Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Service Key Values Question

AlbertAlbert Member - All Emails Posts: 450

I observe that some of the service keys have additional information in them which I am not aware of. Here are some examples.

DisplayName REG_SZ @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
What does that number -1000 mean?

Also, many have an additional subkey called Security with a value
Security REG_BINARY

What does that do?

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,641

    It's a resource reference. That means "string resource 1000 in the DLL Wdf01000.sys". If you open the binary in Visual Studio, you'll see that it is "Kernel Mode Driver Frameworks service". The same notation is commonly used to point to icons.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Pavel_APavel_A Member Posts: 2,741
    edited October 2

    Also, many have an additional subkey called Security with a value Security REG_BINARY

    These are binary security descriptors of service objects. SDs of files and registry keys are persisted on disk with these objects. Service objects are volatile and their SD are persisted in these binary values.
    -- pa

  • AlbertAlbert Member - All Emails Posts: 450

    @Pavel_A said:

    Also, many have an additional subkey called Security with a value Security REG_BINARY

    These are binary security descriptors of service objects. SDs of files and registry keys are persisted on disk with these objects. Service objects are volatile and their SD are persisted in these binary values.
    -- pa

    Thanks Pavel. How does one go about setting them? I assume it is through the INF? Is there a way to set it if a driver is installed using CreateService?

    @Tim_Roberts said:
    It's a resource reference. That means "string resource 1000 in the DLL Wdf01000.sys". If you open the binary in Visual Studio, you'll see that it is "Kernel Mode Driver Frameworks service". The same notation is commonly used to point to icons.

    Thanks Tim.

  • Pavel_APavel_A Member Posts: 2,741
    edited October 3

    How does one go about setting them? I assume it is through the INF?

    Yes, in AddService section:
    https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-addservice-directive

    Is there a way to set it if a driver is installed using CreateService?

    For example, sc sdset

    -- pa

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE