GetNamedSecurityInfo fails for registry key where GetSecurityInfo succeeds

Question

I have a registry key ACL reading request like this:

PACL dacl = NULL;
PSECURITY_DESCRIPTOR secDesc = NULL;
if (GetNamedSecurityInfoW(L"HKEY_CURRENT_USER\\SOFTWARE\\SomeSoftware\\SomeKey", SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &secDesc) != ERROR_SUCCESS)
{ /*... */ }

And it fails with error 87, invalid parameter. However, if I use

HKEY handle;
DWORD Ret = RegOpenKeyExW(HKEY_CURRENT_USER, L"SOFTWARE\\SomeSoftware\\SomeKey", 0, KEY_ALL_ACCESS, &handle);
if (Ret != ERROR_SUCCESS) { /* ... */ }

DWORD secDescSize = 4096;
secDesc = LocalAlloc(LMEM_FIXED, secDescSize);
Ret = (DWORD)RegGetKeySecurity(handle, DACL_SECURITY_INFORMATION, secDesc, &secDescSize);
if (Ret != ERROR_SUCCESS) { /* ... */ }

RegOpenKey() and RegGetKeySecurity() succeed, and running GetSecurityDescriptorDacl() on the result of RegGetKeySecurity() also works.

This code works fine for SE_FILE_OBJECT and reading a directory's ACL.
This code is inside a 32-bit DLL in a 32-bit app in Windows 10 Pro 64-bit. I'm targeting XP and above, using Visual Studio 2019 Preview.

Anything I could have missed in parameter validation?

Answer 1

L"HKEY_CURRENT_USER\\SOFTWARE\\SomeSoftware\\SomeKey" is not a valid object name for GetNamedSecurityInfoW(). Read the SE_OBJECT_TYPE documentation for the proper format to use for a registry key:

SE_REGISTRY_KEY

Indicates a registry key. A registry key object can be in the local registry, such as CLASSES_ROOT\SomePath or in a remote registry, such as \\ComputerName\CLASSES_ROOT\SomePath.

The names of registry keys must use the following literal strings to identify the predefined registry keys: "CLASSES_ROOT", "CURRENT_USER", "MACHINE", and "USERS".

Try L"CURRENT_USER\\SOFTWARE\\SomeSoftware\\SomeKey" instead.