ZwOpenKey Problem-Please Help

Shalini · Mar 23, 2004

My ZwOpenKey does not succeeed at all.. It succeeds only when the parameter
passes is
\\Registry\\Machine\\System and its subtreee

if its \\Registry\\machine\\software it does not succeeed at ll..
Actually i want to obtain one registry key called SystemRoot from
HKLM\SOFTWARE\\MICROSOFT\\WINDOWS NT \\CURRENTVERSION

TO have that i open the above key as
\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion

But it gives an error saying ERROR_FILE_NOT_FOUND (Win32 Error code=2)

Does it mean that Registry keys under SYSTEM can only be accessed
I am writing the code in DriverEntry function..

Code snippet:

OBJECT_ATTRIBUTES oa;
RtlInitUnicodeString(&RegistryPath1,
L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
InitializeObjectAttributes(&oa,RegistryPath1,OBJ_KERNEL_HANDLE|OBJ_CASE_INSE
NSITIVE,NULL,NULL);
HANDLE hKey=NULL;
NTSTATUS rc=ZwOpenKey(&hKey,KEY_READ,&oa);
if(NT_SUCCESS(rc))
{
ZwClose(hKey);
}

Expecting ur reply.
Regards,
Shal

Brian Catlin · Mar 23, 2004

Shalini said:
My ZwOpenKey does not succeeed at all.. It succeeds only when the parameter
passes is
\\Registry\\Machine\\System and its subtreee

if its \\Registry\\machine\\software it does not succeeed at ll..
Actually i want to obtain one registry key called SystemRoot from
HKLM\SOFTWARE\\MICROSOFT\\WINDOWS NT \\CURRENTVERSION

TO have that i open the above key as
\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion

But it gives an error saying ERROR_FILE_NOT_FOUND (Win32 Error code=2)

Does it mean that Registry keys under SYSTEM can only be accessed
I am writing the code in DriverEntry function..

Code snippet:

OBJECT_ATTRIBUTES oa;
RtlInitUnicodeString(&RegistryPath1,
L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
InitializeObjectAttributes(&oa,RegistryPath1,OBJ_KERNEL_HANDLE|OBJ_CASE_INSE

^
|
----------------------------------
You need to pass the address of the registry path string descriptor. You forgot
to put an '&' before RegistryPath1 above

-Brian

Brian Catlin, Sannas Consulting 310-944-9492
Windows Network, Video, WDM Device Driver Training & Consulting
See WWW.AZIUS.COM.bad for courses and scheduling
REMOVE .BAD FROM EMAIL AND WEB ADDRESS

Shalini · Mar 23, 2004

Thanks Brian for ur response. But i get the same thing when i put that.
This is my exact code snippet;

OBJECT_ATTRIBUTES oa;
UNICODE_STRING RegistryPath1;
RtlInitUnicodeString(&RegistryPath1,L"\\Registry\\Machine\\SOFTWARE\\Microso
ft\\Windows NT\\CurrentVersion");

InitializeObjectAttributes(&oa,&RegistryPath1,OBJ_KERNEL_HANDLE|OBJ_CASE_INS
ENSITIVE,NULL,NULL);
HANDLE hKey=NULL;
NTSTATUS rc=ZwOpenKey(&hKey,KEY_READ,&oa);

rc is -1073741772

Any updates???
Waiting for reply..

Pavel A. · Mar 23, 2004

Shalini said:
Does it mean that Registry keys under SYSTEM can only be accessed
I am writing the code in DriverEntry function..

Does your driver start early at boot time?
During certain time of system startup, only System branch can be accessed.

--PA

Shalini · Mar 23, 2004

yes i have written it in the DriverEntry function
Yes it is at the boot time..

Shalini · Mar 23, 2004

Is there anyway i can determine the Box is windows 2000 or windows xp????
I currently do that by reading explorer.exe if its in \windows it is windows
xp or else it is windows 2000.
Is there any other professional way of doing this?

Maxim S. Shatskih · Mar 23, 2004

GetVersionEx in user mode.
RtlGetVersion or PsGetVersion on kernel mode.

Shalini · Mar 24, 2004

how can i know whether the OS is installed in c:\ or d:\ or any other...???
I get the os version using RtlGetVersion.....

Maxim S. Shatskih · Mar 24, 2004

In kernel mode code, you do not need this in most cases. Just use
\SystemRoot\system32\... path to access the files in the system folder.

Shalini · Mar 25, 2004

Oh ok..
Can i use
RtlInitUnicodeString(&filenameunicodestring,"\\SystemRoot\\System32\\Somefil
e.txt")
ZwCreateFile()
then i create the file in c:\windows\system32 in windows xp and in
WINNT\system32 in windows 2000.??
Regards

Alexander Grigoriev · Mar 25, 2004

Yes.

Shalini said:
Oh ok..
Can i use
RtlInitUnicodeString(&filenameunicodestring,"\\SystemRoot\\System32\\Somefil
e.txt")
ZwCreateFile()
then i create the file in c:\windows\system32 in windows xp and in
WINNT\system32 in windows 2000.??
Regards

Shalini · Mar 25, 2004

Thanks Alexander and Maxim.

Alexander Grigoriev said:
Yes.

RtlInitUnicodeString(&filenameunicodestring,"\\SystemRoot\\System32\\Somefil it

Shalini · Mar 26, 2004

It works like a charm ..
thanks once again

Shalini said:
Thanks Alexander and Maxim.

RtlInitUnicodeString(&filenameunicodestring,"\\SystemRoot\\System32\\Somefil can

What about mapping sections to system addresses?	0	Jul 13, 2004
Usin ZwReadFile in winxp	1	Oct 6, 2006
ZwCreateFile problem	1	Jul 7, 2004
ZwCreateFie Problem Please Help	1	Mar 9, 2004
ZwWriteFile does not Succeed at all?Please Help	1	Mar 12, 2004
Problem w/ ZwMapViewOfSection	0	Aug 28, 2003
HELP! RegQueryValueEx fails with 0xC00000005	8	Dec 21, 2003
USMT 3.0 Error 31	0	Jul 19, 2007

ZwOpenKey Problem-Please Help

Shalini

Brian Catlin

Shalini

Pavel A.

Shalini

Shalini

Maxim S. Shatskih

Shalini

Maxim S. Shatskih

Shalini

Alexander Grigoriev

Shalini

Shalini

Ask a Question

Similar Threads