I am doing some work for a client, and realized that registry callbacks
have a limitation that I wonder if there is a way around. Since you get
the object pointer to the registry key, is there any way to determine if
a particular operation is part of a transaction? For instance:
ZwOpenKey(&h, … )
ZwOpenKeyTransacted(&ht, …
ZwDeleteKey( h, Key1 );
ZwDeleteKey( ht, Key2 );
ZwRollBackTransaction(…
Is there any way for the above to know that the ZwDeleteKey of Key2 was
canceled? Or in other words if I want to do an operation based on the
callback how do I know to enlist my operation into the transaction for
one ZwDeleteKey but not the other?
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
The REG_CREATE_KEY_INFORMATION notification class will reveal a possibly
related transaction object.You can track subsequent operations on the same
registry object to see if they are associated with that transaction (or
perform operations yourself).
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
>I am doing some work for a client, and realized that registry callbacks
>have a limitation that I wonder if there is a way around. Since you get
>the object pointer to the registry key, is there any way to determine if a
>particular operation is part of a transaction? For instance:
>
>
> ZwOpenKey(&h, … )
> ZwOpenKeyTransacted(&ht, …
> ZwDeleteKey( h, Key1 );
> ZwDeleteKey( ht, Key2 );
> ZwRollBackTransaction(…
>
> Is there any way for the above to know that the ZwDeleteKey of Key2 was
> canceled? Or in other words if I want to do an operation based on the
> callback how do I know to enlist my operation into the transaction for one
> ZwDeleteKey but not the other?
>
>
> Don Burn
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
>
>
Daniel,
How can I track subsequent operations to know if they are part of
the transaction? The callbacks for the operations other than Create and
Open do not indicate an associated transaction, and there is nothing
stopping a situation like I showed where there are two handles to one
key object one that is for the transaction and one that is not.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“xxxxx@resplendence.com” wrote in message
news:xxxxx@ntdev:
> The REG_CREATE_KEY_INFORMATION notification class will reveal a possibly
> related transaction object.You can track subsequent operations on the same
> registry object to see if they are associated with that transaction (or
> perform operations yourself).
>
> //Daniel
>
>
>
> “Don Burn” wrote in message news:xxxxx@ntdev…
> >I am doing some work for a client, and realized that registry callbacks
> >have a limitation that I wonder if there is a way around. Since you get
> >the object pointer to the registry key, is there any way to determine if a
> >particular operation is part of a transaction? For instance:
> >
> >
> > ZwOpenKey(&h, … )
> > ZwOpenKeyTransacted(&ht, …
> > ZwDeleteKey( h, Key1 );
> > ZwDeleteKey( ht, Key2 );
> > ZwRollBackTransaction(…
> >
> > Is there any way for the above to know that the ZwDeleteKey of Key2 was
> > canceled? Or in other words if I want to do an operation based on the
> > callback how do I know to enlist my operation into the transaction for one
> > ZwDeleteKey but not the other?
> >
> >
> > Don Burn
> > Windows Filesystem and Driver Consulting
> > Website: http://www.windrvr.com
> > Blog: http://msmvps.com/blogs/WinDrvr
> >
> >
> >
> >
> >
In a filesystem, subsequent opens to the same file will create handles to
different file objects. Are you sure the registry does not work the same way
and and registry key objects do not represent opened keys only, so that the
second open will create a handle to a different registry key object even
though it has the same path ? Because I am talking to you I am starting to
doubt now and will look this up.
//Daniel
“Don Burn” wrote in message news:xxxxx@ntdev…
> Daniel,
>
> How can I track subsequent operations to know if they are part of the
> transaction? The callbacks for the operations other than Create and Open
> do not indicate an associated transaction, and there is nothing stopping a
> situation like I showed where there are two handles to one key object one
> that is for the transaction and one that is not.
>
>
> Don Burn
> Windows Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
>
>
>
>
> “xxxxx@resplendence.com” wrote in message
> news:xxxxx@ntdev:
>
>> The REG_CREATE_KEY_INFORMATION notification class will reveal a possibly
>> related transaction object.You can track subsequent operations on the
>> same
>> registry object to see if they are associated with that transaction (or
>> perform operations yourself).
