> >Well, I stepped into the ZwSetValueKey and saw that the function tries to
>de-reference the ValueName I passed it. No check is done to the parameter.
The Zw* forms of system calls never check parameters
This is a cite from ancient NT documentation of around 1994. :-))))
Not so, they do int 2eh anyway, and thus cause the same Ntxxx function to be called, but with ExGetPreviousMode() == KernelMode and
not UserMode.
The parameter checks are done in Ntxxx, they can be relaxed a bit if ExGetPreviousMode() == KernelMode, but speaking that they are
absent is wrong.
Max