I am trying to do some registry editing. The below code is a MCVE of my problem:
RegistryKey key;
key = Registry.LocalMachine.OpenSubKey("DRIVERS", true);
key = key.CreateSubKey("Names");
key.SetValue("Name", "nick", RegistryValueKind.String);
key.Close();
That code works fine. The following (changed DRIVERS to SOFTWARE) does not:
RegistryKey key;
key = Registry.LocalMachine.OpenSubKey("SOFTWARE", true);
key = key.CreateSubKey("Names");
key.SetValue("Name", "nick", RegistryValueKind.String);
key.Close();
To me, the difference between the two blocks of code is trivial. What is the cause of this issue, and how can I get around it? I am already running the code as an admin.
My end goal is to modify the values in the "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" folder.
I know this is possible from Powershell - it should be possible from C# as well.
You can write to the 64-bit registry from a 32-bit process, but you need to explicitly request the 64-bit registry as follows (modified from your code in the Q).
var hklm = RegistryKey.OpenBaseKey(Microsoft.Win32.RegistryHive.LocalMachine, RegistryView.Registry64);
RegistryKey key = hklm.OpenSubKey("SOFTWARE", true);
key = key.CreateSubKey("Names");
key.SetValue("Name", "nick", RegistryValueKind.String);
key.Close();
Related
I am trying to overwrite the below values in registry on existing value of "Default". Written the below code but it is not updating the value. also code is not giving any error.
[HKEY_CLASSES_ROOT\ugmportalfile\Shell\Open\Command]
#="\"%TPR%\start_manager.bat\""
RegistryKey regKey=Registry.ClassesRoot.OpenSubKey("ugmportalfile\\Shell\\Open\\Command", true);
//Microsoft.Win32.RegistryKey regKey;
regKey = Microsoft.Win32.Registry.ClassesRoot;
regKey.OpenSubKey(#"ugmportalfile\Shell\Open\Command");
regKey.SetValue("Default", #"%TPR%\start_manager.bat");
regKey.Close();
OpenSubKey does return a RegistryKey object, you are trying to modify a wrong key.
RegistryKey regKey = Microsoft.Win32.Registry.ClassesRoot;
RegistryKey subkey = regKey.OpenSubKey(#"ugmportalfile\Shell\Open\Command", true); // Could be also Microsoft.Win32.Registry.ClassesRoot..OpenSubKey(#"ugmportalfile\Shell\Open\Command", true);
subkey.SetValue("Default", #"%TPR%\start_manager.bat");
subkey.Close();
You could also consider using code blocks 'cause of IDisposable interface.
Edit: https://msdn.microsoft.com/en-us/library/xthy8s8d(v=vs.110).aspx
OK, so i'm having this issue and i really just dont understand why. although i know i can just change the whole text i would just like to better understand why this is happening. so lets say im opening a subkey
RegistryKey regkey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, workstation, RegistryView.Registry64).OpenSubKey(#"Software\Censored\Issuance\test\", true);
that will work fine i can set/get key values and such but then lets say i need to move to another subkey why cant i just do
regkey= regkey.opensubkey(#"\Software\something\somewhere\youknow");
then start setting or getting values from that new location? any help would be appreciated!
i tried to search for a similar post but didnt appear that anyone had asked about this before sorry if it's a dupe!
RegistryKey regkey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, workstation, RegistryView.Registry64)
.OpenSubKey(#"Software\Censored\Issuance\test\", true);
regkey = regkey.opensubkey(#"Foo");
This will open the subkey Foo at Software\Censored\Issuance\test\Foo
To read from a key that is not a subkey
RegistryKey baseKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, workstation, RegistryView.Registry64);
RegistryKey regkey = baseKey.OpenSubKey(#"Software\Censored\Issuance\test\", true);
...
regkey = baseKey.OpenSubKey(#"Software\something\somewhere\youknow", true);
give the code below, lastuser string returns null, however, if I use regedit to look at this key it has data associated with it. Is LoggedOnSAMuser a restricted key?
public static string lastlogon()
{
string lastuser;
RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64);
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI",false);
if (registryKey != null)
{
lastuser = (string) registryKey.GetValue("LastLoggedOnSAMUser");
}
else lastuser = "Unknown User";
return (lastuser);
}
2 possible issues:
You are trying to read the LoggedOnSAMUser key, quite a chance you
meant LastLoggedOnSAMUser.
