RtlQueryRegistryValues Win7 64Bit Problem

Hi

i have a little ndis driver and try to read something in the registry
now the problem is, with the 32bit everything works fine but the 64bit driver (currently testing with windows7) i dont get my values
but i get status NDIS_STATUS_SUCCESS

code:

DWORD Old,Nothing;
DWORD testDword = 0xFF,TestDword2, defTestVal = 0xFFFF;
PWSTR nullMultiSz;
NDIS_STATUS Stat;

RTL_QUERY_REGISTRY_TABLE paramTable[2];
RtlZeroMemory (&paramTable[0], sizeof(paramTable));
paramTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[1].Name = L"ghj";
paramTable[1].EntryContext = &Nothing;
paramTable[1].DefaultType = REG_DWORD;
paramTable[1].DefaultData = &defTestVal;
paramTable[1].DefaultLength = sizeof(DWORD);

paramTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[0].Name = L"asd";
paramTable[0].EntryContext = &Old;
paramTable[0].DefaultType = REG_DWORD;
paramTable[0].DefaultData = &defTestVal;
paramTable[0].DefaultLength = sizeof(DWORD);

Stat = RtlQueryRegistryValues( RTL_REGISTRY_ABSOLUTE,L"\Registry\Machine\System\CurrentControlSet\Services\Test",&paramTable[0],NULL,NULL);

For one thing, you need a terminating NULL entry in paramTable. How is
RtlQueryRegistryValues supposed to know how many to go get? Just change
the size of paramTable to 3 (one more than you want to query). It’s lucky
(or unlucky as the case may be) that it’s not protection faulting.

xxxxx@gmail.com
Sent by: xxxxx@lists.osr.com
06/16/2010 07:09 AM
Please respond to
“Windows System Software Devs Interest List”

To
“Windows System Software Devs Interest List”
cc

Subject
[ntdev] RtlQueryRegistryValues Win7 64Bit Problem

Hi

i have a little ndis driver and try to read something in the registry
now the problem is, with the 32bit everything works fine but the 64bit
driver (currently testing with windows7) i dont get my values
but i get status NDIS_STATUS_SUCCESS

code:

DWORD Old,Nothing;
DWORD testDword = 0xFF,TestDword2, defTestVal =
0xFFFF;
PWSTR nullMultiSz;
NDIS_STATUS Stat;

RTL_QUERY_REGISTRY_TABLE paramTable[2];
RtlZeroMemory (&paramTable[0], sizeof(paramTable));
paramTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[1].Name = L"ghj";
paramTable[1].EntryContext = &Nothing;
paramTable[1].DefaultType = REG_DWORD;
paramTable[1].DefaultData = &defTestVal;
paramTable[1].DefaultLength = sizeof(DWORD);

paramTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[0].Name = L"asd";
paramTable[0].EntryContext = &Old;
paramTable[0].DefaultType = REG_DWORD;
paramTable[0].DefaultData = &defTestVal;
paramTable[0].DefaultLength = sizeof(DWORD);

Stat = RtlQueryRegistryValues(
RTL_REGISTRY_ABSOLUTE,L"\Registry\Machine\System\CurrentControlSet\Services\Test",&paramTable[0],NULL,NULL);


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

i have paramTable[2] and zero it before i fill it
paramTable[0] used
paramTable[1] used
paramTable[2] zero

Oh come on now! The declaration

RTL_QUERY_REGISTRY_TABLE paramTable [2];

means that there are only two entries, index 0 and 1. There is no
paramTable [2] entry.

xxxxx@gmail.com
Sent by: xxxxx@lists.osr.com
06/16/2010 08:32 AM
Please respond to
“Windows System Software Devs Interest List”

To
“Windows System Software Devs Interest List”
cc

Subject
RE:[ntdev] RtlQueryRegistryValues Win7 64Bit Problem

i have paramTable[2] and zero it before i fill it
paramTable[0] used
paramTable[1] used
paramTable[2] zero


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

oh thanks sorry totaly my fault
and now i dont drink and code
but iam wondering because in the 32bit driver that part works fine

Like I said, just lucky (or unlucky as the case may be). Under 32 bit
there must have been stuff on the stack above queryTable that ended up
looking like a terminating entry to the query function. And it may not
ALWAYS work on 32, depending on what was in the stack before your function
was called.

xxxxx@gmail.com
Sent by: xxxxx@lists.osr.com
06/16/2010 08:50 AM
Please respond to
“Windows System Software Devs Interest List”

To
“Windows System Software Devs Interest List”
cc

Subject
RE:[ntdev] RtlQueryRegistryValues Win7 64Bit Problem

oh thanks sorry totaly my fault
and now i dont drink and code
but iam wondering because in the 32bit driver that part works fine


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

ok i have testet it but i dont get my values and i dont get a real error, the stat returns NDIS_STATUS_SUCCESS with regedit i see the values, the service that controlls the driver sees the values but the driver didnt get it

Also, this is a WDM API, so do not use NDIS status codes. In this case you are getting lucky (again) in that both STATUS_SUCCESS and NDIS_STATUS_SUCCESS are the same value.

d

dent from a phpne with no keynoard

-----Original Message-----
From: xxxxx@gmail.com
Sent: June 16, 2010 6:11 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] RtlQueryRegistryValues Win7 64Bit Problem

ok i have testet it but i dont get my values and i dont get a real error, the stat returns NDIS_STATUS_SUCCESS with regedit i see the values, the service that controlls the driver sees the values but the driver didnt get it


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Try setting a QueryRoutine to process the values.

Larry C

On 6/16/2010 5:51 AM, xxxxx@gmail.com wrote:

oh thanks sorry totaly my fault
and now i dont drink and code
but iam wondering because in the 32bit driver that part works fine

That’s the beauty of undefined behavior. It might work. It might not.
It might trigger the self-destruct mechanism.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.