they try to open that in the native application by reading this file.

do you mean to say that this entry is not loaded when native applications run
if so then couild i load these settings in the native code.

regards

Maxim_S_Shatskih · January 24, 2008, 11:34pm

> My code works. but now i want to read the "HKEY_CURRENT_USER" section. i

There is no notion of "current user’ for a native app.

LSA and WinLogon are not started yet, so, all code runs as LocalSystem.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com