Hi piccolo,
In this instance it wasn't a rights issue - it was the NULL terminated key name.
I was hoping to modify the source code from Sysinternal's RegHide but my C skillz are so weak that I can't even get the original source to compile without a bunch of errors such as :
41 C:\RegHide\REGHIDE.C invalid conversion from `int (*)()' to `NTSTATUS (*)(void*, DWORD, OBJECT_ATTRIBUTES*, DWORD, UNICODE_STRING*, DWORD, long unsigned int*)'
So I guess I'll have to knock up a little MASM framework to do it in this coming weekend when I get some free time (hopefully!).
I'm aiming to base it on NtCreateKey and NtDeleteKey as per that source - since it appears the NtDeleteKey (according to the brief look I've had) relies on a handle being passed to it created by a successful call to NtCreateKey or NtOpenKey.
Damn my feeble C skills - its times like this that being entirely self taught shows that I had a poor teacher!
bb