Hi all

OK, not really an asm question, but I don't know where else to ask.  (I have researched but cannot find the answer.)

So, when I am logged in, all settings are stored in HKEY_CURRENT_USER.

My question is, what API call do I use to write to HKEY_CURRENT_USER for a user that is not logged on?  i.e. If I am administrator I should be able to update another users registry keys.  My question relates to a local machine only, not a remote machine.

I cannot figure this out, but it should be possible, right?

Wongdai
Posted on 2006-01-19 21:52:24 by WongDai
You've either got to save the settings into or try to edit the user's registry using their own account
Posted on 2006-01-19 22:09:00 by XCHG
There must be a better way.  The information is stored away somewhere.

How about using the undocumented api NtLoadKey?  Does that work?

Wongdai
Posted on 2006-01-19 22:24:48 by WongDai
You don't need NtLoadKey, change the settings or whatever for the user under HKEY_USERS..
Posted on 2006-01-19 23:22:48 by lone_samurai5
You'll probably need LookupAccountSid() or similar if you're going to modify under HKEY_USERS... unless somebody knows of a better/easier way to do user->sid mapping.
Posted on 2006-01-20 00:01:25 by f0dder
Thanks Fodder

I think you have put me on the right path.  LookupAccountName seems to be the beastie I need, viz:

"The LookupAccountName function accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found."

I am assuming then I can just use a regular key lookup as the SID it returns is one the high level keys in HK_USERS, and this would then be just like opening HKEY_CURRENT_USER if that user was logged on?

Thanks all for help

Wongdai


Posted on 2006-01-21 21:20:06 by WongDai
If your writing software for the system, i.e.  absence of a user, HKLM is what you use.  That is where you find all the services settings.  That's LM = Local Machine.

Regards,  P1  8)
Posted on 2006-02-05 22:54:27 by Pone
No, that won't work, as it changes the registry values for all users who log on to a particular machine.  I only want to change registry values for a user who has a logon on the machine, but is not currently logged on. i.e. as an administrator change their registry values.

Wongdai
Posted on 2006-02-08 06:28:55 by WongDai
Check RegLoadKey, RegSaveKey and RegUnLoadKey APIs. They should work at least on XP.

You can try this with your RegEdit.exe.
1. Open regedit
2. Left click on HKEY_LOCAL_MACHINE to activate it
3. Open File Menu and choose Load Hive...
4. Browse to users ntuser.dat file and click open.
5. Now RegEdit asks a keyname ... enter something.

Now you have that users "HKEY_CURRENT_USER" regitry keys opened under, the key you specified at step 5.

To unload that hive click the name you entered at step 5 to active and then choose File\Unload Hive...

Posted on 2006-02-08 06:57:14 by SamiP
Open a thread impersonating the user, then use RegOpenCurrentUser.

Regards,  P1  8)
Posted on 2006-02-08 12:56:24 by P1