You might be trying to read a 64-bit registry entry from a 32-bit application. If possible, change your platform target to x64 and retry. If not possible, you might have to use the registry API directly. Hopefully a nudge in the right directon: link
Almost certainly you have a 32 bit process on a 64 bit machine and so are subject to registry redirection. Your 32 bit process, by default, reads from the 32 bit view of the registry. But you want to read from the 64 bit view.
Solve the problem by requesting that you read from the 64 bit view of the registry, by way of the RegistryView enumeration.
This seems to work on Windows 7
RegistryKey thisKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64);
RegistryKey thisSubkey = thisKey.OpenSubKey(#"SOFTWARE\\fred", false);
_url = (string)thisSubkey.GetValue("_url", "*");
_port = (string)thisSubkey.GetValue("_port", 0);
At the start of my application i change the shell value of the registry to a custom shell and kill the explorer.exe (It is done outside the application), i want to allow a backdoor to return to the original shell and bring back the explorer.exe. brining the process back works fine for me but when i run my code to change the registry value no exception is thrown but the value doesn't change when i check in regedit,
this is my code (saw it here on a different question) :
RegistryKey regKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", true);
regKey.SetValue("Shell", "explorer.exe", RegistryValueKind.String);
regKey.Close();
Please help
In your code, you are actually set the value of
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Because some registry keys are redirected by WOW64, please check MSDN to get more details.
Try this:
RegistryKey localMachine = RegistryKey.OpenBaseKey(Microsoft.Win32.RegistryHive.LocalMachine, RegistryView.Registry64);
RegistryKey regKey = localMachine .OpenSubKey(#"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", true);
regKey.SetValue("Shell", "explorer.exe", RegistryValueKind.String);
regKey.Close();
I have a issue reading a registry value programmatically using C#.
I looked into many sites and help but could not find any helpful.
I am able to access and read registry when I run VS in eleveated mode, but face issue when I run VS with out elevated mode.
Initially I started with the below code
byte[] val = (byte[])Registry.GetValue("HKEY_LOCAL_MACHINE\\Software\\MyServices\\Identity\\ASPNET_SETREG", "ValueName", 0);
This worked fine with elevated mode, but fails in non elevated mode.
Placed the attribute on top of the function
[RegistryPermissionAttribute(SecurityAction.Demand,Unrestricted=true)]
This did not help. Then Tried
[System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityAction.LinkDemand, Flags = System.Security.Permissions.SecurityPermissionFlag.AllFlags)]
Still did not work.
Now I Tried the below code...
RegistryKey key = Registry.LocalMachine;
RegistrySecurity rs = new RegistrySecurity();
rs = key.GetAccessControl();
string user = "DomainName\\Username";
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.ReadKey,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
key.SetAccessControl(rs);//Exception: "Attempted to perform an unauthorized operation."}
//RegistryKey key2 = key.OpenSubKey("Software\\MyServices\\Identity\\ASPNET_SETREG");
//RegistryKey key2 = key.OpenSubKey("Software\\MyServices\\Identity\\ASPNET_SETREG", false);
//RegistryKey key2 = key.OpenSubKey("Software\\MyServices\\Identity\\ASPNET_SETREG", RegistryKeyPermissionCheck.ReadSubTree);
RegistryKey key2 = key.OpenSubKey("Software\\MyServices\\Identity\\ASPNET_SETREG", RegistryKeyPermissionCheck.ReadSubTree, RegistryRights.ReadPermissions);
Commenting SetAccessControl and use any of the OpenSubkey option, I get Exception: "Requested registry access is not allowed."
I am badly stuckup and unable to proceed.
private RegistryKey keyR = Registry.CurrentUser.OpenSubKey("Software\\YourKey",true);
private RegistryKey keyW = Registry.CurrentUser.CreateSubKey("Software\\YourKey");
public string version
{
get { return keyR.GetValue("VERSION", "", RegistryValueOptions.DoNotExpandEnvironmentNames).ToString(); }
set { keyW.SetValue("VERSION", value, RegistryValueKind.String); }
}
I am using windows registry in this way. No problem...
The windows registry is basically a structured file system, and has permissions for keys and values.
You do not have the permissions set correctly on ...\MyServices\ or deeper keys - you have no permission to access those from your unprivileged process.
Either:
Those keys should be readable by anybody, so you should change the permissions to make them readable by everybody. Or -
Those keys were intentionally restricted for a good reason, and so they should not be readable by everybody, in which case your program should always run elevated.