[Bug 28729] New: EasyBCD: bcdedit complains about lack of privileges

Bug #: 28729 Summary: EasyBCD: bcdedit complains about lack of privileges Product: Wine Version: 1.3.29 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: andrea.lazzarotto@gmail.com Classification: Unclassified

I tried to use two softwares which make use of bcdedit.exe. Those are: EasyBCD - http://neosmart.net/dl.php?id=1 (free non-commercial version) Sardu - http://www.sarducd.it/

Both of them use bcdedit.exe in order to open bcd files, such as those present on Windows Recovery discs. In both cases I get the same error message, which should be this:

"Privilege not held" (my system is in Italian so I'm not sure about the exact words)

Of course Wine doesn't have a BCD file, but EasyBCD asks me if I want to open one and when I point it to the location I get the error.

-- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

15 Oct 15 Oct

11:11 a.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges

--- Comment #1 from Andrea Lazzarotto andrea.lazzarotto@gmail.com 2011-10-15 06:11:31 CDT --- Created attachment 36911 --> http://bugs.winehq.org/attachment.cgi?id=36911 EasyBCD output

wine-bugs＠winehq.org

7:02 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

http://technet.microsoft.com/en-us/library/cc731245.aspx

Anastasius Focht focht@gmx.net changed:

--- Comment #2 from Anastasius Focht focht@gmx.net 2011-10-15 14:02:57 CDT --- Hello,

BCD tool usage:

You can reproduce the problem without .NET gui, just call "bcdedit" (located in app "bin" folder) directly on your saved hive.

$ wine ./bcdedit.exe /store <your_bcd_store> /enum all

The tool uses native API to load and store binary registry hives.

Now we can stop right here ... Wine doesn't support the binary hive format of Windows.

Anyway, it might be still a valid bug regarding token privileges.

Relevant trace log:

--- snip --- ... 0009:Call ntdll.NtOpenThreadToken(fffffffe,00000028,00000001,0032fc94) ret=0101c1b2 0009: open_token( handle=fffffffe, access=00000028, attributes=00000000, flags=00000003 ) 0009: open_token() = NO_TOKEN { token=0000 } 0009:Ret ntdll.NtOpenThreadToken() retval=c000007c ret=0101c1b2 0009:Call ntdll.NtOpenThreadToken(fffffffe,00000028,00000000,0032fc94) ret=0101c1c1 0009: open_token( handle=fffffffe, access=00000028, attributes=00000000, flags=00000001 ) 0009: open_token() = NO_TOKEN { token=0000 } 0009:Ret ntdll.NtOpenThreadToken() retval=c000007c ret=0101c1c1 0009:Call ntdll.NtOpenProcessToken(ffffffff,00000028,0032fc94) ret=0101c1cd 0009: open_token( handle=ffffffff, access=00000028, attributes=00000000, flags=00000000 ) 0009: open_token() = 0 { token=0034 } 0009:Ret ntdll.NtOpenProcessToken() retval=00000000 ret=0101c1cd 0009:Call ntdll.NtAdjustPrivilegesToken(00000034,00000000,0032fc84,00000010,0032fc74,0032fca8) ret=0101c214 0009: adjust_token_privileges( handle=0034, disable_all=0, get_modified_state=1, privileges={{luid=0000000000000012,attr=2}} ) 0009: adjust_token_privileges() = 0 { len=0000000c, privileges={{luid=0000000000000012,attr=2}} } 0009:Ret ntdll.NtAdjustPrivilegesToken() retval=00000000 ret=0101c214 0009:Call ntdll.NtClose(00000034) ret=0101c24e 0009: close_handle( handle=0034 ) 0009: close_handle() = 0 0009:Ret ntdll.NtClose() retval=00000000 ret=0101c24e 0009:Call ntdll.RtlInitUnicodeString(0032fc94,01023934 L"ntdll.dll") ret=0101d0d5 0009:Ret ntdll.RtlInitUnicodeString() retval=00000012 ret=0101d0d5 0009:Call ntdll.LdrGetDllHandle(00000000,00000000,0032fc94,0032fca0) ret=0101d0e7 0009:Ret ntdll.LdrGetDllHandle() retval=00000000 ret=0101d0e7 0009:Call ntdll.RtlInitAnsiString(0032fc8c,010238f6 "NtLoadKey2") ret=0101d0f8 0009:Ret ntdll.RtlInitAnsiString() retval=0000000b ret=0101d0f8 0009:Call ntdll.LdrGetProcedureAddress(7ef40000,0032fc8c,00000000,0032fc9c) ret=0101d10b 0009:Ret ntdll.LdrGetProcedureAddress() retval=c000007a ret=0101d10b 0009:Call ntdll.NtLoadKey(0032fcf0,0032fcd8) ret=0101c182 0009:trace:reg:NtLoadKey (0x32fcf0,0x32fcd8) 0009: create_file( access=80000000, attributes=00000040, sharing=00000000, create=1, options=00000000, attrs=00000080, objattr={rootdir=0000,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/Program Files/NeoSmart Technologies/EasyBCD/bin/bcd" ) 0009: create_file() = 0 { handle=0034 } 0009: load_registry( hkey=0030, file=0034, name=L"BCD00000000" ) 0009: load_registry() = PRIVILEGE_NOT_HELD 0009: close_handle( handle=0034 ) 0009: close_handle() = 0 0009:Ret ntdll.NtLoadKey() retval=c0000061 ret=0101c182 0009:Call ntdll.NtClose(00000030) ret=0101ca15 0009: close_handle( handle=0030 ) 0009: close_handle() = 0 0009:Ret ntdll.NtClose() retval=00000000 ret=0101ca15 ... 0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00119e50 L"The boot configuration data store could not be opened.\r\n",ffffffff,00000000,00000000,00000000,00000000) ret=01010ab5 ... 0009:Call KERNEL32.FormatMessageW(00001300,01000000,00000522,00000000,0032fdd8,00000000,00000000) ret=01012127 ... 0009:Call KERNEL32.WideCharToMultiByte(000001b5,00000000,00119e10 L"Privilege not held\r\n",ffffffff,00000000,00000000,00000000,00000000) ret=01010ab5 ... --- snip ---

Although the tool adds SeRestorePrivilege token (luid=0000000000000012) using NtOpenProcessToken -> NtAdjustPrivilegesToken before the registry import operation it fails.

For some reason wineserver expects _both_, SeBackupPrivilege and SeRestorePrivilege present in process token. I don't know why SeBackupPrivilege is required for importing hives.

See: http://source.winehq.org/git/wine.git/blob/c65bcce5899ba81226295303ed3df73a7...

(second parameter of token_check_privileges() -> all_required = TRUE)

$ sha1sum EasyBCD\ 2.1.exe e8f1654b913aed4af6aacf09e7a44252217a7fe5 EasyBCD 2.1.exe

$ wine --version wine-1.3.30-152-g0096373

As already said above: even if the bug is fixed regarding token privs - the BCD tool won't work with Wine by design.

Regards

wine-bugs＠winehq.org

16 Oct 16 Oct

12:35 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

--- Comment #3 from Andrea Lazzarotto andrea.lazzarotto@gmail.com 2011-10-16 07:35:52 CDT --- Thank you very much for improving my bug submission. It was my first one so of course I wasn't sure about what to write. :)

Can you explain me why "the BCD tool won't work with Wine by design"? I'm not a Wine expert so I didn't get that one. Is it about the use of native API? Can I override some DLLs in order to fix the issue? Thank you.

wine-bugs＠winehq.org

15 Dec 15 Dec

8:22 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

Saulius K. saulius2@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |saulius2@gmail.com

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

22 Oct 22 Oct

4:52 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

tormen quickhelp@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |quickhelp@gmail.com

--- Comment #4 from tormen quickhelp@gmail.com --- Created attachment 52629 --> https://bugs.winehq.org/attachment.cgi?id=52629 EasyBCD v2.3 (free for personal usage): "Priviledge not held." Error message

Hi.

