Hi All,
I am enumarating registry keys under L"\Registry\Machine" in my driver.
My requirement is that I have to check that a key have subkeys or not. For that I am using NtEnumerateKey() with ‘KeyFullInformation’ class. Thus I am getting number of sub keys in pEnumKeyFullInformation->SubKeys.
This all is working fine, except…
when I enumarate HKEY_LOCAL_MACHINE ie. L"\Registry\Machine". I am getting 0 in pEnumKeyFullInformation->SubKeys for all keys enumarated, though they have subkeys.
What do you think? What will be the problem?
Thanks & Regards,
Amit.
My guess is this is because HKLM is a rootkey and not a hive so there is
possibly no place where this information is stored, at least it’s not inside
the hive file. Have you tried from at least one level somewhere deeper in
your registry ( for instance \Registry\Machine\Software) ?
/Daniel
wrote in message news:xxxxx@ntdev…
> Hi All,
>
> I am enumarating registry keys under L"\Registry\Machine" in my driver.
>
> My requirement is that I have to check that a key have subkeys or not. For
> that I am using NtEnumerateKey() with ‘KeyFullInformation’ class. Thus I
> am getting number of sub keys in pEnumKeyFullInformation->SubKeys.
>
> This all is working fine, except…
> when I enumarate HKEY_LOCAL_MACHINE ie. L"\Registry\Machine". I am
> getting 0 in pEnumKeyFullInformation->SubKeys for all keys enumarated,
> though they have subkeys.
>
> What do you think? What will be the problem?
>
> Thanks & Regards,
> Amit.
>
>
>
Why are using NtEnumerateKey, rather then ZwEnumerateKey, considering that the former is undocumented? I don’t know if this is part of the problem or not, and I kind of doubt it, but I don’t really see a reason to use it in preference to the documented ZwEnumerateKey. Also, on what hive(s) do(es) this work? Have you opened the root key with KEY_ENUMERATE_SUB_KEYS? Is NtEnumerateKey() returing any sort of error?
mm
Yes I have opened the key with KEY_ALL_ACCESS.