ZwEnumerateValueKey() and then?

Hello,
=20
I=B9ve got a really basic question regarding reading accessing the values in
an open registry key. I know I can iterate over all values with
ZwEnumerateValueKey() after opening the registry key containing the keys.
=20
I can access the name of the key using the KEYVALUE_INFORMATION_STRUCT
(let=B9s name the variable vip).
I can access the name with vip->Name which is not null-terminated.
=20
I can use ZwQueryKeyValue() to access the value to this name , but the
function requires the name as a Unicode_string and I would need to convert
the vip->name to a null-terminated pswstr to create a Unicode_string with
RtlInitUnicode().=20
I guess that an easier way must exist to access the value with the open
Handle and vip->name or am I wrong?
=20
Thanks for any reply!
=20
Kind Regards,=20
Dennis=20

>I can use ZwQueryKeyValue() to access the value to this name , but the

unction requires the name as a Unicode_string

UNICODE_STRING is not mandated to be null-terminated. Just know the length.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

You have the name and the length. You just need to define the
UNICODE_STRING structure and then set the buffer of the structure to
vip->name and the length and maxlength to vip->NameLength.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Dennis” wrote in message news:xxxxx@ntdev…
Hello,

I¹ve got a really basic question regarding reading accessing the values in
an open registry key. I know I can iterate over all values with
ZwEnumerateValueKey() after opening the registry key containing the keys.

I can access the name of the key using the KEYVALUE_INFORMATION_STRUCT
(let¹s name the variable vip).
I can access the name with vip->Name which is not null-terminated.

I can use ZwQueryKeyValue() to access the value to this name , but the
function requires the name as a Unicode_string and I would need to convert
the vip->name to a null-terminated pswstr to create a Unicode_string with
RtlInitUnicode().
I guess that an easier way must exist to access the value with the open
Handle and vip->name or am I wrong?

Thanks for any reply!

Kind Regards,
Dennis

Information from ESET NOD32 Antivirus, version of virus signature
database 4509 (20091015)


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Information from ESET NOD32 Antivirus, version of virus signature database 4509 (20091015)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Hi,

> I can use ZwQueryKeyValue() to access the value to this name , but the
> unction requires the name as a Unicode_string

UNICODE_STRING is not mandated to be null-terminated. Just know the length.

Do I understand it right, so I can just replace RtlInitUnicodeString with:
UNICODE_STRING dest;
WCHAR src[n];

// init src n wchar-s
dest.Buffer = src;
dest.Length = n;
dest.MaximumLength = n;

And then call ZwQueryKeyValue() with dest …

Sorry, my test machine is currently unvailable. Therefore, I can not BSOD
myself with the code (or not).

Thanks for any reply.

Kind Regards,
Dennis

Do something like:

PVOID Buf;
PKEY_NAME_INFORMATION NameInfo;
UNICODE_STRING Name;

status = ZwEnumerateKey( …, Buf, Length, ResultLength);
if ( NT_SUCCESS( status )
{
NameInfo = (PKEY_NAME_INFORMATION) Buf;
Name.Buffer = NameInfo->Name;
Name.Length = (USHORT) NameLength;
Name.Maximu,Length = Name.Length;

The above takes the results from ZwEnumerateKey and gives you the name as a
UNICODE_STRING.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“Dennis” wrote in message news:xxxxx@ntdev…
> Hi,
>
>>> I can use ZwQueryKeyValue() to access the value to this name , but the
>>> unction requires the name as a Unicode_string
>>
>> UNICODE_STRING is not mandated to be null-terminated. Just know the
>> length.
>
> Do I understand it right, so I can just replace RtlInitUnicodeString
> with:
> UNICODE_STRING dest;
> WCHAR src[n];
>
> // init src n wchar-s
> dest.Buffer = src;
> dest.Length = n;
> dest.MaximumLength = n;
>
> And then call ZwQueryKeyValue() with dest …
>
> Sorry, my test machine is currently unvailable. Therefore, I can not BSOD
> myself with the code (or not).
>
> Thanks for any reply.
>
> Kind Regards,
> Dennis
>
>
>
>
>
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4509 (20091015)

>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

Information from ESET NOD32 Antivirus, version of virus signature database 4509 (20091015)

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Thanks, that seems to do the trick …

On 15.10.09 14:46, “Don Burn” wrote:

> You have the name and the length. You just need to define the
> UNICODE_STRING structure and then set the buffer of the structure to
> vip->name and the length and maxlength to vip->NameLength.
>

On Thu, 15 Oct 2009 14:55:23 +0200, Dennis wrote:
> Do I understand it right, so I can just replace RtlInitUnicodeString
> with: …

Yes, RtlInitUnicodeString() only requires a null-terminated string because
it doesn’t know its length/size and hence has to count by itself. When
manually initializing the UNICODE_STRING structure, you might want to
ensure that vip->NameLength does not exceed USHORT_MAX, although the
consequences would probably be negligible in your case.

By the way, RtlQueryRegistryValues() might provide a more concise solution.

- Cay