Registry - Hiding important values

dazinith

can someone tell me where the best place to store permanent keys? Basicly i have some keys which i dont want my user to easily find.. and i dont want them to be removed if the user uninstalls, but it has to be a location that will exist on all windows machines.. any suggestions? -dz

ttzzgg_80713

if u want to hide some info.why not use some xx.xml or xx.ini file. and hide it in a special dir when first time run app.

Navin

dazinith wrote: and i dont want them to be removed if the user uninstalls, Hope you never have to get your app logo'd or certified. Even if you win the rat race, you're still a rat.

dazinith

when i uninstall a trial version of snagit and reinstall it it knows that my evaluation copy is still up.. thats what im trying to implement, so it would have to be a registry key or file.. ive traced how some programs do it.. and they add keys into paths im not familiar with such as: HKEY_USERS\S-1-5-21-842925246-789336058-1202660629-500\Software\... i know that alot of trial software stores keys in hidden or secure places to keep ppl from just uninstalling and reinstalling all the time.. i dont want to use a file because id have to pick a location which would exist on every machine.. just asking for suggestions if anyone is familiar.. -dz

ttzzgg_80713

u can generate a password from some hardware, and store these, that's unique

Scott H Settlemier

A nice place to put something that shouldn't stomp on others may be under HKEY_CLASSES_ROOT\CLSID -- just generate a GUID and add an entry just as some control of yours might. If you wanna be legit and all, actually make a control to go along with it... Almost no user will wanna wade through those pages of hexadecimal psychedelia, so it's pretty obscure there. Just hope they don't do a diff on registry backups to see what your installation has setup.

Navin

dazinith wrote: HKEY_USERS\S-1-5-21-842925246-789336058-1202660629-500\Software\... Those are user-specifc keys. I bet if you look under HKEY_CURRENT_USER, with the right user account, they'll show up right there in plain view. You could use the HKEY_CLASSES_ROOT\AppID or HKEY_CLASSES_ROOT\CLSID subtrees, those are generally for COM objects and stuff. But if you come up with a GUID (use GUIDGEN) you might be able to make use of it. OF course, if you are running on NT/2000/XP, the user isntalling your stuff may or may not have permissions to get to certain registry locations. Even if you win the rat race, you're still a rat.

Navin

Right, make sure you use GUIDGEN to get your GUID, though. That guarantees that it is unique. :) Even if you win the rat race, you're still a rat.

Martin Ziacek

Have you seen Registry monitor?

Daniel Lohmann

I don't think, that there is a way to really hide a key in the registry. However, you can make it a hell to find and/or delete your key: 1) Create an COM-GUID like entry under HKLM/Software/Classes. That's difficult to find and only very few users will dare to delete such a key. 2) If you app runs with SYSTEM privileges (like a service) you can create the key under HKLM\Security. This key is usually even not readable by Admins (but of course, they could take ownership or run RegEdit as SYSTEM). However most users would give up here. 3) And last: The really, really, really bad trick (only an idea): Use NT's native API to create the registry key. At the native side NT passes all character arrays as UNICODE_STRING structures. These contain a *not* 0-terminated WCHAR buffer and a field for the actual lenght of the string. Using this, it should be possible to create a registry key that contains a 0 character in the middle of its name :omg: Even if the user is able to find this key, it would not be possible to delete it via the Win32 API calls used by RegEdit and co - you can't pass them this ugly name ;P -- Daniel Lohmann http://www.losoft.de