編輯/刪除受保護的註冊表項值

Question

我的問題：當使用自定義安全描述符創建註冊表項時，是否可以編輯註冊表項的值？我需要用SECURITY_ATTRIBUTES結構調用RegSetKeyValueEx嗎？如果沒有，那麼我需要刪除密鑰然後重新創建它。

我試圖編輯（或刪除然後重寫）註冊表鍵值，但它不工作。一些重要的信息是我使用自定義安全描述符創建了註冊表項。自定義安全描述符只有KEY_READ Registry Key Security and Access Rights集。

但我甚至不能刪除密鑰，因爲它的ACL安全描述符。這是一個問題，因爲當我卸載時，我甚至不能刪除註冊表項。我爲什麼使用自定義安全描述符創建註冊表項是因爲用戶無意或故意不能改變它。關鍵是告訴我我的應用程序是否已經運行過。

有誰知道我該如何編輯/刪除這種類型的註冊表項？

我的代碼（即嘗試編輯我的鑰匙，並顯示瞭如何創建擺在首位的關鍵）：

// Code to change key value 
LONG lResult = RegOpenKeyEx(HKEY_CURRENT_USER, _T("Software/MyApplication"), 0, KEY_READ, &hKey); 
LONG setValueRes = RegSetValueEx(hKey, _T("FirstRunSignafier"), 0, REG_DWORD, (LPBYTE) &firstRunSignafierValue, 
           (DWORD) sizeof(firstRunSignafierValue)); 
// Error Value of setValueRes is 5. lResult succeeds 


// Code that creates the registry key 
int recordFirstApplicationRun() 
{ 
    tstring REG_FIRST_RUN_SIGNIFIER = _T("Software\\MyApplication"); 
    HKEY hKey; 
    LONG lResult; 
    int res      = 1; 
    DWORD dwValue, dwType, dwSize = sizeof(dwValue); 
    DWORD firstRunSignafierValue = 1; 
    DWORD keyAlreadyExists; // Two potential values: REG_CREATED_NEW_KEY or REG_OPENED_EXISTING_KEY 
    PSID pEveryoneSID    = NULL; 
    PACL pACL      = NULL; 
    PSECURITY_DESCRIPTOR pSD  = NULL; 
    SECURITY_ATTRIBUTES secAttr; 

    createSecurityAttributes(&secAttr, pEveryoneSID, pACL, pSD); 
    LONG createRes = RegCreateKeyEx(HKEY_CURRENT_USER, &REG_FIRST_RUN_SIGNIFIER[0], 0, NULL, REG_OPTION_NON_VOLATILE, 
            KEY_WRITE|KEY_WRITE, &secAttr, &hKey, &keyAlreadyExists); 
    if (createRes != ERROR_SUCCESS) { 
     //_tprintf(_T("Failed to create key: Last Error: %x, Return Val: %x\n"), GetLastError(), createRes); 
     CPP_Utilities::outputLastError("Failed to create key"); 
     res = -1; 
     goto Cleanup; 
    } 

    //CPP_Utilities::outputLastErrorEx((keyAlreadyExists == REG_CREATED_NEW_KEY) ? _T("Created new registry key"):_T("Registry key already exists")); 
    _tprintf((keyAlreadyExists == REG_CREATED_NEW_KEY) ? _T("Created new registry key\n"):_T("Registry key already exists\n")); 

    // To Write a DWORD to the registry 
    LONG setValueRes = RegSetValueEx(hKey, _T("FirstRunSignafier"), 0, REG_DWORD, (LPBYTE) &firstRunSignafierValue, 
            (DWORD) sizeof(firstRunSignafierValue)); 
    if (setValueRes != ERROR_SUCCESS) { 
     _tprintf(_T("B: %X\n"), setValueRes); 
     CPP_Utilities::outputLastError("Failed to set registry value"); 
     res = -2; 
     goto Cleanup; 
    } 

    Cleanup: 
     if (pEveryoneSID) 
      FreeSid(pEveryoneSID); 
     if (pACL) 
      LocalFree(pACL); 
     if (pSD) 
      LocalFree(pSD); 
     if (hKey) 
      RegCloseKey(hKey); 

    return res; 
} 

int createSecurityAttributes(SECURITY_ATTRIBUTES* secAttr, PSID pEveryoneSID, PACL pACL, PSECURITY_DESCRIPTOR pSD) 
{ 
    // Pre: Memory release for parameters MUST be handled by caller 

    EXPLICIT_ACCESS ea; 
    DWORD dwRes; 
    /*PSID*/ pEveryoneSID     = NULL; 
    /*PACL*/ pACL       = NULL; 
    /*PSECURITY_DESCRIPTOR*/ pSD   = NULL; 
    SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY; 

    // Create a well-known SID for the Everyone group. 
    if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) { 
     _tprintf(_T("AllocateAndInitializeSid Error %u\n"), GetLastError()); 
     CPP_Utilities::outputLastError("AllocateAndInitializeSid Error"); 
     return -1; 
    } 

    // Initialize an EXPLICIT_ACCESS structure for an ACE. The ACE will allow Everyone read access to the key. 
    ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); 
    ea.grfAccessPermissions = KEY_READ; 
    ea.grfAccessMode  = SET_ACCESS; 
    ea.grfInheritance  = NO_INHERITANCE; 
    ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; 
    ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; 
    ea.Trustee.ptstrName = (LPTSTR) pEveryoneSID; 

    // Create a new ACL that contains the new ACEs. 
    dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL); 
    if (ERROR_SUCCESS != dwRes) { 
     _tprintf(_T("SetEntriesInAcl Error %u\n"), GetLastError()); 
     CPP_Utilities::outputLastError("SetEntriesInAcl Error"); 
     return -2; 
    } 

    // Initialize a security descriptor. 
    pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); 
    if (NULL == pSD) { 
     _tprintf(_T("LocalAlloc Error %u\n"), GetLastError()); 
     CPP_Utilities::outputLastError("LocalAlloc Error"); 
     return -3; 
    } 

    if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { 
     _tprintf(_T("InitializeSecurityDescriptor Error %u\n"), GetLastError()); 
     CPP_Utilities::outputLastError("InitializeSecurityDescriptor Error"); 
     return -4; 
    } 

    // Add the ACL to the security descriptor. 
    if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) { 
     _tprintf(_T("SetSecurityDescriptorDacl Error %u\n"), GetLastError()); 
     CPP_Utilities::outputLastError("SetSecurityDescriptorDacl Error"); 
     return -5; 
    } 

    // Initialize a security attributes structure. 
    secAttr->nLength    = sizeof (SECURITY_ATTRIBUTES); 
    secAttr->lpSecurityDescriptor = pSD; 
    secAttr->bInheritHandle   = FALSE; 

    return 1; 
} 

Answer 1

您需要更改的權限，使用戶有KEY_SET_VALUE訪問權限。最簡單的方法是讓卸載程序刪除安裝程序添加的ACL。

你只需要你的卸載程序來顛倒安裝程序的步驟。你的安裝程序去了：

1. 創建一個密鑰。
2. 將ACL添加到密鑰。

所以，你卸載需要：

1. 取消導航鍵的ACL。
2. 刪除密鑰。