Watch, Follow, &
Connect with Us

Please visit our new home
community.embarcadero.com.


Welcome, Guest
Guest Settings
Help

Thread: RegOpenKeyExA


This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 4 - Last Post: Mar 29, 2018 11:00 AM Last Post By: Ivar Suneson Threads: [ Previous | Next ]
Ivar Suneson

Posts: 3
Registered: 1/18/14
RegOpenKeyExA  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 24, 2018 9:24 AM
I use C++ Builder XE7
I am migrating an application from Borland C++ 5.1 (yes, very old, 1995) to XE7
I want to edit the registry.
I use identical code in the old and the new XE7 and I start with opening the key
rc = RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SOFTWARE",0,KEY_READ|KEY_SET_VALUE,&hk);
In BC++ it works fine.
In XE7 rc says ERROR_ACCESS_DENIED
How is this possible? I obviously have the rights since it works in BC++ but I have checked.
Can anyone explain this?
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: RegOpenKeyExA  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 26, 2018 10:06 AM   in response to: Ivar Suneson in response to: Ivar Suneson
Ivar Suneson wrote:

I use C++ Builder XE7

Then why are you using ANSI functions? You should be using Unicode
functions instead.

I use identical code in the old and the new XE7 and I start with
opening the key

rc =
RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SOFTWARE",0,KEY_READ|KEY_SET_VALUE,&
hk);

Why are you opening the "Software" key directly, and not a subkey?
There are no values stored in the "Software" key itself, only in
subkeys.

In BC++ it works fine. In XE7 rc says ERROR_ACCESS_DENIED

How is this possible?

That has nothing to do with your code. The Win32 API works exactly the
same way regardless of which compiler you use.

The error message means that your XE7 app is not running as an elevated
admin user who has write access to HKLM. Your BC++ app must be running
as an elevated admin, though.

BC++ doesn't support UAC manifests, so I'm guessing that you are
manually running the BC++ app as an admin, either by right-clicking on
the EXE and choosing "Run as Administrator", or running the EXE inside
an elevated console/IDE process, or the like.

--
Remy Lebeau (TeamB)
Ivar Suneson

Posts: 3
Registered: 1/18/14
Re: RegOpenKeyExA  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 28, 2018 12:55 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Ivar Suneson wrote:

I use C++ Builder XE7

Then why are you using ANSI functions? You should be using Unicode
functions instead.

I use identical code in the old and the new XE7 and I start with
opening the key

rc =
RegOpenKeyExA(HKEY_LOCAL_MACHINE,"SOFTWARE",0,KEY_READ|KEY_SET_VALUE,&
hk);

Why are you opening the "Software" key directly, and not a subkey?
There are no values stored in the "Software" key itself, only in
subkeys.

In BC++ it works fine. In XE7 rc says ERROR_ACCESS_DENIED

How is this possible?

That has nothing to do with your code. The Win32 API works exactly the
same way regardless of which compiler you use.

The error message means that your XE7 app is not running as an elevated
admin user who has write access to HKLM. Your BC++ app must be running
as an elevated admin, though.

BC++ doesn't support UAC manifests, so I'm guessing that you are
manually running the BC++ app as an admin, either by right-clicking on
the EXE and choosing "Run as Administrator", or running the EXE inside
an elevated console/IDE process, or the like.

--
Remy Lebeau (TeamB)

You are right.
Thank you.
Most installation programs, including Wise which I use, write information to the Registry.
How can they do that?
They are normally not "Run as Administrator"
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: RegOpenKeyExA  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 28, 2018 11:08 AM   in response to: Ivar Suneson in response to: Ivar Suneson
Ivar Suneson wrote:

Most installation programs, including Wise which I use, write
information to the Registry. How can they do that?

Installers are usually run ass elevated admins. If you don't use the
"Run as Administrator" option, and if the EXE does not have a UAC
manifest, and if UAC is enabled, then UAC performs various heuristics
to try to determine whether the EXE may be an installer or not, and if
so can run it elevated. This is known as UAC's "Installer Detection"
feature:

https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works#installer-detection-technology

Installer detection technology

Installation programs are apps designed to deploy software. Most
installation programs write to system directories and registry keys.
These protected system locations are typically writeable only by an
administrator in Installer detection technology, which means that
standard users do not have sufficient access to install programs.
Windows heuristically detects installation programs and requests
administrator credentials or approval from the administrator user in
order to run with access privileges. Windows also heuristically detects
updates and programs that uninstall applications. One of the design
goals of UAC is to prevent installations from being run without the
user's knowledge and consent because installation programs write to
protected areas of the file system and registry.

Installer detection only applies to:

- 32-bit executable files.

- Applications without a requested execution level attribute.

- Interactive processes running as a standard user with UAC enabled.

Before a 32-bit process is created, the following attributes are
checked to determine whether it is an installer:

- The file name includes keywords such as "install," "setup," or
"update."

- Versioning Resource fields contain the following keywords: Vendor,
Company Name, Product Name, File Description, Original Filename,
Internal Name, and Export Name.

- Keywords in the side-by-side manifest are embedded in the executable
file.

- Keywords in specific StringTable entries are linked in the executable
file.

- Key attributes in the resource script data are linked in the
executable file.

- There are targeted sequences of bytes within the executable file.

Note: The keywords and sequences of bytes were derived from common
characteristics observed from various installer technologies.

Note: The User Account Control: Detect application installations and
prompt for elevation policy setting must be enabled for installer
detection to detect installation programs. For more info, see User
Account Control security policy settings
(https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings).

--
Remy Lebeau (TeamB)
Ivar Suneson

Posts: 3
Registered: 1/18/14
Re: RegOpenKeyExA  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 29, 2018 11:00 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Ivar Suneson wrote:

Most installation programs, including Wise which I use, write
information to the Registry. How can they do that?

Installers are usually run ass elevated admins. If you don't use the
"Run as Administrator" option, and if the EXE does not have a UAC
manifest, and if UAC is enabled, then UAC performs various heuristics
to try to determine whether the EXE may be an installer or not, and if
so can run it elevated. This is known as UAC's "Installer Detection"
feature:

https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works#installer-detection-technology

Installer detection technology

Installation programs are apps designed to deploy software. Most
installation programs write to system directories and registry keys.
These protected system locations are typically writeable only by an
administrator in Installer detection technology, which means that
standard users do not have sufficient access to install programs.
Windows heuristically detects installation programs and requests
administrator credentials or approval from the administrator user in
order to run with access privileges. Windows also heuristically detects
updates and programs that uninstall applications. One of the design
goals of UAC is to prevent installations from being run without the
user's knowledge and consent because installation programs write to
protected areas of the file system and registry.

Installer detection only applies to:

- 32-bit executable files.

- Applications without a requested execution level attribute.

- Interactive processes running as a standard user with UAC enabled.

Before a 32-bit process is created, the following attributes are
checked to determine whether it is an installer:

- The file name includes keywords such as "install," "setup," or
"update."

- Versioning Resource fields contain the following keywords: Vendor,
Company Name, Product Name, File Description, Original Filename,
Internal Name, and Export Name.

- Keywords in the side-by-side manifest are embedded in the executable
file.

- Keywords in specific StringTable entries are linked in the executable
file.

- Key attributes in the resource script data are linked in the
executable file.

- There are targeted sequences of bytes within the executable file.

Note: The keywords and sequences of bytes were derived from common
characteristics observed from various installer technologies.

Note: The User Account Control: Detect application installations and
prompt for elevation policy setting must be enabled for installer
detection to detect installation programs. For more info, see User
Account Control security policy settings
(https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings).

--
Remy Lebeau (TeamB)

Thank you for all the information.
I now have a good understanding how it works,
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02