Hidden Registry Keys/Values

Question

After reading this post on SO I tried to write a small app I need to read and write hidden registry keys/values.
I checked Registry Manipulation using NT Native APIs and Creating "Hidden" Registry Values links.
First one gave me something to work on, but it's written in C++ while second is a Delphi project working well.
I am not able to convert first and I could try to convert second, but I'd need to find some code to read keys/values too. For this reason I'd like to know if there's something "ready" and tested in C#.
I've also downloaded Proces Hacker v1.11 source code and used it to partially convert Delphi example as shown below, but hidden registry key is accessible (while in Delphi it wasn't) and there are not APIs to write values.

static void Main(string[] args)
{
    string KeyNameBuffer = @"\Registry\User\S-1-5-21-3979903645-2167650815-2353538381-1001\SOFTWARE";
    string NewKeyNameBuffer = "Systems Internals";
    string HiddenKeyNameBuffer = "Can't touch me\0";
    string HiddenValueNameBuffer = "Hidden Value";

    // Apro la chiave di registro
    IntPtr SoftwareKeyHandle = CreateKey(KeyNameBuffer, IntPtr.Zero);
    if (SoftwareKeyHandle != IntPtr.Zero)
    {
        IntPtr SysKeyHandle = CreateKey(NewKeyNameBuffer, SoftwareKeyHandle);
        if (SysKeyHandle != IntPtr.Zero)
        {        
            // This key shouldn't be accessible, but it is            
            IntPtr HiddenKeyHandle = CreateKey(HiddenKeyNameBuffer, SysKeyHandle);
            if (HiddenKeyHandle != IntPtr.Zero)
            {
                // I don't have APIs to write values
            }
        }
    }
}

static IntPtr CreateKey(string keyName, IntPtr rootKey)
{
    IntPtr res;
    KeyCreationDisposition disp;
    ObjectAttributes attributes = new ObjectAttributes(keyName,
        ObjectFlags.CaseInsensitive, 
        new NativeHandle(rootKey));
    NtStatus st = Win32.NtCreateKey(out res, KeyAccess.All, 
        ref attributes, 0, 
        IntPtr.Zero, RegOptions.NonVolatile, out disp);
    return st == NtStatus.Success ? res : IntPtr.Zero;
}

Finally: from Vista on, you cannot write \Registry\Machine part if you're not running your app as Administrator, so in the example I used my user registry key. Is there a way to us native APIs to write that part of the registry if I need to store a per-machine value?

Answer 1

If you want it in HKLM and privileges don't let you, it doesn't matter which API layer you're using, Reg* functions of Nt* ones - it won't let you do that with access denied error.