IoOpenDeviceRegistryKey question

NTDEV
1

OS: Windows 2000 Sp4 Checked

During processing IRP_MN_START I call IoOpenDeviceRegistryKey which returns
STATUS_SUCCESS and
returns HANDLE of key with strange object name. I start debugging and find
out that ZwOpenKey “fails”. It was called with OBJECT_ATTRIBUTES with
OBJ_KERNEL_HANDLE.

And now 2 situations:

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING
RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
HANDLE hRegistryKey = 0;
OBJECT_ATTRIBUTES objectAttributes;

InitializeObjectAttributes( &objectAttributes,
RegistryPath,
OBJ_CASE_INSENSITIVE | OBJ_OPENIF | OBJ_KERNEL_HANDLE,
0,
0
);
Status = ZwOpenKey( &hRegistryKey, KEY_READ, &objectAttributes );

}

We receive strange hRegistryKey

!handle 0x80000048
processor number 0
PROCESS fbb57b60 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: fbb7d5a8 TableSize: 24.
Image: System

Handle Table at e1004000 with 24 Entries in use
80000048: Object: e1308ec0 GrantedAccess: 0002001f
Object: e1308ec0 Type: (fbb53708) Key
ObjectHeader: e1308ea8
HandleCount: 1 PointerCount: 1
Directory Object: 00000000 Name:
\REGISTRY\MACHINE\HARDWARE\DEVICEMAP\SCSI\Scsi Port 1\Scsi Bus 0

  1. Now without OBJ_KERNEL_HANDLE

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING
RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
HANDLE hRegistryKey = 0;
OBJECT_ATTRIBUTES objectAttributes;

InitializeObjectAttributes( &objectAttributes,
RegistryPath,
OBJ_CASE_INSENSITIVE | OBJ_OPENIF
0,
0
);
Status = ZwOpenKey( &hRegistryKey, KEY_READ, &objectAttributes );

}

Our key!!!:

!handle 0x00000068
processor number 0
PROCESS fbb57b60 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: fbb7d5a8 TableSize: 25.
Image: System

Handle Table at e1004000 with 25 Entries in use
0068: Object: e137bcc0 GrantedAccess: 00020019
Object: e137bcc0 Type: (fbb53708) Key
ObjectHeader: e137bca8
HandleCount: 1 PointerCount: 1
Directory Object: 00000000 Name:
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ZZZ

Questions:

  1. What happening? .
  2. If OBJ_KERNEL_HANDLE is guilty, how can I use IoOpenDeviceRegistryKey
    which uses OBJ_KERNEL_HANDLE?
2

What’s strange about it? That’s what IoOpenDeviceRegistryKey is supposed to
do. It opens the device key, not the driver service key. These are two
totally separate things.

For example, if your driver is a driver for Ethernet controllers, and the
machine has 2 Ethernet controllers installed (that are bound to your
driver), then you will have 1 service key, but 2 DIFFERENT device keys.

This is all by design. Read the docs on IoOpenDeviceRegistryKey. Also take
note of the PLUGPLAY_REGKEY_DRIVER and PLUGPLAY_REGKEY_DEVICE flags. Also,
read the “Driver Information in the Registry” article in the DDK.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Boris Nikitin
Sent: Wednesday, December 14, 2005 3:04 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] IoOpenDeviceRegistryKey question

OS: Windows 2000 Sp4 Checked

During processing IRP_MN_START I call IoOpenDeviceRegistryKey which returns
STATUS_SUCCESS and returns HANDLE of key with strange object name. I start
debugging and find out that ZwOpenKey “fails”. It was called with
OBJECT_ATTRIBUTES with OBJ_KERNEL_HANDLE.

And now 2 situations:

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING
RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
HANDLE hRegistryKey = 0;
OBJECT_ATTRIBUTES objectAttributes;

InitializeObjectAttributes( &objectAttributes,
RegistryPath,
OBJ_CASE_INSENSITIVE | OBJ_OPENIF | OBJ_KERNEL_HANDLE,
0,
0
);
Status = ZwOpenKey( &hRegistryKey, KEY_READ, &objectAttributes ); …
}

We receive strange hRegistryKey

!handle 0x80000048
processor number 0
PROCESS fbb57b60 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: fbb7d5a8 TableSize: 24.
Image: System

Handle Table at e1004000 with 24 Entries in use
80000048: Object: e1308ec0 GrantedAccess: 0002001f
Object: e1308ec0 Type: (fbb53708) Key
ObjectHeader: e1308ea8
HandleCount: 1 PointerCount: 1
Directory Object: 00000000 Name:
\REGISTRY\MACHINE\HARDWARE\DEVICEMAP\SCSI\Scsi Port 1\Scsi Bus 0

  1. Now without OBJ_KERNEL_HANDLE

NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING
RegistryPath)
{
NTSTATUS Status = STATUS_SUCCESS;
HANDLE hRegistryKey = 0;
OBJECT_ATTRIBUTES objectAttributes;

InitializeObjectAttributes( &objectAttributes,
RegistryPath,
OBJ_CASE_INSENSITIVE | OBJ_OPENIF
0,
0
);
Status = ZwOpenKey( &hRegistryKey, KEY_READ, &objectAttributes ); …
}

Our key!!!:

!handle 0x00000068
processor number 0
PROCESS fbb57b60 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: fbb7d5a8 TableSize: 25.
Image: System

Handle Table at e1004000 with 25 Entries in use
0068: Object: e137bcc0 GrantedAccess: 00020019
Object: e137bcc0 Type: (fbb53708) Key
ObjectHeader: e137bca8
HandleCount: 1 PointerCount: 1
Directory Object: 00000000 Name:
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ZZZ

Questions:

  1. What happening? .
  2. If OBJ_KERNEL_HANDLE is guilty, how can I use IoOpenDeviceRegistryKey
    which uses OBJ_KERNEL_HANDLE?

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stonestreetone.com To
unsubscribe send a blank email to xxxxx@lists.osr.com