November 28th, 2016

If I simply want to create a registry key but don’t intend to do anything else with it, what security access mask should I ask for?

A customer wanted to create a registry key if it didn’t already exist, but they weren’t interested in writing anything to the key yet. They just wanted to ensure that it existed. Now, we know that the Reg­Create­Key­Ex function will either open a key (if it exists) or create a key (if it doesn’t already exist). That seems to fit the bill perfectly, so we have this so far:

HKEY subKey;
LONG result = RegCreateKeyEx(
    parentKey, subkeyName, 0, nullptr,
    0, ????, nullptr, &subKey, nullptr);
if (result == ERROR_SUCCESS) {
    RegCloseKey(subKey);
}

Now, we know that the parentKey must have been opened with KEY_CREATE_SUB_KEY access in order for us to be able to create a subkey. But what goes into the question marks, which specify the access mask for the subkey? Should we say KEY_WRITE because we are creating the key? Or do we say 0 because we aren’t intending to do anything at all with the new key?

In this case, saying 0 is just fine. The program doesn’t do anything with the subkey aside from close the handle, and closing a handle doesn’t require any special permissions. If you planned to use the subKey to perform any operations on the subkey, then you need to request an access mask that is compatible with the operations you intend to perform.

But if you don’t intend to perform any operations, then you don’t need to request any access. Passing 0 is just fine.

Topics
Code

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.

Feedback