[ros-kernel] Re: RtlQueryRegistryValues() in WIN32K
Joseph Galbraith
galb-list at vandyke.com
Thu Sep 16 09:27:04 CEST 2004
Martin Fuchs wrote:
>>>I don't know either. This is what I know:
>>>You can access HKEY_CURRENT_USER from the SYSTEM account.
>>>
>>
>>Hm I have no idea, i hope this is NT's behavior...
>
>
> It's the behaviour of MS Windows - I tested it (only) on XP.
You _can_ access HKEY_CURRENT_USER ???
Are you sure you didn't just get a copy of the .DEFAULT user when
you did that?
Under XP there can actually be multiple users logged on at
the same time (with fast user switching.)
I'm 99% sure that access HKEY_CURRENT_USER from any process
running in the SYSTEM account (including services, LSASS,
CSRSS, and others, will not actually access the registery
of the (or a) logged on user.
You can probably, if you know the SID, access the registry through
HKEY_USERS-- or by calling LoadUserProfile() which will ensure
that the user's registery is actually loaded.
- Joseph
More information about the Ros-kernel
mailing list