I wanna access to an offline windows registry file, i.e. SOFTWARE, SAM, SYSTEM, SECURITY and NTUSERS.DAT, and read the keys and subkeys in c#. I tried to do this ussing this code:
int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
int SE_PRIVILEGE_ENABLED = 0x00000002;
int TOKEN_QUERY = 0x00000008;
int token = 0;
int retval = 0;
uint HKU = 0x80000003;
string SE_BACKUP_NAME = "SeBackupPrivilege";
string SE_RESTORE_NAME = "SeRestorePrivilege";
string tmpHive = "offlineSystemHive";
string offlineHive = "C:\\SYSTEM";
LUID RestoreLuid = new LUID();
LUID BackupLuid = new LUID();
TOKEN_PRIVILEGES TP = new TOKEN_PRIVILEGES();
TOKEN_PRIVILEGES TP2 = new TOKEN_PRIVILEGES();
retval = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref token);
retval = LookupPrivilegeValue(null, SE_RESTORE_NAME, ref RestoreLuid);
retval = LookupPrivilegeValue(null, SE_BACKUP_NAME, ref BackupLuid);
TP.PrivilegeCount = 1;
TP.Attributes = SE_PRIVILEGE_ENABLED;
TP.Luid = RestoreLuid;
TP2.PrivilegeCount = 1;
TP2.Attributes = SE_PRIVILEGE_ENABLED;
TP2.Luid = BackupLuid;
retval = AdjustTokenPrivileges(token, 0, ref TP, 0, 1024, 0);
retval = AdjustTokenPrivileges(token, 0, ref TP2, 0, 1024, 0);
int rtnVal = RegLoadKey(HKU, tmpHive, offlineHive);
RegistryKey baseKey = Registry.Users.OpenSubKey("offlineSystemHive\\ControlSet001\\Control\\ComputerName\\ComputerName");
Console.WriteLine("Computer Name: {0}", baseKey.GetValue("ComputerName"));
baseKey.Close();
rtnVal = RegUnLoadKey(HKU, tmpHive);
Console.WriteLine(rtnVal);
The problem is that the
RegLoadKey(HKU, tmpHive, offlineHive)
returns a value of 1314, and then the
OpenSubKey
function throws an exception...
I hope someone can help me. Thanks
Submit an article or tip