RE: SPAM-LOW: Re: Re:Referencing a RegKey Object from handle

No no no no no no NO. Digging in undocumented, unexposed headers should
always be a warning that you are doing something wrong.

If you want to validate that something is a registry key, and you can’t get
direct access to the registry key object type, then at least do something
reasonable – don’t manually dig in undocumented structures. How many times
has this blown up?! Just go read some of Raymond Chen’s descriptions of the
agony that this has caused.

If you have a handle, and you suspect that it is a registry key but you want
to verify this, then ask it to do something that only registry keys do.
Call ZwQueryKey, and request something innocuous, like KeyBasicInformation.
If this succeeds, then you have a pretty good idea that it is a registry
key. Then you can call ObReferenceObjectByHandle, with ObjectType = NULL,
and have some peace of mind that this will work two service packs down the
road.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Friday, August 05, 2005 10:21 AM
To: Windows System Software Devs Interest List
Subject: SPAM-LOW: Re: Re:[ntdev] Referencing a RegKey Object from handle

Use undocumented means of getting the KeyObjectType, like
ZwOpenKey+ObReferenceObjectByHandle+digging into the undocumented object
header. It holds a type pointer.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

>> Digging in undocumented, unexposed headers should

> always be a warning that you are doing something wrong.

Please note that dealing with absolutes and emitting such judgements holds
very limited value.
Digging in undocumnted has a very clear value, and can make you understand
much easier
how the OS works. It clearly does not show , to ME at least , any sign that
you are dealing
something wrong, except maybe if you are an automaton writting code.

Dan

----- Original Message -----
From: “Arlie Davis”
To: “Windows System Software Devs Interest List”
Sent: Friday, August 05, 2005 6:22 PM
Subject: RE: SPAM-LOW: Re: Re:[ntdev] Referencing a RegKey Object from
handle

> No no no no no no NO. Digging in undocumented, unexposed headers should
> always be a warning that you are doing something wrong.
>
> If you want to validate that something is a registry key, and you can’t
> get
> direct access to the registry key object type, then at least do something
> reasonable – don’t manually dig in undocumented structures. How many
> times
> has this blown up?! Just go read some of Raymond Chen’s descriptions of
> the
> agony that this has caused.
>
> If you have a handle, and you suspect that it is a registry key but you
> want
> to verify this, then ask it to do something that only registry keys do.
> Call ZwQueryKey, and request something innocuous, like
> KeyBasicInformation.
> If this succeeds, then you have a pretty good idea that it is a registry
> key. Then you can call ObReferenceObjectByHandle, with ObjectType = NULL,
> and have some peace of mind that this will work two service packs down the
> road.
>
> – arlie
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Friday, August 05, 2005 10:21 AM
> To: Windows System Software Devs Interest List
> Subject: SPAM-LOW: Re: Re:[ntdev] Referencing a RegKey Object from handle
>
> Use undocumented means of getting the KeyObjectType, like
> ZwOpenKey+ObReferenceObjectByHandle+digging into the undocumented object
> header. It holds a type pointer.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com