Hi Pavel,
Hmmm… My browser locked up … Sorry for the junk “sss” message…
The registry scanning function that I have created is based on our company’s software requirements… I am not specifically interested in the HKEY_PERFORMANCE_DATA key, except that when the scanner recursively processes HKEY_LOCAL_MACHINE\SOFTWARE, it hits the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 key, and fails. I can catch the error and ignore it, but then this key’s name, last write date, security attributes, and values are lost. Since this scanning function may become part of a backup application, I cannot just discard information.
So… I am kind of stuck… Right now, so I can continue my development work, I catch this error, and log it. I’ve run our scanner on several computers with various versions of Windows, and it works great except for this performance key… This key is the only item that generates an error status.
I haven’t found anything on MSDN that says that I cannot ZwQueryKey() this key in kernel mode. My Management/Bosses will not permit me to just ignore this key unless I find something from Microsoft saying that it is not possible to get the required information in kernel mode.
So… I am kind of stuck… Someone must have hit this issue and resolved it… I still wonder whether this issue isn’t about the query failing because it is a special key, but rather that it is failing because the values in the key are improper… I’ve looked at the Counter and Help lists, and they have two empty items at the end, which is a corruption that has been discussed by users rather than developers. I think that I am going to try to correct the corruption and see if it helps… Arggg… Nothing like being stuck at 99.9999999% done!!!
Mike