I put function HookRegistry() in driverentry,
but page error occurs, but the same code runs normally
in regmon sample, why?
if( RegHooked ) {
// Unhook everything
SYSCALL( ZwOpenKey ) = (PVOID) RealRegOpenKey;//error occurs
This one is discussed over and again, including c vs. c++. Not sure which
one wins in terms sheer volm of emails :).
It seems like you just started doing this reg hooks, so why not try to find
the docs from the web, and the link was provided couple months ago, on this
list. The doc might be an unofficial MS approach to registry hooking, and as
we know, it seems like the api’s are coming soon for general use. SO
FOLLOWING THAT PATH WOULD BE REASONALBLE FOR ME, IF I HAD TO START NOW !!!.
P.S. Lot of codes from sysinternals, and others are not really debugged
code, so regmon, filemon, memtrack etc have bugs when it comes to high
stress and/or MP(hyperthread) situtation.
-pro
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Holk
Sent: Friday, May 07, 2004 11:29 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] why I get page error when trying to hook registry
operation like regmon?
I put function HookRegistry() in driverentry,
but page error occurs, but the same code runs normally
in regmon sample, why?
if( RegHooked ) {
// Unhook everything
SYSCALL( ZwOpenKey ) = (PVOID) RealRegOpenKey;//error occurs
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com