Forum Discussion

TIMOTHY_MANGAN's avatar
May 29, 2020

Proposal for RegistryLegacyFixups

Sometimes older applications access the registry in ways that originally worked OK, but do not work under MSIX, and source code modification is not possible.

 

This is a proposal for adding a remediation for the failure by using a new Package Support Framework fixup that intercepts certain registry calls and modifies the call parameters to allow the application to function.

 

I am proposing to write and contribute this new fixup to the PSF myself, as outlined in this posting. Feedback is requested.

 

Summary:

  • This would be the first PSF fixup targeting the registry, outside of tracing.
  • The initial contribution would start with one simple remediation, but should prove to be expandable.
  • The fixup is not currently intended for redirection, only call parameter modification for things other than the path itself. This is because the PSF has no visibility to understand the application hive, and we don't know how to specify a remediated path (yet).
  • Multiple registry remediation types are anticipated, although this initial proposal specifies only the first. The structure of the configuration will support expanded remediation types. Each type can specify targeted items on the basis of regex pattern matching to the registry path.
  • Each remediation type has a name.
  • The first remediation type is called ModifyKeyAccess
    • Intercepts calls to open registry keys  (CreateKey variants)
    • Checks pattern match to see if of interest
    • Checks access request and modifies it as requested.
    • Supported access requeted/modified changes are (explained in documentation below):
      • Full2RW
      • Full2R
      • RW2R

Json Example:

The name of fixup element is "RegLegacyFixups". An example of the relevant config.json file processes section for the fixup is shown here:

...

"fixups": [

     {

         "dll": "RegLegacyFixups.dll",

         "config": [

               {

                     "type": "ModifyKeyAccess",

                     "remediation": [

                         {

                             "hive": "HKCU",

                              "patterns: [

                                  "^Software\\\\Vendor.*"

                               ],

                               "access":"Full2RW"

                        } ,

                         {

                             "hive": "HKLM",

                              "patterns: [

                                  "^SOFTWARE\\\\Vendor.*"

                               ],

                               "access":"RW2R"

                        }           

         

                    ]

            }

         ]

     }

]

...

 

RegistryLegacyFixups Json documentation:

 

dll

The value of "dll" is the name of the dll.   As per other fixups, it is permissible to reference the name excluding the bitness. Thus, nominally you may enter the value " RegLegacyFixup.dll" which will cause the PsfRuntime to attempt to inject either "RegLegacyFixups32.dll" or "RegLegacyFixups64.dll" as appropriate.

config

Array of remediations

type

Remediation type. The values supported are expected to expand over time, but at present only the value "ModifyKeyAccess" is supported. At this time there is no support for a ModifyValueAccess remediation type, although it is under consideration. Remediation types to cause redirection are NOT under consideration as the PSF might not be able to perform such requests.

ModifyKeyAccess

Name of the remediation type.

remediation

Array of remediation controls. The syntax of a control is dependent on the type of remediation.

 

For the ModifyKeyAccess type remediation, the control elements of the json are defined as:

hive

The value is either the string "HKLM" or "HKCU", representing HKEY_LOCALMACHINE or HKEY_CURRENTUSER. Control over other registry hives (such as the Application hive) or mappings (such as HKCR) are not available at this time.

patterns

An array of regex string patterns. The name of the registry key request relative to the hive name is matched against these patterns.

access

Identifies the type of control request (samdesired) to be modified and how it is to be modified. Currently supported values for this field include:

Full2RW - Modify any request for FULL_ACCESS to READ_WRITE

Full2R       - Modify any request for FULL_ACCESS to READ

RW2R     - Modify any request for READ_WRITE to READ

 

Example Application:

Name: instead

Version: 1.5.15.26 (latest available).

Source: free download from www.instedit.com

About: MSI Editing tool used by IT Pros to fix simple MSI installer issues.

Issue:

The app opens it's registry keys located under HKCU by opening the key requesting "FULL_ACCESS" (aka "STANDARD_RIGHTS_ALL"), although it only requires "READ_WRITE".  This can happen because developers sometimes copy/paste the sample code written in Microsoft documentation without fully thinking about what they really need.

 

The app functions correctly when installed natively on the latest Windows 10 builds when using the MSI installer.  This is because there is no issue in giving the app full access to the vendor HKCU based key, and even if it deleted the key or sub-elements it would only harm this app.

 

Under MSIX on certain operating systems (1903 and below), these permissions upon opening a key that is part of the package is not supported, even when under HKCU. So currently the MSIX runtime responds to this request with ACCESS_DENIED which breaks the app as the developer never experienced that call failing and does not handle the failure.

Remediation:

With the PSF RegistryLegacyFixups added to the package and configured for a ModifyKeyAccess remediation of type Full2RW, this call to open the key with FULL_ACCESS will be modified to only request READ_WRITE, so the call will succeed. As long as the app never attempts deletion, any read or write operations using this key should work. Should the app actually try to delete a registry item/key that is part of the package, that call would then fail.

 

Not Included:

At this time, the fixup only addresses modification to the samRequested parameter of certain Registry Key operations.  It does not impact registry item requests, nor does it address any redirection.  These might be supported in the future as a different Remediation type.

  • TIMOTHY_MANGAN  This functionality was included in Pull Request #145.  It has now been accepted into the Develop branch.  A few small changes in syntax and access types, you can check the readme.md on GitHub for final syntax.

Resources