Service Key Values Question

I observe that some of the service keys have additional information in them which I am not aware of. Here are some examples.

DisplayName REG_SZ @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
What does that number -1000 mean?

Also, many have an additional subkey called Security with a value
Security REG_BINARY

What does that do?

It’s a resource reference. That means “string resource 1000 in the DLL Wdf01000.sys”. If you open the binary in Visual Studio, you’ll see that it is “Kernel Mode Driver Frameworks service”. The same notation is commonly used to point to icons.

Also, many have an additional subkey called Security with a value Security REG_BINARY
These are binary security descriptors of service objects. SDs of files and registry keys are persisted on disk with these objects. Service objects are volatile and their SD are persisted in these binary values.
– pa

@Pavel_A said:

Also, many have an additional subkey called Security with a value Security REG_BINARY
These are binary security descriptors of service objects. SDs of files and registry keys are persisted on disk with these objects. Service objects are volatile and their SD are persisted in these binary values.
– pa

Thanks Pavel. How does one go about setting them? I assume it is through the INF? Is there a way to set it if a driver is installed using CreateService?

@Tim_Roberts said:
It’s a resource reference. That means “string resource 1000 in the DLL Wdf01000.sys”. If you open the binary in Visual Studio, you’ll see that it is “Kernel Mode Driver Frameworks service”. The same notation is commonly used to point to icons.

Thanks Tim.

How does one go about setting them? I assume it is through the INF?

Yes, in AddService section:
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-addservice-directive

Is there a way to set it if a driver is installed using CreateService?

For example, sc sdset

– pa