I tried to read registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal from my driver using RtlQueryRegistryValues and RTL_REGISTRY_USER but it is not working.
Does RTL_REGISTRY_USER is for HKEY_CURRENT_USER ?
I saw “Registry Key Object Routines” under DDK documentation section but not very clear.
Can someone tell me correct way to do this ?
If you’re trying this in the driver entry path, and this is a boot driver
there is no way.
Search the archives.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, November 27, 2008 2:58 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] reading registry values under HKEY_CURRENT_USER key
I tried to read registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders\Personal from my driver using RtlQueryRegistryValues and
RTL_REGISTRY_USER but it is not working.
Does RTL_REGISTRY_USER is for HKEY_CURRENT_USER ?
I saw “Registry Key Object Routines” under DDK documentation section but not
very clear.
Can someone tell me correct way to do this ?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
The notion of “current user” is only defined for the processes running in this user’s context.
It is not defined - even conceptually - for kernel mode code running in System process context, including the DriverEntry/PnP/power/AddDevice paths.
It is also not defined for user mode code of services and MS-provided system processes (you can write customizing DLLs like GINA or WinLogon notification packages which will be loaded to the contexts of the system processes, and this code of yours will also have undefined notion of “current user”).
RTL_REGISTRY_USER is only valid in the driver in caller process context, i.e. at PASSIVE_LEVEL in dispatch routines, especially MJ_CREATE dispatch. So, this is the limit of RTL_REGISTRY_USER usage in the driver.
Also do not forget that some caller processes have this notion undefined for themselves, i.e. MS’s system processes and services (unless the service have caller RegLoadCurrentUser).
For HKCU handle (which is RTL_REGISTRY_USER) to be used, the proper HKEY_USERS{sid} registry hive must be at least mounted. For system processes and services, this is usually not so, at least till RegLoadCurrentUser is called. Also, I have major doubts that HKCU exists at all for well-known embedded user accounts like Network Service or LocalSystem.
So, some user mode code cannot access HKCU at all, and the driver code running in such a caller context will be limited this way too.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
>> If you’re trying this in the driver entry path, and this is a boot driver there is no way
I was trying it in DriverEntry Path. Not a boot driver it is SERVICE_AUTO_START driver.
> It is not defined - even conceptually - for kernel mode code running in System process context, >> including the DriverEntry/PnP/power/AddDevice paths.
I was calling it in system context which was wrong.
What I was trying was wrong, because even before user is getting logged in I was trying to get the information which is user (logged in) specific.
I want to get the path for Documents and Settings, Desktop and My Documents for logged in user.
If I write WinLogon notification package which will get retrieve SID using GetTokenInformation() API and will further retrive registry keys making use of this SID to get Documents and Settings, Desktop and My Documents for logged in user and let driver know about it. Will it going to work ?
I assumed Driver will get loaded before logon process runs.
> If I write WinLogon notification package which will get retrieve SID using GetTokenInformation() API
I expect that in WinLogon the HKCU is not mounted yet, it is mounted by USERINIT.EXE after the logon processing in WinLogon.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
It would be better to use LoadUserProfile given the users token. This is the documented and sanctioned way to access the current user key for a user given their token, assuming the token had been created via the normal mechanisms.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Monday, December 01, 2008 12:43 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] reading registry values under HKEY_CURRENT_USER key
If I write WinLogon notification package which will get retrieve SID using GetTokenInformation() API
I expect that in WinLogon the HKCU is not mounted yet, it is mounted by USERINIT.EXE after the logon processing in WinLogon.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer