How to Read REG_BINARY type Value From the Reg ??? - RTLQueryRegistryValues Fails ????

NTDEV
1

How to Read REG_BINARY type Value From the Reg ???

Hello,

Reading the Binary form value from the Registry fails with the Error…

“The Data Area Passed to A System Call is Too Small”…

Cld anyone suggest the way out…plz…

Here the code which Fails…

i.e…

…Other…Declarations…

BYTE StartingCode[64];

queryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
queryTable[0].Name = L"StartingCode";
queryTable[0].EntryContext =&StartingCode;
queryTable[0].DefaultType = REG_BINARY;
queryTable[0].DefaultData = &Zero;
queryTable[0].DefaultLength=sizeof(StartingCode);

Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE | RTL_REGISTRY_OPTIONAL,
pathToRead,
&queryTable[0],
NULL,
NULL);

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

I gave up trying to get RtlQuery to work on binary keys. I spent quite a
while on it (as well as some members of this list). I do it the following
way now (which works fine for me)

NTSTATUS Reg_GetBinaryKey(
IN PUNICODE_STRING RegistryPath,
IN PWCHAR Key,
OUT PVOID *Buffer,
OUT PVOID *Handle
)
{
NTSTATUS Status;
PVOID KeyHandle;
OBJECT_ATTRIBUTES ObjAttr;

*Buffer = NULL;

InitializeObjectAttributes(&ObjAttr,RegistryPath,OBJ_CASE_INSENSITIVE,NULL,N
ULL);
Status = ZwOpenKey( &KeyHandle, KEY_ALL_ACCESS, &ObjAttr );

if(NT_SUCCESS(Status)) {
ULONG DataSize=sizeof(KEY_VALUE_FULL_INFORMATION);
KEY_VALUE_FULL_INFORMATION Size;
KEY_VALUE_FULL_INFORMATION *Data;

Status = QueryValue(KeyHandle,Key,&Size,&DataSize);
if(Status==STATUS_BUFFER_OVERFLOW) {
Data = (KEY_VALUE_FULL_INFORMATION
*)ExAllocatePoolWithTag(PagedPool,DataSize,REGISTRYTAG);
if(Data) {
PCHAR BinData;
Status = QueryValue(KeyHandle,Key,Data,&DataSize);
if(NT_SUCCESS(Status)) {
BinData=((PCHAR)Data)+Data->DataOffset;
Debug(DEBUG_REG,(“Reg_GetBinaryKey: Data offset=%08x, size = %08x,
buffer=%08x\n”,Data->DataOffset,Data->DataLength,BinData));
*Buffer=BinData;
*Handle=Data;
} else {
Debug(DEBUG_REG,(“Reg_GetBinaryKey: Error %08x getting binary value
from registry\n”,Status));
}
} else {
Status = STATUS_INSUFFICIENT_RESOURCES;
Debug(DEBUG_REG,(“Reg_GetBinaryKey: out of memory\n”,Status));
}
}
ZwClose(KeyHandle);
} else {
Debug(DEBUG_REG,(“Reg_GetBinaryKey: Error %08x opening key\n”,Status));
}
return Status;
}

void Reg_FreeBinary( PVOID Handle )
{
ExFreePool(Handle);
return;
}

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of e_somasundaram
Sent: Thursday, November 15, 2001 1:38 PM
To: NT Developers Interest List
Subject: [ntdev] How to Read REG_BINARY type Value From the Reg ??? -
RTLQueryRegistryValues Fails ???

How to Read REG_BINARY type Value From the Reg ???

Hello,

Reading the Binary form value from the Registry fails with the Error…

“The Data Area Passed to A System Call is Too Small”…

Cld anyone suggest the way out…plz…

Here the code which Fails…

i.e…

…Other…Declarations…

BYTE StartingCode[64];

queryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
queryTable[0].Name = L"StartingCode";
queryTable[0].EntryContext =&StartingCode;
queryTable[0].DefaultType = REG_BINARY;
queryTable[0].DefaultData = &Zero;
queryTable[0].DefaultLength=sizeof(StartingCode);

Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE |
RTL_REGISTRY_OPTIONAL,
pathToRead,
&queryTable[0],
NULL,
NULL);

You are currently subscribed to ntdev as: xxxxx@cdp.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

>You need to give more information than this. What is the definition of

Zero? What is definition of pathToRead?

ULONG Zero=0;
UNICODE_STRING pathToRead;
RtlInitUnicodeString(pathToRead,RegPath…+ “\Paramters”);

Now hope u may be able to help me out…

Bye

Somasundaram

----- Original Message -----
From:
To: “NT Developers Interest List”
Sent: Friday, November 16, 2001 1:59 AM
Subject: [ntdev] Re: How to Read REG_BINARY type Value From the Reg ??? -
RTLQueryRegistryValues Fails ???

You need to give more information than this. What is the definition of
Zero? What is definition of pathToRead?

I never have understood the usage of RtlQueryRegistryValues, maybe because
I haven’t understood the point.

You can use ZwEnumerateValueKey to get the name, type, and data from each
value in a key. If you already know the exact value name, use
ZwQueryValueKey to get it directly.

Phil
Philip D. Barila xxxxx@Seagate.com
Seagate Technology (720) 684-1842

“e_somasundaram” @lists.osr.com on 11/15/2001 11:38:09
AM

Please respond to “NT Developers Interest List”

Sent by: xxxxx@lists.osr.com

To: “NT Developers Interest List”
cc:

Subject: [ntdev] How to Read REG_BINARY type Value From the Reg ??? -
RTLQueryRegistryValues Fails ???

How to Read REG_BINARY type Value From the Reg ???

Hello,

Reading the Binary form value from the Registry fails with the Error…

“The Data Area Passed to A System Call is Too Small”…

Cld anyone suggest the way out…plz…

Here the code which Fails…

i.e…

…Other…Declarations…

BYTE StartingCode[64];

queryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
queryTable[0].Name = L"StartingCode";
queryTable[0].EntryContext =&StartingCode;
queryTable[0].DefaultType = REG_BINARY;
queryTable[0].DefaultData = &Zero;
queryTable[0].DefaultLength=sizeof(StartingCode);

Status = RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE |
RTL_REGISTRY_OPTIONAL,
pathToRead,
&queryTable[0],
NULL,
NULL);




You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@hotmail.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com