MSIX Runtime HKCU CreateKey

Question

If you have a package that contains the registry key
&nbsp; &nbsp; HKEY_CURRENT_USER\Software\Vendor
And you run that package and it creates a subkey under Vendor named "Settings".
&nbsp;
If the application calls CreateKey against the "Vendor" key requesting access "MaximumAllowed", it is granted permissions "Read/Write."
&nbsp;
If the application calls CreateKey against "Settings" key requesting access "MaximumAllowed", it is only granted permissions "Read, Write DAC".
&nbsp;
Attached is a procmon trace showing this situation, the highlighted line being the case of opening the key from the redirected helium containerized registry.&nbsp; In this case, the app examined the return permissions and gives up.
&nbsp;

&nbsp;
&nbsp;

timothy_mangan · Answer

OK.  I'll mention that while I haven't run this completely down, I increased some logging and I'm now believing that calls to OpenKeyEx and CreateKeyEx against keys that are in the package return the key, but the "result" value returned by the function is not always 0.  Likely that when the native key of what would be the parent key requested by the app is not present on the system (but is in the package) the result value is 2.  For keys the dev know were put down by the installer the dev may or may not look at that result value as long as the key is returned.

aniket_banerjee · Answer

TIMOTHY_MANGAN
Thanks for reporting this. I would love to know a little more details about this issue (like App name, expected registry details, if it was previously installed, etc.
&nbsp;
However, I have faced similar issues in the past, and found that (the workaround of) enabling the capability of 'Run as administrator (restricted)' often resolves this issue.

&nbsp;
In case this doesn't work, you can also try to run the (MSIX) application as an administrator, and it may resolve this issue.

timothy_mangan · Answer

The application is "ExamDiff" from PrestoSoft (a free product you can access from their website).

The image I provided in the original post shows the line in a procmon trace that is problematic as the highlighted one (click on the image to view). The test was on a clean VM that had never seen the product.

This example was taken from a package that included the PSF RegLegacyFixup (which is needed because without it the app won't store user options in the registry at all). The result shows in the details column of procmon that "Read, Write DAC" permissions were granted. Instead, the result should say that "Read/Write" permissions were granted, just like the call made against the parent key 6 lines previous.

aniket_banerjee · Answer

TIMOTHY_MANGAN
&nbsp;
Would it be possible for you to share the config.json for the PSF RegLegacyFixup? We can try to fix this manually. We'll share the fix if it works.

timothy_mangan · Answer

Best method would be to send you the package.  Give me a link to send it to you.

Forum Discussion

MSIX Runtime HKCU CreateKey

8 Replies

Resources