Thnx a lot for the valuable information from ayush and frank .
One more thing ayush…
My requirement for registry is like , my driver will be having conserved
registry key object names data structure. When my driver finds a match with
accessed key and the key which is there in it’s own data structure ,it has
to stop that particular action. (All things should be done during
preoperation notifications)
So will the hooking system calls be useful if I would follow hooking
procedures according to my requirements. ?
Also I ve just completed my college studies and I m not much aware about
windows kernel architecture. So pls don mind, if I ask some stupid
questions.
If u wish u can guide me how to tackle the system call hooking by referring
some more article or sites from which a fresher can improve his knowledge.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ayush Gupta
Sent: Saturday, July 28, 2007 9:08 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] RegNotifyClass-(Pls Don’t Ignore…) on windowsXp.
>CmRegisterCallBack is a good thing…but only on 2K3 and higher
(RegNtPreOpenKeyEx). From my point of view, the implementation that comes
>with XP is unusable.
Ya… that’s true. The callback mechanism in Windows XP has very limited
features.
If you have read the documentation carefully, you will notice that the post
callback that you get in Windows XP is limited to only Create, Open and
Close key.
I don’t know what your exact requirement is, but what will you do when you
require the status of the operation ( QueryKey, SetKeyValue, etc).
For these reasons, I personally feel that Mark R.'s implementation of
Registry monitoring driver is very useful and the best solution. Do a google
on “Windows NT System Call Hooking”. I know we are not supposed to advice a
person to use “HOOKING”, but what if there is no proper solution?
Advice: Use “Windows NT System Call Hooking” for Windows XP and use the
normal, Documented Registry Callback mechanism, way of doing this in Windows
2003 and Vista.
Regards!
Ayush Gupta.
K7 Computing Pvt. Ltd.
www.k7computing.com
NTDEV is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
http://www.patni.com
World-Wide Partnerships. World-Class Solutions.
This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to whom this
message was originally addressed. Any review, e-transmission dissemination
or other use of or taking of any action in reliance upon this information by
persons or entities other than the intended recipient is prohibited. If you
have received this e-mail in error kindly delete this e-mail from your
records. If it appears that this mail has been forwarded to you without
proper authority, please notify us immediately at xxxxx@patni.com and
delete this mail.
http://www.patni.com
World-Wide Partnerships. World-Class Solutions.
This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to
whom this message was originally addressed. Any review, e-transmission
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you have received this e-mail in error
kindly delete this e-mail from your records. If it appears that this
mail has been forwarded to you without proper authority, please notify
us immediately at xxxxx@patni.com and delete this mail.