>>
>> //Daniel
>>
>>
>>
>> “Don Burn” wrote in message news:xxxxx@ntdev…
>> >I am doing some work for a client, and realized that registry callbacks
>> >have a limitation that I wonder if there is a way around. Since you get
>> >the object pointer to the registry key, is there any way to determine if
>> >a
>> >particular operation is part of a transaction? For instance:
>> >
>> >
>> > ZwOpenKey(&h, … )
>> > ZwOpenKeyTransacted(&ht, …
>> > ZwDeleteKey( h, Key1 );
>> > ZwDeleteKey( ht, Key2 );
>> > ZwRollBackTransaction(…
>> >
>> > Is there any way for the above to know that the ZwDeleteKey of Key2 was
>> > canceled? Or in other words if I want to do an operation based on the
>> > callback how do I know to enlist my operation into the transaction for
>> > one
>> > ZwDeleteKey but not the other?
>> >
>> >
>> > Don Burn
>> > Windows Filesystem and Driver Consulting
>> > Website: http://www.windrvr.com
>> > Blog: http://msmvps.com/blogs/WinDrvr
>> >
>> >
>> >
>> >
>> >
>
>
So it looks I was correct. You will need to duplicate a handle in order to
get a second handle to the same registry object. In your example h and ht
become two different handles to two different registry key objects even
though the paths are the same so you can track operations by registry key
object.
//Daniel
wrote in message news:xxxxx@ntdev…
> In a filesystem, subsequent opens to the same file will create handles to
> different file objects. Are you sure the registry does not work the same
> way and and registry key objects do not represent opened keys only, so
> that the second open will create a handle to a different registry key
> object even though it has the same path ? Because I am talking to you I am
> starting to doubt now and will look this up.
>
> //Daniel
>
>
>
> “Don Burn” wrote in message news:xxxxx@ntdev…
>> Daniel,
>>
>> How can I track subsequent operations to know if they are part of the
>> transaction? The callbacks for the operations other than Create and Open
>> do not indicate an associated transaction, and there is nothing stopping
>> a situation like I showed where there are two handles to one key object
>> one that is for the transaction and one that is not.
>>
>>
>> Don Burn
>> Windows Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>>
>>
>>
>>
>> “xxxxx@resplendence.com” wrote in message
>> news:xxxxx@ntdev:
>>
>>> The REG_CREATE_KEY_INFORMATION notification class will reveal a possibly
>>> related transaction object.You can track subsequent operations on the
>>> same
>>> registry object to see if they are associated with that transaction (or
>>> perform operations yourself).
>>>
>>> //Daniel
>>>
>>>
>>>
>>> “Don Burn” wrote in message news:xxxxx@ntdev…
>>> >I am doing some work for a client, and realized that registry callbacks
>>> >have a limitation that I wonder if there is a way around. Since you
>>> >get
>>> >the object pointer to the registry key, is there any way to determine
>>> >if a
>>> >particular operation is part of a transaction? For instance:
>>> >
>>> >
>>> > ZwOpenKey(&h, … )
>>> > ZwOpenKeyTransacted(&ht, …
>>> > ZwDeleteKey( h, Key1 );
>>> > ZwDeleteKey( ht, Key2 );
>>> > ZwRollBackTransaction(…
>>> >
>>> > Is there any way for the above to know that the ZwDeleteKey of Key2
>>> > was
>>> > canceled? Or in other words if I want to do an operation based on the
>>> > callback how do I know to enlist my operation into the transaction for
>>> > one
>>> > ZwDeleteKey but not the other?
>>> >
>>> >
>>> > Don Burn
>>> > Windows Filesystem and Driver Consulting
>>> > Website: http://www.windrvr.com
>>> > Blog: http://msmvps.com/blogs/WinDrvr
>>> >
>>> >
>>> >
>>> >
>>> >
>>
>>
>
>
>