Importing .Reg File Targeting HKEY_CURRENT_USER Creates Additional Entries In Other Hives

Question

I need help understanding the registry entries that Windows creates when I attempt to write keys to HKEY_CURRENT_USER by importing a .reg file.

I have written an installer in NSIS that installs the software for a standard user and does not require Admin authentication. The installer installs the software for the current user only.

My software contains two DLLs that use COM so they must be registered. However, since my installer does not request Admin authentication, I cannot use regasm. Rather, I am using the .reg file import technique described in this post:

Registering .Net COM DLLs without Admin rights / regasm

Effectively, I am running RegAsm with the /regfile switch to create a .reg file. I then replace all instances of

[HKEY_CLASSES_ROOT\

with

[HKEY_CURRENT_USER\

These are the keys that RegAsm creates with HKEY_CLASS_ROOT (which I then replaced with HKEY_CURRENT_USER):

[HKEY_CURRENT_USER\Software\Classes\MyDllLibrary.clsMyClass] [HKEY_CURRENT_USER\Software\Classes\MyDllLibrary.clsMyClass\CLSID] [HKEY_CURRENT_USER\Software\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}] [HKEY_CURRENT_USER\Software\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32] [HKEY_CURRENT_USER\Software\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32\1.0.0.0] [HKEY_CURRENT_USER\Software\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\ProgId] [HKEY_CURRENT_USER\Software\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\Implemented Categories{62C8FE65-4EBB- [HKEY_CURRENT_USER\Software\Classes\MyDllLibrary.clsMyClass2] [HKEY_CURRENT_USER\Software\Classes\MyDllLibrary.clsMyClass2\CLSID] [HKEY_CURRENT_USER\Software\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}] [HKEY_CURRENT_USER\Software\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32] [HKEY_CURRENT_USER\Software\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32\1.0.0.0] [HKEY_CURRENT_USER\Software\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\ProgId] [HKEY_CURRENT_USER\Software\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\Implemented Categories{62C8FE65-4EBB-

After I import the .reg file above, to my surprise, my when I search the registry for my dll name, I find Windows has created keys in the following 3 place:

HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_USERS

I was expecting to only finds keys in HKEY_CURRENT_USER.

This presents two issues:

If the key is written to HKEY_CLASSES_ROOT I wonder if it is registering it for the entire machine (as opposed to only the current user).
My uninstaller "unregisters" the Dlls using the same technique of running the RegAsm /regfile switch and then replacing all instances of

[HKEY_CURRENT_USER

with

[-HKEY_CURRENT_USER

The problem is my uninstaller is only deleting the HKEY_CURRENT_USER keys and the HKEY_CLASSES_ROOT and HKEY_USERS keys are left behind.

I'm trying to understand why Windows is writing these additional keys and if I need to clean them up on uninstall.

Here is a list of the keys Windows is creating entries in:

Computer\HKEY_CLASSES_ROOT\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32 Computer\HKEY_CLASSES_ROOT\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32\1.0.0.0 Computer\HKEY_CLASSES_ROOT\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32 Computer\HKEY_CLASSES_ROOT\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32\1.0.0.0 Computer\HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32 Computer\HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32\1.0.0.0 Computer\HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32 Computer\HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32\1.0.0.0 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001\SOFTWARE\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001\SOFTWARE\Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32\1.0.0.0 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001\SOFTWARE\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001\SOFTWARE\Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32\1.0.0.0 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001_Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001_Classes\CLSID{3B8612DE-E333-31D5-86DA-9ED6D4B14A1C}\InprocServer32\1.0.0.0 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001_Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32 Computer\HKEY_USERS\S-1-5-21-529589846-3326646294-2506018130-1001_Classes\CLSID{FCE641D6-51C1-3648-AB43-C1F9BB812FC5}\InprocServer32\1.0.0.0

Please help me understand why these keys are created and if there is any way to clean them up using the reg file importing technique that I am forced to use.

Looking forward to your insight.

Matthew

Anders · Accepted Answer · 2022-02-01T04:53:03.053

1

They are only created in a single place.

HKEY_CLASSES_ROOT is a merged view of HKEY_CURRENT_USER\Software\Classes and HKEY_LOCAL_MACHINE\Software\Classes, it stores no data of its own.

HKEY_CURRENT_USER is just a symlink to HKEY_USERS\S-.... where S-... is the SID of your user account.

Ideally you should be using the NSIS registry functions, not .reg files.

edited Feb 01 '22 at 04:53

answered Feb 01 '22 at 04:47

Anders

97,548
12
110
164

Hi Anders. Thank you for your reply. I suppose I'm confused as to why I can still search and find references in the registry to MyDll.dll even after the uninstall process where I've imported the .reg file (created by RegAsm) with the "[-HKEY_CURRENT_USER" commands to delete the entries? I'm thinking if it's a merged view then these entries would be gone. Also, you mentioned NSIS for registry functions. I suppose I could hard code the registry writes created by RegAsm in the installer / uninstaller. However, I don't know how RegAsm works. Would these entries always be the same on every machine? – MatthewNYC Feb 01 '22 at 23:54
You would have to change the paths to dlls to `$instdir\mydll.dll` etc. – Anders Feb 02 '22 at 01:59
1

Anders answer that what I'm seeing in HKEY_CLASSES_ROOT is a merged view got me thinking that maybe something was wrong with my .reg file that was deleting the registry entries. Sure enough I found a couple of errors in my code. Once corrected, the registry entries were removed and I could no longer find any reference to MyDll.dll when searching the registry. – MatthewNYC Feb 02 '22 at 21:54

Importing .Reg File Targeting HKEY_CURRENT_USER Creates Additional Entries In Other Hives

1 Answers1