On Windows Vista+ the BCD boot data is stored in the registry under HKEY_LOCAL_MACHINE\BCD00000000. The BCDEDIT command line tool just presents that data in a readable fashion.
So, theoretically, any user-programmed application that runs as an Administrator should be able to edit that store in the same way as BCDEDIT.EXE, correct?
DWORD result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("BCD00000000\\Objects\\..."), 0, KEY_SET_VALUE, &hKey);
Yet, when I run this (under the Administrator account), the value of result is 0x5 (access denied).
Is there something I'm missing here, or is there just no way to write an application that can programmatically edit the BCD data without calling BCDEDIT?
The only two ways of editing Windows BCD programmatically are:
A BCD is stored in registry file format and the "system" BCD is mapped to HKLM\BCD00000000.
A BCD is a collection of objects (loaders/applications, settings, device objects).
Editing of BCD objects is not possible in the general case when not using the above mentioned methods because the structure of BCD objects can be pretty complex (for example vhd loader).
An example of a tool using BCD WMI provider programmatically is Visual BCD Editor - a complete BCD editor (other BCD tools can edit only parts of BCD and only simple objects, they fail on more complex objects).
Exploring any BCD shows that the most complex structures in BCD are device elements (part of any loader). Device elements are true objects and editing is not possible unless their exact structure is known or using well defined access functions (from WMI BCD Provider).