I am looking at a driver for a client that uses CmRegisterCallbackEx and
I need to know what kernel or user calls generate a callback with
RegNtPreRenameKey. I don’t know of any kernel or user space calls to
rename a registry key. Unfortunately to do things right I need a way to
recreate this call in both kernel and user space.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Was wondering the same thing a few years back 
Came across no docs then, but found this later on:
http://msdn.microsoft.com/en-us/library/cc512138(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/cc512139(v=vs.85).aspx
They aren’t public APIs, but do exist nonetheless.
Dejan.
Don Burn wrote:
I am looking at a driver for a client that uses CmRegisterCallbackEx and
I need to know what kernel or user calls generate a callback with
RegNtPreRenameKey. I don’t know of any kernel or user space calls to
rename a registry key. Unfortunately to do things right I need a way to
recreate this call in both kernel and user space.Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
Have you tried to rename a key in Win7 regedit?
IIRC I’ve seen this callback in Win7 RC (did not return to this sort of projects since then).
Regards,
– pa
Don,
NtRenameKey is the call. There is no ZwRenameKey. Regedit definitely uses it
since Vista. I have also written a simple user app that uses the call. I am
pretty sure that the call was added in XP.
Bill Wandel
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Saturday, September 03, 2011 5:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] What operations cause a RegistryCallback with
RegNtPreRenameKey
I am looking at a driver for a client that uses CmRegisterCallbackEx and I
need to know what kernel or user calls generate a callback with
RegNtPreRenameKey. I don’t know of any kernel or user space calls to
rename a registry key. Unfortunately to do things right I need a way to
recreate this call in both kernel and user space.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer