Updating HKEY_CURRENT_USER hive from a service

Question

I am writing a network provider (Windows 7) to capture the domain name and username and I have to keep this in HKEY_CURRENT_USER\Software\MyApp\Profile

Since the network provider is running as a service the data is stored in HKEY_USER\.Default\Software\MyApp\Profile

After successful login if I try to read from my application it genuinely tries to read the data from that user's HKEY_CURRENT_USER which will not have anything.

How is this being managed in general? How shall I store the data into current users hive from a service.

Answer 1

I had managed to get this done.

I did a LogonUser, LoadUserProfile and ImpersonateLoggedOnuser. The LoadUserProfile will return the PROFILEINFO structure. The member hProfile of PROFILEINFO is the actual HKCU root which should be used.

Calling LogonUser will trigger the network provider recursively, to block that you have to check the lpStationName from NPLogonNotify argument, if its "SvcVtl" then break the recursion. Look for msdn document for more detail on NPLogonNotify.

when all registry operation is done, call UnLoadUserProfile, RevertoToSelf, closeHandle(token)

Answer 2

You need to get a user token (call OpenProcess then OpenProcessToken), impersonate your thread with that token and use RegOpenCurrentUser function to open user registry hive.

Also you can find out user SID and open HKEY_USER\<SID>.