As you know, the XP registry callbacks are very limited, and I am suffering it at this very moment. I have a filter driver and I need to get the full key name in the Pre-Create callback, but it seems that the string is not always a complete path but a relative one.
I know that I’m able to get the complete path if I make my processing during the Post-Create, but then how could I know whether the key was previously existing or newly created?
Querying the object with Windbg and !object tells me that there’s only 1 pointer to that object and no handle, but it doesn’t mean that the key is newly created or not.
So any advice? Is there any way of knowing whether the key was already created or it was created at that time?
A3: thanks, I already know that I can query the root object name and concatenate it with the relative name, but that’s during the POST callback. My problem with the name is in the PRE callback.
My other question was about the POST callback and guessing whether the key was created or opened.
Thanks anyway.
Pavel: that’s a possibility, but as you said, it may be created. The problem is, exactly what amount of time would be safe to assume for a Create operation?
Thanks anyway.