Click here to Skip to main content
12,951,983 members (67,075 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
Problem with KEY_VALUE_BASIC_INFORMATION in CmRegisterCallback.
Hi, I want to hide in registry name of key value. I write driver, that using CmRegisterCallback. But I can't catch name of key value that I need. When I DbgPrint PKEY_VALUE_BASIC_INFORMATION->Name I get only symbols [ , u . Where is my mistake? Can anybody help me?My RegistryCallback source:

NTSTATUS RegistryCallback(PVOID CallbackContext, PVOID Argument1, PVOID Argument2)
{
	PDEVICE_CONTEXT pContext = (PDEVICE_CONTEXT) CallbackContext;
	REG_NOTIFY_CLASS Action  = (REG_NOTIFY_CLASS) Argument1;
    UNICODE_STRING regKeyNameValueToHide = {0}; 
   
    try
    {
	switch (Action) 
	{ 
	 
    case RegNtEnumerateValueKey:
		{
		    PREG_ENUMERATE_VALUE_KEY_INFORMATION pInfo = (PREG_ENUMERATE_VALUE_KEY_INFORMATION) Argument2;
		    //DbgPrint(pInfo->ValueName->Buffer);
		    RtlInitUnicodeString(®KeyNameValueToHide,L"alex-56328943333");
			
			if(pInfo->KeyValueInformationClass == KeyValueBasicInformation)
			{
			   PKEY_VALUE_BASIC_INFORMATION  pKeyValueBasicInfirmation = (PKEY_VALUE_BASIC_INFORMATION) pInfo->KeyValueInformation;
			   UNICODE_STRING regKeyNameValue = {0};
			   RtlInitUnicodeString(®KeyNameValue,pKeyValueBasicInfirmation->Name);
			    
			   if (RtlEqualUnicodeString(®KeyNameValue, ®KeyNameValueToHide, 1))
			   {  
				   return STATUS_CALLBACK_BYPASS;
			   } 
			}
			else if(pInfo->KeyValueInformationClass == KeyValueFullInformation)
			{
			   PKEY_VALUE_FULL_INFORMATION  pKeyValueFullInfirmation = (PKEY_VALUE_FULL_INFORMATION) pInfo->KeyValueInformation;
			   UNICODE_STRING regKeyNameValue = {0};
			   RtlInitUnicodeString(®KeyNameValue,pKeyValueFullInfirmation->Name); 
			    if (RtlEqualUnicodeString(®KeyNameValue, ®KeyNameValueToHide, 1))
			   {    
				   return STATUS_CALLBACK_BYPASS;
			   }
			}
		   
		   break;
	    }  
	default:
		{
			 
			return STATUS_SUCCESS  
			break;
		}
		
	}
 
	}
	except (EXCEPTION_EXECUTE_HANDLER)
   {
     DbgPrint("Exception in RegistryCallback!!!");
   }
	return STATUS_SUCCESS;
}
Posted 1-Dec-12 5:52am
bitov271.1K

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month
OriginalGriff 6,239
CHill60 3,490
Maciej Los 3,083
Jochen Arndt 1,975
ppolymorphe 1,880


Advertise | Privacy | Mobile
Web02 | 2.8.170525.1 | Last Updated 1 Dec 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100