Is there any API for C# (or C++) which allows for parsing ntuser.dat file which does not belong to a logged user (so that I cannot use regular registry API)?
+1
A:
No. Just load the hive and access it normally. You can use the RegLoadKey P/Invoke. C# has no native equivalent for this but since you're talking about the registry I don't think the P/Invoke will cause platform issues for you.
Billy ONeal
2010-03-12 16:18:25
But will he have permissions problems trying to access registry entries for other users?
Loadmaster
2010-03-12 16:25:08
Thanks - I did not know that the file can be just loaded by regular API.
Alex
2010-03-12 17:09:22
@Loadmaster: Of course there are permissions problems. There are going to be permissions issues getting to the ntuser.dat in the first place. I'm assuming Alex's solution assumes that the user running the process is an administrator.
Billy ONeal
2010-03-12 18:30:08