Thread: REG_OPTION_BACKUP_RESTORE Problem

  1. 11-30-2005 #1
    mercury529
    mercury529 is offline
    Registered User
    Join Date
    Nov 2005
    Posts
    88

    REG_OPTION_BACKUP_RESTORE Problem

    I am copying registry keys using a function I created. I am making perfect copies of them(including their security descriptor info). To do this, I was required to open the keys using RegCreateKeyEx and REG_OPTION_BACKUP_RESTORE with the Backup and Restore Privileges enabled in order to gain access to registry keys that otherwise would have prohibited me from opening them. This works fine with almost every key I have encountered.

    However in Windows XP Pro, there is one key that is giving me tremendous trouble(tested on two seperate systems). It is HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Perflib. When I attempt to copy its subkey "009", I run into a problem. I am successfully able to enumerate the values in 009 and write them to my new key. However, when I try to GetSecurityInfo on the source key handle I used to enumerate its values, GetSecurityInfo returns ERROR_INVALID_HANDLE. I have tried only using the Backup privilege to see if the Restore privilege was causing the problem, but it did not work. It fails the same way using RegOpenKeyEx with READ_KEY | ACCESS_SYSTEM_SECURITY.

    Does anyone know why the GetSecurityInfo would see it as an invalid handle? Can anyone else test it in the same way and see if the result is the same? I noticed the HKEY value in the debugger is absolutely huge compared to most HKEYs(being very close to the HKEY values of HKEY_LOCAL_MACHINE).

    Thank you for any help/testing you can provide.

    Joe
    Last edited by mercury529; 11-30-2005 at 11:17 AM. Reason: Re-Tested and Found Incorrect Statement
  2. 12-01-2005 #2
    mercury529
    mercury529 is offline
    Registered User
    Join Date
    Nov 2005
    Posts
    88
    RegGetKeySecurity does NOT have the same problem with the handle that GetSecurityInfo does. I am attempting to use that. However I have no idea how to use the function, and cannot find any examples on it. I allocate the proper amount of memory needed for it with a new BYTE array of appropriate size. But if I try to pass the resulting structure to RegSetSecurityInfo, it causes an access violation.

    Does anyone know how to use RegGetKeySecurity? Thank you.

    Joe
  3. 12-01-2005 #3
    mercury529
    mercury529 is offline
    Registered User
    Join Date
    Nov 2005
    Posts
    88

    Resolved

    A little more light to shed on this weird topic. I was trying to find out how to successfully use RegGetKeySecurity(any information on this function would be wonderful. It is very poorly documented). I tried doing a call with the flags DACL_SECURITY_INFORMATION,GROUP_SECURITY_INFORMATI ON, OWNER_SECURITY_INFORMATION, SACL_SECURITY_INFORMATION but the result was a chunk of memory that was not considered a valid structure. So, I tried doing 4 separate calls, using only 1 flag at a time. The result was rather interesting.

    The first call completed successfully. The second call however failed with ERROR_INVALID_HANDLE. I looked at the value of the handle, and the HKEY parameter that is supposed to be exclusively an input, got modified. I saved a backup of the HKEY and used it instead of the altered HKEY. Sure enough, it was successful on the second call. The third and fourth work using this technique as well. I imagine the fact that the HKEY value is getting modified is a bug? What still confuses me is why RegEdit does not seem to have a problem getting the security descriptor when I go to Permissions.

    Once again, any help on RegGetKeySecurity would be most helpful. I assign each of the buffers I create to their respective pointer in the SECURITY_DESCRIPTOR structure. This works fine for DACL_SECURITY_INFORMATION and SACL_SECURITY_INFORMATION, but causes an invalid descriptor when I point Group and Owner to the memory I allocate for the GROUP_SECURITY_INFORMATION and OWNER_SECURITY_INFORMATION calls.

    Thank You,
    Joe

    EDIT: RESOLUTION

    I was able to successfully get the security descriptor using RegGetKeySecurity. I used all 4 flags at the same time(allocating the memory using LocalAlloc with the LPTR parameter). This successfully retrieved the security descriptor.

    Interestingly enough, when I try to edit the security descriptor on the key using RegEdit, I can sucessfully retrieve open the permissions screen, but when I attempt to make a change it tells me the handle is invalid. It would appear the call to RegGetKeySecurity corrupts the handle(like it did in the case I described above), and when RegEdit goes to use it for RegSetKeySecurity, it is using the corrupted HANDLE. Perflib/009 is a very very odd key.
    Last edited by mercury529; 12-01-2005 at 03:27 PM. Reason: New Information
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Need help understanding a problem
    By dnguyen1022 in forum C++ Programming
    Replies: 2
    Last Post: 04-29-2009, 04:21 PM
  2. Memory problem with Borland C 3.1
    By AZ1699 in forum C Programming
    Replies: 16
    Last Post: 11-16-2007, 11:22 AM
  3. Someone having same problem with Code Block?
    By ofayto in forum C++ Programming
    Replies: 1
    Last Post: 07-12-2007, 08:38 AM
  4. A question related to strcmp
    By meili100 in forum C++ Programming
    Replies: 6
    Last Post: 07-07-2007, 02:51 PM
  5. WS_POPUP, continuation of old problem
    By blurrymadness in forum Windows Programming
    Replies: 1
    Last Post: 04-20-2007, 06:54 PM