Hello everybody,
I am developing a registry filtering driver for Windows 2003 in which i need to redirect certain registry requests.
Is it possible to manipulate the RootObject and the CompleteName field in the Pre callback for RegCreateKey?
For example, can i Modify
\Registry\Machine\Software\Microsoft\Windows\key123 to
\Registry\Machine\Software\Microsoft\MyNewKey\key12345
in Pre Create key?
Some more ques:
-
Is it ok to free the buffer of Complete Name and pass a new buffer instead? Or should i modify the CONTENTS of the buffer instead?
-
Can i change the RootObject and make it point to something else?
Thanks,
kd.
Not much of a file systems question, but in general you can replace the name buffers for file system operations; give it a whirl on the registry and it might even work.
Going beyond that and changing the way the OS works, well, you are on your own there because you are now entering the “root kit” zone and most of us don’t really want to see more root kits written - whether deliberate, or accidental.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
> Not much of a file systems question, but in general you can replace the
name
buffers for file system operations; give it a whirl on the registry and it
might
even work.
Even if this works, it’s definitely not supported (and any documentation
that
states otherwise is in error).
–
This posting is provided “AS IS” with no warranties, and confers no
rights.