HANDLE hKey;
OBJECT_ATTRIBUTES aObjAttr;
UNICODE_STRING aKeyName;
NTSTATUS status;
hKey = NULL;
RtlInitUnicodeString( &aKeyName,
L"\Registry\Machine\Software\MyApp\Driver");
InitializeObjectAttributes( &aObjAttr, &aKeyName, (OBJ_KERNEL_HANDLE |
OBJ_CASE_INSENSITIVE), NULL, NULL);
status = ZwOpenKey( &hKey, KEY_QUERY_VALUE, NULL );
When ZwOpenKey returns “status” is always STATUS_ACCESS_VIOLATION (C0000005)
I wander why? I call this function within DriverEntry and my driver is
loaded at system time.
TIA,
Vladimir
The key looks strange. Most of the time, Drivers open
“\Registry\Machine\System\CurrentControlSet\Services\DriverName” in their
DriverEntry. You might try this key, or try to start your driver manually
instead at boot time or system time. In boot time, not all the hives in
registry is available. I am not sure about it in system time.
Charles
HANDLE hKey;
OBJECT_ATTRIBUTES aObjAttr;
UNICODE_STRING aKeyName;
NTSTATUS status;
hKey = NULL;
RtlInitUnicodeString( &aKeyName,
L"\Registry\Machine\Software\MyApp\Driver");
InitializeObjectAttributes( &aObjAttr, &aKeyName, (OBJ_KERNEL_HANDLE |
OBJ_CASE_INSENSITIVE), NULL, NULL);
status = ZwOpenKey( &hKey, KEY_QUERY_VALUE, NULL );
When ZwOpenKey returns “status” is always STATUS_ACCESS_VIOLATION (C0000005)
I wander why? I call this function within DriverEntry and my driver is
loaded at system time.
TIA,
Vladimir