admin管理员组文章数量:1332889
I am working on C# code that accesses the Windows registry for USB related information, mainly USBSTOR. If we try to access properties under each USBSTOR entry, it is restricted (even to Administrators).
I am using the Microsoft.Win32.Registry class for querying required info, which gives us an option to "Take Ownership" of registry keys when opening.
Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\ControlSet001\Enum\USBSTOR\CdRom&Ven_TS8XDVDR&Prod_Transcend&Rev_TW00\112233445568&0\Properties", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership);
This works fine for most of the cases, but Microsoft.Win32 does not provide facility to read information like lastwritetime etc.
Quick Search and ChatGPT revealed that we can use low-level Windows API to take ownership and then read required information but it assumes that we can open registry key using
(int)RegOpenKeyEx(hKey, subKey, 0, KEY_ALL_ACCESS, ref hKeyResult);
In my case opening subject key throws an error
Code: 5 (0x5) (ERROR_ACCESS_DENIED)
What is the best way to work around these restriction and query required data?
I am working on C# code that accesses the Windows registry for USB related information, mainly USBSTOR. If we try to access properties under each USBSTOR entry, it is restricted (even to Administrators).
I am using the Microsoft.Win32.Registry class for querying required info, which gives us an option to "Take Ownership" of registry keys when opening.
Microsoft.Win32.Registry.LocalMachine.OpenSubKey("SYSTEM\ControlSet001\Enum\USBSTOR\CdRom&Ven_TS8XDVDR&Prod_Transcend&Rev_TW00\112233445568&0\Properties", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership);
This works fine for most of the cases, but Microsoft.Win32 does not provide facility to read information like lastwritetime etc.
Quick Search and ChatGPT revealed that we can use low-level Windows API to take ownership and then read required information but it assumes that we can open registry key using
(int)RegOpenKeyEx(hKey, subKey, 0, KEY_ALL_ACCESS, ref hKeyResult);
In my case opening subject key throws an error
Code: 5 (0x5) (ERROR_ACCESS_DENIED)
What is the best way to work around these restriction and query required data?
Share Improve this question edited Nov 21, 2024 at 7:01 Remy Lebeau 599k36 gold badges503 silver badges848 bronze badges asked Nov 21, 2024 at 4:27 Junaid ArshadJunaid Arshad 11 bronze badge 3- 2 If you can't even view the data as an admin, then you likely shouldn't be messing with it at all. What exactly are you trying to extract from it? Have you tried opening the key for read-only access instead of read/write? – Remy Lebeau Commented Nov 21, 2024 at 7:03
- @RemyLebeau I am trying to extract time information like first and last connection date/time. Yes, I have tried lot of different options without success. I came across a tool named USBDeView which reads this information even with limited user account – Junaid Arshad Commented Nov 21, 2024 at 16:53
- 1 Are you sure USBDeView is reading it from the registry? Have you tried using SysInternals Process Monitor to see what registry keys are being accessed and with what permissions? – Remy Lebeau Commented Nov 21, 2024 at 19:26
1 Answer
Reset to default 0In my tool "USB Drive Info" you can right-click the USB device -> RegEdit...
The first sub-item is HKLM\SYSTEM\CurrentControlSet\Enum<DeviceInstanceID> which leads above the "Device Parameters". Since UsbDriveInfo uses the dirty trick of stealing a Windows service's access token to start RegEdit.exe with, "Device Parameters" can be accessed. Does not look that interesting :-)
Since Windows Vista arrival and removal time can be determined by means of CM_Get_DevNode_Property with DEVPKEY_Device_LastArrivalDate and DEVPKEY_Device_LastRemovalDate. In C++:
// assuming DeviceInstanceID is in szDeviceInstanceId
DEVINST DevInst = 0;
if ( CR_SUCCESS == CM_Locate_DevNode(&DevInst, szDeviceInstanceId, 0) ) {
// DevInst determined
FILETIME FT;
DEVPROPTYPE PropType;
ULONG PropSize = sizeof(FT);
if ( CR_SUCCESS == CM_Get_DevNode_Property(DevInst, &DEVPKEY_Device_LastRemovalDate,
&PropType, (PBYTE)&FT, &PropSize, 0);
// time in FT
}
}
本文标签: winapiAccessing restricted Windows registry keys in CStack Overflow
版权声明:本文标题:winapi - Accessing restricted Windows registry keys in C# - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742314263a2451497.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论