0

I want to get the last modified time of some protected registry keys in Windows registry. Fro example I am trying to open the registry key:

HKLM\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Ultra&Rev_1.00\4C531001530301123274&0\Properties

using RegOpenKeyEx but it returns error code 5 which means Access denied.

My program works fine for unprotected registry keys. I have disabled UAC and run my program as "Run as Administrator"

Here is my code:

public DateTime GetKeyModifiedTime(string computerName, string BaseKey, string SubKey)
    {
        int remoteKeyResult = -1;

        try
        {
            if (BaseKey.Equals("HKEY_LOCAL_MACHINE"))
                remoteKeyResult = RegConnectRegistry(@"\\" + computerName.ToUpper(), Convert.ToInt32(Hives.HKEY_LOCAL_MACHINE), ref longResult);
            if (BaseKey.Equals("HKEY_CURRENT_USER"))
                remoteKeyResult = RegConnectRegistry(@"\\" + computerName.ToUpper(), Convert.ToInt32(Hives.HKEY_CURRENT_USER), ref longResult);
            if (BaseKey.Equals("HKEY_USERS"))
                remoteKeyResult = RegConnectRegistry(@"\\" + computerName.ToUpper(), Convert.ToInt32(Hives.HKEY_USERS), ref longResult);


            int abasekey = 0;
            abasekey = ParseInput(BaseKey);
            //parse just the base key part and return the Integer enum value of the base key
            int BaseKeyValue = 0;
            //if the value of abasekey is not -1(used for error) then set BaseKeyValue to the returned vaue
            if (!(abasekey == -1))
            {

                BaseKeyValue = abasekey;

            }
            else
            {
                //if abasekey does = -1 then bail out because input is not correct.
            }

            int regkeyptr = 0;
            IntPtr p = new IntPtr(regkeyptr);

            int openregkeyResult = RegOpenKeyEx(longResult, SubKey, 0, KEY_QUERY_VALUE, ref p);


            //third param is Reserved and must be 0(worked as "Nothing" also)
            //strbldr.AppendLine("Open RegKey Pointer " + regkeyptr.ToString());
            // strbldr.AppendLine("Open RegKey Result " + openregkeyResult.ToString());

            //create a filetime structure to recieve the returned time
            System.Runtime.InteropServices.ComTypes.FILETIME lpftLastWriteTime = default(System.Runtime.InteropServices.ComTypes.FILETIME);

            int returnvalue = 0;

            returnvalue = RegQueryInfoKey(p.ToInt32(), null, 0, 0, 0, 0, 0, 0, 0, 0, 0, ref lpftLastWriteTime);

            //strbldr.AppendLine("RegQueryInfoKey Result " + returnvalue);
            //returnvalue is the HResult call of RegQueryInfoKey
            //strbldr.AppendLine();
            //strbldr.AppendLine("Filetime High " + lpftLastWriteTime.dwHighDateTime.ToString() + "   " + "Filetime Low  " + lpftLastWriteTime.dwLowDateTime.ToString());
            //use the api function to convert the filetime to a date time This ine returns in local time, File TIme is UTC 0 based.
            DateTime dt = FileTimeToDateTime(lpftLastWriteTime);
            return dt;


        }
        catch (Exception ex)
        {
            return DateTime.Now;

        }
    }
Michele La Ferla
  • 6,775
  • 11
  • 53
  • 79
qasali
  • 1
  • 1
  • 1

2 Answers2

0

Error 5 is access denied as you said. Some registry keys are owned by the system or other accounts and everybody else is denied access. If you go to that key in regedit, you can view the permissions on it. Likely it is owned by SYSTEM.

SledgeHammer
  • 7,338
  • 6
  • 41
  • 86
0

It is because you set KEY_QUERY_VALUE in RegOpenKeyEx(). Just change to KEY_READ. It will be fine.

JOE
  • 353
  • 2
  • 11