I just ran - I think - in this problem.

Is there a chance that this might get fixed or is it hopeless ?

Anything that I can do to help (except code the necessary wine changes) ?

Thanks a lot in advance,

Tormen

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11:13 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello tormen,

--- quote --- Is there a chance that this might get fixed or is it hopeless ? --- quote ---

the privilege check - yes.

The other part - that is Wine supporting and using the Windows binary registry hive format is unlikely going to happen for various reasons.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

15 Nov 15 Nov

4:42 a.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

Sebastian Lackner sebastian@fds-team.de changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

16 Nov 16 Nov

5 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

--- Comment #6 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Anastasius Focht from comment #2)

For some reason wineserver expects _both_, SeBackupPrivilege and SeRestorePrivilege present in process token. I don't know why SeBackupPrivilege is required for importing hives.

MSDN says it would require both, but tests show this is wrong. The privilege check issue should be fixed after http://source.winehq.org/git/wine.git/patch/96f4f53937915955063865d2949265d8.... Do you want to open a new bug report for the remaining issue (support for binary registry format), or do you think its a WONTFIX?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:36 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

Anastasius Focht focht@gmx.net changed:

--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,

this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/96f4f53937915955063865d294...

Thanks Sebastian

--- quote --- Do you want to open a new bug report for the remaining issue (support for binary registry format), or do you think its a WONTFIX? --- quote ---

There are already some bugs from the past that kind of touched the area of binary registry hives:

* bug 4001 (BartPE) * bug 19324 (ubcd4win) * bug 22124 (BartPE) * ...

Most of them were closed 'WONTFIX' or 'INVALID' with rather unspecific conclusion. The actual reasons for the tickets were likely real bugs, not related to missing binary registry hive support.

We could create a new collector bug which explicitly deals with the support but I think it will stay for a long time, if not forever (hence WONTFIX would be appropriate).

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

7:24 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

--- Comment #8 from Saulius K. saulius2@gmail.com --- (In reply to Anastasius Focht from comment #7)

Hello folks,

--- quote --- Do you want to open a new bug report for the remaining issue (support for binary registry format), or do you think its a WONTFIX? --- quote ---

There are already some bugs from the past that kind of touched the area of binary registry hives:

bug 4001 (BartPE)

bug 19324 (ubcd4win)

bug 22124 (BartPE)

...

Most of them were closed 'WONTFIX' or 'INVALID' with rather unspecific conclusion.

The actual reasons for the tickets were likely real bugs, not related to missing binary registry hive support.

I'd say conclusion in bug 29529 was very strighforward:

(Vitaliy Margolen from comment #1)

Wine does not support native binary registry hives. And there are no plans to support it in the future.

So:

We could create a new collector bug which explicitly deals with the support

I would go for that (or just reopen bug 29529).

[07]http://libguestfs.org/hivex.3.html#description [08]https://www.redhat.com/archives/libguestfs/2014-October/msg00235.html [09]https://code.pinguin.lu/file/data/tphsilqyznescmu7ryyu/PHID-FILE-t3l35dqhthp... [10]https://www.pinguin.lu/fred [11]https://code.pinguin.lu/diffusion/FRED/browse/master/trunk/

but I think it will stay for a long time, if not forever (hence WONTFIX would be appropriate).

Wine probably could use hivex/libhivex [7], especialy given that NeoSmart developers test it by contacting author itself, Richard W.M. Jones [8].

Then I see libhivex mentioned in the changelog [9] of fred -- cross-platform Forensic Registry EDitor [10]. I just found it's source but haven't looked at it yet: [11].

It seems hivex/libhivex is covered by LPGL, while fred uses GPL.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

20 Nov 20 Nov

1:50 p.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #9 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.8-rc1.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

25 Jul 25 Jul

11:05 a.m.

New subject: [Bug 28729] EasyBCD: bcdedit complains about lack of privileges (import of registry hive using native API fails/wineserver token privilege check)