Hello,
While investigating the newly introduced callback interface for registry I
encountered next situation on Win2k3 x64 bit machine:
Callback function when called for preprocessing of registry key open\create
requests often contain partial\inconsistent information in CompleteName
field.
Sometimes the field indeed have full name for registry key being
opened\created, sometimes it have only part of the name( last part of key
usually).
I’m looking for solution that will give me full registry key path being
opened\created and, if possible, access mask being used during the
operation.
Thanks,
Alex.
The CompleteName is ‘relative to the object that the RootObject member
points to.’ There are many ways to resolve the rootkey or otherwise get a
full path, like ObQueryNameString and ZwQueryObject.
/Daniel
“Alex Korthny” wrote in message news:xxxxx@ntdev…
> Hello,
>
> While investigating the newly introduced callback interface for registry I
> encountered next situation on Win2k3 x64 bit machine:
> Callback function when called for preprocessing of registry key
> open\create requests often contain partial\inconsistent information in
> CompleteName field.
> Sometimes the field indeed have full name for registry key being
> opened\created, sometimes it have only part of the name( last part of key
> usually).
>
> I’m looking for solution that will give me full registry key path being
> opened\created and, if possible, access mask being used during the
> operation.
>
> Thanks,
> Alex.
>
>
Unfortunately, in context of open\create( not the “Ex” version of those
callbacks ) callback call the only data avail is next:
typedef struct _REG_PRE_CREATE_KEY_INFORMATION {
PUNICODE_STRING CompleteName;
} REG_PRE_CREATE_KEY_INFORMATION, *PREG_PRE_CREATE_KEY_INFORMATION;
typedef struct _REG_PRE_CREATE_KEY_INFORMATION {
PUNICODE_STRING CompleteName;
} REG_PRE_CREATE_KEY_INFORMATION, REG_PRE_OPEN_KEY_INFORMATION,
*PREG_PRE_OPEN_KEY_INFORMATION;
I think that I’ll switch to use “Ex” versions only and will query
RootObject…
Thanks!
Alex.
“Daniel Terhell” wrote in message
news:xxxxx@ntdev…
> The CompleteName is ‘relative to the object that the RootObject member
> points to.’ There are many ways to resolve the rootkey or otherwise get a
> full path, like ObQueryNameString and ZwQueryObject.
>
> /Daniel
>
>
> “Alex Korthny” wrote in message news:xxxxx@ntdev…
>> Hello,
>>
>> While investigating the newly introduced callback interface for registry
>> I encountered next situation on Win2k3 x64 bit machine:
>> Callback function when called for preprocessing of registry key
>> open\create requests often contain partial\inconsistent information in
>> CompleteName field.
>> Sometimes the field indeed have full name for registry key being
>> opened\created, sometimes it have only part of the name( last part of key
>> usually).
>>
>> I’m looking for solution that will give me full registry key path being
>> opened\created and, if possible, access mask being used during the
>> operation.
>>
>> Thanks,
>> Alex.
>>
>>
>
>
>
Win2K3 returns a REG_CREATE_KEY_INFORMATION structure. This structure
contains a pointer to the root object. You need to wait for Vista to get the
access mask.
Bill Wandel
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Alex Korthny
Sent: Thursday, February 15, 2007 2:20 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] CmRegisterCallback problems.
Hello,
While investigating the newly introduced callback interface for registry I
encountered next situation on Win2k3 x64 bit machine:
Callback function when called for preprocessing of registry key open\create
requests often contain partial\inconsistent information in CompleteName
field.
Sometimes the field indeed have full name for registry key being
opened\created, sometimes it have only part of the name( last part of key
usually).
I’m looking for solution that will give me full registry key path being
opened\created and, if possible, access mask being used during the
operation.
Thanks,
Alex.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer