#include "ntoskrnl.h"#include "debug.h"
Include dependency graph for ntapi.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
| #define | PRODUCT_ACTIVATION_VERSION 7749 |
Variables | |
| BOOLEAN | CmBootAcceptFirstTime = TRUE |
| BOOLEAN | CmFirstTime = TRUE |
| ULONG | InitSafeBootMode |
Macro Definition Documentation
◆ NDEBUG
◆ PRODUCT_ACTIVATION_VERSION
Function Documentation
◆ CmpConvertHandleToKernelHandle()
|
static |
Definition at line 195 of file ntapi.c.
201{
204
206
207 /* NULL handle is valid */
210
211 /* Get the object pointer */
213 DesiredAccess,
214 ObjectType,
215 AccessMode,
216 &Object,
217 NULL);
220
221 /* Create a kernel handle from the pointer */
223 OBJ_KERNEL_HANDLE,
224 NULL,
225 DesiredAccess,
226 ObjectType,
227 KernelMode,
228 KernelHandle);
229
230 /* Dereference the object */
233}
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
Definition: obhandle.c:2742
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
Referenced by NtLoadKeyEx(), NtSaveKeyEx(), NtSaveMergedKeys(), and NtUnloadKey2().
◆ NtCompactKeys()
◆ NtCompressKey()
◆ NtCreateKey()
| NTSTATUS NTAPI NtCreateKey | ( | OUT PHANDLE | KeyHandle, |
| IN ACCESS_MASK | DesiredAccess, | ||
| IN POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| IN ULONG | TitleIndex, | ||
| IN PUNICODE_STRING Class | OPTIONAL, | ||
| IN ULONG | CreateOptions, | ||
| OUT PULONG Disposition | OPTIONAL | ||
| ) |
Definition at line 240 of file ntapi.c.
247{
250 CM_PARSE_CONTEXT ParseContext = {0};
252 PAGED_CODE();
253
257
258 /* Ignore the WOW64 flag, it's not valid in the kernel */
259 DesiredAccess &= ~KEY_WOW64_RES;
260
261 /* Check for user-mode caller */
263 {
264 /* Prepare to probe parameters */
265 _SEH2_TRY
266 {
267 /* Check if we have a class */
269 {
270 /* Probe it */
275 }
276
277 /* Probe the key handle */
280
281 /* Probe object attributes */
285
288 }
290 {
291 /* Return the exception code */
293 }
294 _SEH2_END;
295 }
296 else
297 {
298 /* Save the class directly */
300 }
301
302 /* Setup the parse context */
305
306 /* Do the create */
308 CmpKeyObjectType,
309 PreviousMode,
310 NULL,
311 DesiredAccess,
312 &ParseContext,
313 &Handle);
314
315 _SEH2_TRY
316 {
317 /* Return data to user */
320 }
322 {
323 /* Get the status */
325 }
326 _SEH2_END;
327
329
330 /* Return status */
332}
Definition: mfunptr_test.cpp:53
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
NTSTATUS NTAPI ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle)
Definition: obhandle.c:2532
Definition: cm.h:433
Definition: umtypes.h:182
_Must_inspect_result_ _In_opt_ WDFKEY _In_ PCUNICODE_STRING _In_ ACCESS_MASK _In_ ULONG CreateOptions
Definition: wdfregistry.h:118
Referenced by AddHotkeySettings(), AddKbLayoutsToRegistry(), BasepMoveFileDelayed(), CmInitSystem1(), CmpCreateControlSet(), CmpCreateHardwareProfile(), CmpInitializeHardwareConfiguration(), CmpInitializeMachineDependentConfiguration(), CmpInitializeRegistryNode(), CmpSetVersionData(), create_key(), create_registry_key(), CreateKeyTest(), CreateNestedKey(), CreateRegistryKeyHandle(), CreateRegKey(), CreateSymLinkKey(), DeleteSymLinkKey(), InitFunctionPtrs(), InitializeUserModePnpManager(), InstallDriver(), LsapCreateDatabaseKeys(), LsapCreateDbObject(), LsapSetObjectAttribute(), RegInitializeRegistry(), RegpCopyTree(), SdbRegisterDatabaseEx(), SdbUnregisterDatabase(), SetActiveComputerNameToRegistry(), SetMountedDeviceValue(), SetUserGeoID(), SetValueTest1(), SetValueTest2(), START_TEST(), test2(), test3(), test6(), test7(), Test_KeyFullInformation(), and TestCreateOpen_().
◆ NtDeleteKey()
Definition at line 408 of file ntapi.c.
409{
410 PCM_KEY_BODY KeyObject;
412 REG_DELETE_KEY_INFORMATION DeleteKeyInfo;
413 REG_POST_OPERATION_INFORMATION PostOperationInfo;
414 PAGED_CODE();
416
417 /* Verify that the handle is valid and is a registry key */
419 DELETE,
420 CmpKeyObjectType,
421 ExGetPreviousMode(),
422 (PVOID*)&KeyObject,
423 NULL);
425
426 /* Setup the callback */
431 {
432 /* Check if we are read-only */
435 {
436 /* Fail */
438 }
439 else
440 {
441 /* Call the internal API */
443 }
444
445 /* Do post callback */
448 }
449
450 /* Dereference and return status */
451 ObDereferenceObject(KeyObject);
453}
NTSTATUS CmiCallRegisteredCallbacks(IN REG_NOTIFY_CLASS Argument1, IN PVOID Argument2)
Definition: cmhook.c:59
Definition: cm.h:232
Definition: cmtypes.h:700
Definition: cmtypes.h:858
Referenced by DeleteKeyTest(), DeleteSymLinkKey(), DestroyProtoHive(), do_reg_operation(), InitFunctionPtrs(), LsapRegDeleteKey(), LsapRegDeleteSubKey(), RegCleanupRegistry(), RegDeleteKeyExW(), RegInitializeRegistry(), SampRegDeleteKey(), SdbUnregisterDatabase(), START_TEST(), test2(), test3(), test7(), and Test_KeyFullInformation().
◆ NtDeleteValueKey()
Definition at line 1014 of file ntapi.c.
1016{
1018 PCM_KEY_BODY KeyObject;
1019 REG_DELETE_VALUE_KEY_INFORMATION DeleteValueKeyInfo;
1020 REG_POST_OPERATION_INFORMATION PostOperationInfo;
1022 UNICODE_STRING ValueNameCopy;
1023
1024 PAGED_CODE();
1025
1026 /* Verify that the handle is valid and is a registry key */
1028 KEY_SET_VALUE,
1029 CmpKeyObjectType,
1030 PreviousMode,
1031 (PVOID*)&KeyObject,
1032 NULL);
1035
1036 /* Capture the string */
1039 goto Quit;
1040
1041 /* Make sure the name is aligned properly */
1043 {
1044 /* It isn't, so we'll fail */
1046 goto Quit;
1047 }
1048
1049 /* Don't touch read-only keys */
1051 {
1052 /* Fail */
1054 goto Quit;
1055 }
1056
1057 /* Do the callback */
1061 &DeleteValueKeyInfo);
1063 {
1064 /* Call the internal API */
1066
1067 /* Do the post callback */
1071 &PostOperationInfo);
1072 }
1073
1074Quit:
1077
1078 /* Dereference and return status */
1079 ObDereferenceObject(KeyObject);
1081}
NTSTATUS NTAPI CmDeleteValueKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN UNICODE_STRING ValueName)
Definition: cmapi.c:915
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
Definition: cmtypes.h:723
Definition: env_spec_w32.h:368
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:243
Referenced by AddFontsSettingsToRegistry(), CmpSetVersionData(), DeleteHKCRValue(), DeleteSymLinkKey(), DeleteValueTest(), InitFunctionPtrs(), LsapRegDeleteValue(), RegDeleteValueA(), RegDeleteValueW(), RtlApplyRXact(), RtlInitializeRXact(), SampRegDeleteValue(), SdbDeletePermLayerKeys(), SmpLoadDataFromRegistry(), START_TEST(), and test7().
◆ NtEnumerateKey()
| NTSTATUS NTAPI NtEnumerateKey | ( | IN HANDLE | KeyHandle, |
| IN ULONG | Index, | ||
| IN KEY_INFORMATION_CLASS | KeyInformationClass, | ||
| OUT PVOID | KeyInformation, | ||
| IN ULONG | Length, | ||
| OUT PULONG | ResultLength | ||
| ) |
Definition at line 457 of file ntapi.c.
463{
466 PCM_KEY_BODY KeyObject;
467 REG_ENUMERATE_KEY_INFORMATION EnumerateKeyInfo;
468 REG_POST_OPERATION_INFORMATION PostOperationInfo;
469 PAGED_CODE();
472
473 /* Reject classes we don't know about */
477 {
478 /* Fail */
480 }
481
482 /* Verify that the handle is valid and is a registry key */
485 CmpKeyObjectType,
486 PreviousMode,
487 (PVOID*)&KeyObject,
488 NULL);
490
492 {
493 _SEH2_TRY
494 {
496 ProbeForWrite(KeyInformation,
497 Length,
499 }
501 {
502 /* Dereference and return status */
503 ObDereferenceObject(KeyObject);
505 }
506 _SEH2_END;
507 }
508
509 /* Setup the callback */
516
517 /* Do the callback */
520 {
521 /* Call the internal API */
523 Index,
524 KeyInformationClass,
525 KeyInformation,
526 Length,
527 ResultLength);
528
529 /* Do the post callback */
532 }
533
534 /* Dereference and return status */
535 ObDereferenceObject(KeyObject);
538}
NTSTATUS NTAPI CmEnumerateKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG Length, IN PULONG ResultLength)
Definition: cmapi.c:1734
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
Definition: cmtypes.h:741
KEY_INFORMATION_CLASS KeyInformationClass
Definition: cmtypes.h:744
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_In_ ULONG _In_ KEY_INFORMATION_CLASS KeyInformationClass
Definition: zwfuncs.h:167
◆ NtEnumerateValueKey()
| NTSTATUS NTAPI NtEnumerateValueKey | ( | IN HANDLE | KeyHandle, |
| IN ULONG | Index, | ||
| IN KEY_VALUE_INFORMATION_CLASS | KeyValueInformationClass, | ||
| OUT PVOID | KeyValueInformation, | ||
| IN ULONG | Length, | ||
| OUT PULONG | ResultLength | ||
| ) |
Definition at line 542 of file ntapi.c.
548{
551 PCM_KEY_BODY KeyObject;
552 REG_ENUMERATE_VALUE_KEY_INFORMATION EnumerateValueKeyInfo;
553 REG_POST_OPERATION_INFORMATION PostOperationInfo;
554
555 PAGED_CODE();
556
559
560 /* Reject classes we don't know about */
566 {
567 /* Fail */
569 }
570
571 /* Verify that the handle is valid and is a registry key */
573 KEY_QUERY_VALUE,
574 CmpKeyObjectType,
575 PreviousMode,
576 (PVOID*)&KeyObject,
577 NULL);
579
581 {
582 _SEH2_TRY
583 {
585 ProbeForWrite(KeyValueInformation,
586 Length,
588 }
590 {
591 /* Dereference and return status */
592 ObDereferenceObject(KeyObject);
594 }
595 _SEH2_END;
596 }
597
598 /* Setup the callback */
603 EnumerateValueKeyInfo.KeyValueInformation = KeyValueInformation;
606
607 /* Do the callback */
609 &EnumerateValueKeyInfo);
611 {
612 /* Call the internal API */
614 Index,
616 KeyValueInformation,
617 Length,
618 ResultLength);
619
620 /* Do the post callback */
623 }
624
625 /* Dereference and return status */
626 ObDereferenceObject(KeyObject);
628}
NTSTATUS NTAPI CmEnumerateValueKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength)
Definition: cmapi.c:1191
_In_ ULONG _In_ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
Definition: cmfuncs.h:94
KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
Definition: cmtypes.h:756
PVOID KeyValueInformation
Definition: cmtypes.h:757
Referenced by EnumerateValueTest(), InitializeFmIfsOnce(), NLS_RegEnumValue(), RegEnumValueW(), RegpCopyTree(), test1(), test2(), test3(), and test9().
◆ NtFlushKey()
Definition at line 1085 of file ntapi.c.
1086{
1088 PCM_KEY_BODY KeyObject;
1089 PAGED_CODE();
1090
1091 /* Get the key object */
1093 0,
1094 CmpKeyObjectType,
1095 ExGetPreviousMode(),
1096 (PVOID*)&KeyObject,
1097 NULL);
1099
1100 /* Lock the registry */
1101 CmpLockRegistry();
1102
1103 /* Lock the KCB */
1105
1106 /* Make sure KCB isn't deleted */
1108 {
1109 /* Fail */
1111 }
1112 else
1113 {
1114 /* Call the internal API */
1116 }
1117
1118 /* Release the locks */
1120 CmpUnlockRegistry();
1121
1122 /* Dereference the object and return status */
1123 ObDereferenceObject(KeyObject);
1125}
FORCEINLINE VOID CmpReleaseKcbLock(PCM_KEY_CONTROL_BLOCK Kcb)
Definition: cm_x.h:185
NTSTATUS NTAPI CmFlushKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN BOOLEAN ExclusiveLock)
Definition: cmapi.c:1937
Referenced by CreateProtoHive(), InitFunctionPtrs(), RegCleanupRegistry(), RegFlushKey(), RegInitializeRegistry(), RtlApplyRXact(), SetActiveComputerNameToRegistry(), SetComputerNameToRegistry(), START_TEST(), and test5().
◆ NtInitializeRegistry()
Definition at line 1318 of file ntapi.c.
1319{
1320 BOOLEAN SetupBoot;
1322 PAGED_CODE();
1323
1324 /* Always do this as kernel mode */
1327
1328 /* Enough of the system has booted by now */
1329 Ki386PerfEnd();
1330
1331 /* Validate flag */
1333
1334 /* Check if boot was accepted */
1336 {
1337 /* Only allow once */
1340
1341 /* Get the control set accepted */
1344 {
1345 /* Save the last known good boot */
1347
1348 /* Notify HAL */
1349 HalEndOfBoot();
1350
1351 /* Enable lazy flush */
1353 CmpLazyFlush();
1355 }
1356
1357 /* Otherwise, invalid boot */
1359 }
1360
1361 /* Check if this was a setup boot */
1363
1364 /* Make sure we're only called once */
1367
1368 /* Lock the registry exclusively */
1369 CmpLockRegistryExclusive();
1370
1371 /* Initialize the hives and lazy flusher */
1372 CmpCmdInit(SetupBoot);
1373
1374 /* Save version data */
1375 CmpSetVersionData();
1376
1377 /* Release the registry lock */
1378 CmpUnlockRegistry();
1380}
NTSTATUS NTAPI CmpSaveBootControlSet(IN USHORT ControlSet)
Definition: cmcontrl.c:267
NTSYSAPI NTSTATUS NTAPI ZwInitializeRegistry(_In_ USHORT Flag)
Definition: xml2sdb.h:80
Referenced by RunUSetup(), SmpLoadDataFromRegistry(), and WinMain().
◆ NtLoadKey()
| NTSTATUS NTAPI NtLoadKey | ( | IN POBJECT_ATTRIBUTES | KeyObjectAttributes, |
| IN POBJECT_ATTRIBUTES | FileObjectAttributes | ||
| ) |
Definition at line 1129 of file ntapi.c.
1131{
1132 /* Call the newer API */
1134}
NTSTATUS NTAPI NtLoadKeyEx(IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags, IN HANDLE TrustClassKey)
Definition: ntapi.c:1148
_In_ PWDFDEVICE_INIT _In_ PWDF_FILEOBJECT_CONFIG _In_opt_ PWDF_OBJECT_ATTRIBUTES FileObjectAttributes
Definition: wdfdevice.h:3400
Referenced by ConnectRegistry(), RegLoadKeyW(), and test8().
◆ NtLoadKey2()
| NTSTATUS NTAPI NtLoadKey2 | ( | IN POBJECT_ATTRIBUTES | KeyObjectAttributes, |
| IN POBJECT_ATTRIBUTES | FileObjectAttributes, | ||
| IN ULONG | Flags | ||
| ) |
◆ NtLoadKeyEx()
| NTSTATUS NTAPI NtLoadKeyEx | ( | IN POBJECT_ATTRIBUTES | TargetKey, |
| IN POBJECT_ATTRIBUTES | SourceFile, | ||
| IN ULONG | Flags, | ||
| IN HANDLE | TrustClassKey | ||
| ) |
Definition at line 1148 of file ntapi.c.
1152{
1155 OBJECT_ATTRIBUTES CapturedTargetKey;
1156 OBJECT_ATTRIBUTES CapturedSourceFile;
1157 UNICODE_STRING TargetKeyName, SourceFileName;
1160
1161 PAGED_CODE();
1162
1163 /* Validate flags */
1166
1167 /* Validate privilege */
1169 {
1172 }
1173
1174 /* Block APCs */
1175 KeEnterCriticalRegion();
1176
1177 /* Check for user-mode caller */
1179 {
1180 /* Prepare to probe parameters */
1181 _SEH2_TRY
1182 {
1183 /* Probe target key */
1184 ProbeForRead(TargetKey,
1187
1188 /* Probe source file */
1189 ProbeForRead(SourceFile,
1192 }
1194 {
1195 /* Return the exception code */
1198 }
1199 _SEH2_END;
1200 }
1201
1202 /* Probe and capture the target key attributes, including the security */
1204 &TargetKeyName,
1205 PreviousMode,
1206 TargetKey,
1207 TRUE);
1209 goto Quit;
1210
1211 /*
1212 * Probe and capture the source file attributes, but not the security.
1213 * A proper security context is built by CmLoadKey().
1214 */
1216 &SourceFileName,
1217 PreviousMode,
1218 SourceFile,
1219 FALSE);
1221 {
1223 goto Quit;
1224 }
1225
1226 /* Make sure the target key root directory handle is a kernel handle */
1228 CmpKeyObjectType,
1229 KEY_READ,
1230 PreviousMode,
1231 &KmTargetKeyRootDir);
1234 CapturedTargetKey.RootDirectory = KmTargetKeyRootDir;
1236
1237 /* Make sure the source file root directory handle is a kernel handle */
1239 IoFileObjectType,
1240 FILE_TRAVERSE,
1241 PreviousMode,
1242 &KmSourceFileRootDir);
1245 CapturedSourceFile.RootDirectory = KmSourceFileRootDir;
1247
1248 /* Check if we have a trust class */
1249 if (TrustClassKey)
1250 {
1251 /* Reference it */
1253 0,
1254 CmpKeyObjectType,
1255 PreviousMode,
1256 (PVOID*)&KeyBody,
1257 NULL);
1258 }
1259
1260 /* Call the internal API */
1262 &CapturedSourceFile,
1263 Flags,
1264 KeyBody);
1265
1266 /* Dereference the trust key, if any */
1268
1269Cleanup:
1270 /* Close the local kernel handles */
1271 if (KmSourceFileRootDir)
1273 if (KmTargetKeyRootDir)
1275
1276 /* Release the captured object attributes */
1279
1280Quit:
1281 /* Bring back APCs */
1282 KeLeaveCriticalRegion();
1283
1284 /* Return status */
1286}
NTSTATUS NTAPI CmLoadKey(IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags, IN PCM_KEY_BODY KeyBody)
Definition: cmapi.c:2012
static NTSTATUS CmpConvertHandleToKernelHandle(_In_ HANDLE SourceHandle, _In_opt_ POBJECT_TYPE ObjectType, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode, _Out_ PHANDLE KernelHandle)
Definition: ntapi.c:195
NTSTATUS ProbeAndCaptureObjectAttributes(_Out_ POBJECT_ATTRIBUTES CapturedObjectAttributes, _Out_ PUNICODE_STRING ObjectName, _In_ KPROCESSOR_MODE AccessMode, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN CaptureSecurity)
Definition: ntapi.c:53
VOID ReleaseCapturedObjectAttributes(_In_ POBJECT_ATTRIBUTES CapturedObjectAttributes, _In_ KPROCESSOR_MODE AccessMode)
Definition: ntapi.c:27
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
Referenced by NtLoadKey(), and NtLoadKey2().
◆ NtLockProductActivationKeys()
Definition at line 1404 of file ntapi.c.
1406{
1408
1410 _SEH2_TRY
1411 {
1412 /* Check if the caller asked for the version */
1414 {
1415 /* For user mode, probe it */
1417 {
1418 ProbeForWriteUlong(pPrivateVer);
1419 }
1420
1421 /* Return the expected version */
1422 *pPrivateVer = PRODUCT_ACTIVATION_VERSION;
1423 }
1424
1425 /* Check if the caller asked for safe mode mode state */
1427 {
1428 /* For user mode, probe it */
1430 {
1431 ProbeForWriteUlong(pSafeMode);
1432 }
1433
1434 /* Return the safe boot mode state */
1435 *pSafeMode = InitSafeBootMode;
1436 }
1437 }
1439 {
1441 }
1442 _SEH2_END;
1443
1445}
◆ NtLockRegistryKey()
◆ NtNotifyChangeKey()
| NTSTATUS NTAPI NtNotifyChangeKey | ( | IN HANDLE | KeyHandle, |
| IN HANDLE | Event, | ||
| IN PIO_APC_ROUTINE ApcRoutine | OPTIONAL, | ||
| IN PVOID ApcContext | OPTIONAL, | ||
| OUT PIO_STATUS_BLOCK | IoStatusBlock, | ||
| IN ULONG | CompletionFilter, | ||
| IN BOOLEAN | WatchTree, | ||
| OUT PVOID | Buffer, | ||
| IN ULONG | Length, | ||
| IN BOOLEAN | Asynchronous | ||
| ) |
Definition at line 1290 of file ntapi.c.
1300{
1301 /* Call the newer API */
1303 0,
1304 NULL,
1305 Event,
1306 ApcRoutine,
1307 ApcContext,
1308 IoStatusBlock,
1309 CompletionFilter,
1310 WatchTree,
1311 Buffer,
1312 Length,
1313 Asynchronous);
1314}
Definition: bufpool.h:45
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG CompletionFilter
Definition: fltkernel.h:2243
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN WatchTree
Definition: fltkernel.h:2241
_In_opt_ HANDLE _In_opt_ PIO_APC_ROUTINE _In_opt_ PVOID ApcContext
Definition: iofuncs.h:727
NTSTATUS NTAPI NtNotifyChangeMultipleKeys(IN HANDLE MasterKeyHandle, IN ULONG Count, IN POBJECT_ATTRIBUTES SlaveObjects, IN HANDLE Event, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN Asynchronous)
Definition: ntapi.c:1457
Definition: filtergraph.c:51
Referenced by InitFunctionPtrs(), and RegNotifyChangeKeyValue().
◆ NtNotifyChangeMultipleKeys()
| NTSTATUS NTAPI NtNotifyChangeMultipleKeys | ( | IN HANDLE | MasterKeyHandle, |
| IN ULONG | Count, | ||
| IN POBJECT_ATTRIBUTES | SlaveObjects, | ||
| IN HANDLE | Event, | ||
| IN PIO_APC_ROUTINE ApcRoutine | OPTIONAL, | ||
| IN PVOID ApcContext | OPTIONAL, | ||
| OUT PIO_STATUS_BLOCK | IoStatusBlock, | ||
| IN ULONG | CompletionFilter, | ||
| IN BOOLEAN | WatchTree, | ||
| OUT PVOID | Buffer, | ||
| IN ULONG | Length, | ||
| IN BOOLEAN | Asynchronous | ||
| ) |
Definition at line 1457 of file ntapi.c.
Referenced by NtNotifyChangeKey().
◆ NtOpenKey()
| NTSTATUS NTAPI NtOpenKey | ( | OUT PHANDLE | KeyHandle, |
| IN ACCESS_MASK | DesiredAccess, | ||
| IN POBJECT_ATTRIBUTES | ObjectAttributes | ||
| ) |
Definition at line 336 of file ntapi.c.
339{
340 CM_PARSE_CONTEXT ParseContext = {0};
344 PAGED_CODE();
347
348 /* Ignore the WOW64 flag, it's not valid in the kernel */
349 DesiredAccess &= ~KEY_WOW64_RES;
350
351 /* Check for user-mode caller */
353 {
354 /* Prepare to probe parameters */
355 _SEH2_TRY
356 {
357 /* Probe the key handle */
360
361 /* Probe object attributes */
365 }
367 {
368 /* Return the exception code */
370 }
371 _SEH2_END;
372 }
373
374 /* Just let the object manager handle this */
376 CmpKeyObjectType,
377 PreviousMode,
378 NULL,
379 DesiredAccess,
380 &ParseContext,
381 &Handle);
382
383 /* Only do this if we succeeded */
385 {
386 _SEH2_TRY
387 {
388 /* Return the handle to caller */
390 }
392 {
393 /* Get the status */
395 }
396 _SEH2_END;
397 }
398
400
401 /* Return status */
403}
Referenced by AddCodepageToRegistry(), AddFontsSettingsToRegistry(), BaseComputeProcessDllPath(), BasepIsProcessAllowed(), BaseSrvIsVdmAllowed(), CmGetSystemDriverList(), CmpCreateControlSet(), CmpInitializeMachineDependentConfiguration(), CmpSetSystemValues(), CreateBaseAcls(), DeleteKeyTest(), DeleteSymLinkKey(), DeleteValueTest(), do_enumeratekey(), DumpRegistryData(), EnumerateKeyTest(), EnumerateValueTest(), GetComputerIdentifier(), GetComputerNameFromRegistry(), GetCPFileNameFromRegistry(), GetDisplayIdentifier(), GetDllList(), GetDosDevicesProtection(), GetRegInt(), GetTimeouts(), InitFunctionPtrs(), InitializeFmIfsOnce(), InitializeUserModePnpManager(), InstallDevice(), IsAcpiComputer(), IsShimInfrastructureDisabled(), LdrpDisableProcessCompatGuidDetection(), LsapCreateDbObject(), LsapGetObjectAttribute(), LsapOpenDbObject(), LsapRegDeleteSubKey(), LsapRegOpenKey(), NLS_RegOpenKey(), NtOpenObject(), open_classes_key(), OpenClassesRootKey(), OpenCurrentConfigKey(), OpenLocalMachineKey(), OpenRegistryKeyHandle(), OpenUsersKey(), ProcessDisplayRegistry(), ProcessLocaleRegistry(), RegCleanupRegistry(), RegCopyTreeW(), RegDeleteKeyExW(), RegInitializeRegistry(), registry_callback(), RegOpenKeyExW(), RegOpenUserClassesRoot(), RegpCopyTree(), RegReplaceKeyW(), RegSetKeyValueA(), RegSetKeyValueW(), SampRegDeleteKey(), SampRegOpenKey(), SdbpOpenKey(), SetActiveComputerNameToRegistry(), SetComputerNameToRegistry(), SetDefaultPagefile(), SetGeoID(), SetMountedDeviceValue(), SetRosSpecificInfo(), SmLookupSubsystem(), SmpCreateDynamicEnvironmentVariables(), SmpLoadDataFromRegistry(), SmpQueryRegistrySosOption(), SmpTranslateSystemPartitionInformation(), START_TEST(), test1(), test2(), test3(), test5(), test8(), test9(), Test_KeyFullInformation(), Test_KeyNameInformation(), TestCreateOpen_(), and UnhandledExceptionFilter().
◆ NtQueryKey()
| NTSTATUS NTAPI NtQueryKey | ( | IN HANDLE | KeyHandle, |
| IN KEY_INFORMATION_CLASS | KeyInformationClass, | ||
| OUT PVOID | KeyInformation, | ||
| IN ULONG | Length, | ||
| OUT PULONG | ResultLength | ||
| ) |
Definition at line 632 of file ntapi.c.
637{
640 PCM_KEY_BODY KeyObject;
641 REG_QUERY_KEY_INFORMATION QueryKeyInfo;
642 REG_POST_OPERATION_INFORMATION PostOperationInfo;
643 OBJECT_HANDLE_INFORMATION HandleInfo;
644 PAGED_CODE();
647
648 /* Reject invalid classes */
655 {
656 /* Fail */
658 }
659
660 /* Check if just the name is required */
662 {
663 /* Ignore access level */
665 0,
666 CmpKeyObjectType,
667 PreviousMode,
668 (PVOID*)&KeyObject,
669 &HandleInfo);
671 {
672 /* At least a single bit of access is required */
674 {
675 /* No such luck */
676 ObDereferenceObject(KeyObject);
678 }
679 }
680 }
681 else
682 {
683 /* Get a reference */
685 KEY_QUERY_VALUE,
686 CmpKeyObjectType,
687 PreviousMode,
688 (PVOID*)&KeyObject,
689 NULL);
690 }
691
692 /* Quit on failure */
694
696 {
697 _SEH2_TRY
698 {
700 ProbeForWrite(KeyInformation,
701 Length,
703 }
705 {
706 /* Dereference and return status */
707 ObDereferenceObject(KeyObject);
709 }
710 _SEH2_END;
711 }
712
713 /* Setup the callback */
717 QueryKeyInfo.KeyInformation = KeyInformation;
720
721 /* Do the callback */
724 {
725 /* Call the internal API */
727 KeyInformationClass,
728 KeyInformation,
729 Length,
730 ResultLength);
731
732 /* Do the post callback */
735 }
736
737 /* Dereference and return status */
738 ObDereferenceObject(KeyObject);
740}
NTSTATUS NTAPI CmQueryKey(_In_ PCM_KEY_CONTROL_BLOCK Kcb, _In_ KEY_INFORMATION_CLASS KeyInformationClass, _Out_opt_ PVOID KeyInformation, _In_ ULONG Length, _Out_ PULONG ResultLength)
Definition: cmapi.c:1614
Definition: iotypes.h:179
Definition: cmtypes.h:765
KEY_INFORMATION_CLASS KeyInformationClass
Definition: cmtypes.h:767
Referenced by EnumerateKeyTest(), GetComputerIdentifier(), GetKeyName(), InitFunctionPtrs(), LsapRegQueryKeyInfo(), RegQueryInfoKeyW(), SampRegQueryKeyInfo(), test1(), test9(), Test_KeyFullInformation(), and Test_KeyNameInformation().
◆ NtQueryMultipleValueKey()
| NTSTATUS NTAPI NtQueryMultipleValueKey | ( | IN HANDLE | KeyHandle, |
| IN OUT PKEY_VALUE_ENTRY | ValueList, | ||
| IN ULONG | NumberOfValues, | ||
| OUT PVOID | Buffer, | ||
| IN OUT PULONG | Length, | ||
| OUT PULONG | ReturnLength | ||
| ) |
◆ NtQueryOpenSubKeys()
Definition at line 1489 of file ntapi.c.
1491{
1496 ULONG SubKeys;
1497
1499
1500 PAGED_CODE();
1501
1502 /* Get the processor mode */
1504
1505 /* Check for user-mode caller */
1507 {
1508 /* Prepare to probe parameters */
1509 _SEH2_TRY
1510 {
1511 /* Probe target key */
1512 ProbeForRead(TargetKey,
1515
1516 /* Probe handle count */
1517 ProbeForWriteUlong(HandleCount);
1518 }
1520 {
1521 /* Return the exception code */
1523 }
1524 _SEH2_END;
1525 }
1526
1527 /* Open a handle to the key */
1529 CmpKeyObjectType,
1530 PreviousMode,
1531 NULL,
1532 KEY_READ,
1533 NULL,
1534 &KeyHandle);
1536 {
1537 /* Reference the key object */
1539 KEY_READ,
1540 CmpKeyObjectType,
1541 PreviousMode,
1542 (PVOID*)&KeyBody,
1543 NULL);
1544
1545 /* Close the handle */
1547 }
1548
1549 /* Fail, if the key object could not be referenced */
1552
1553 /* Lock the registry exclusively */
1554 CmpLockRegistryExclusive();
1555
1556 /* Fail, if we did not open a hive root key */
1558 KeyBody->KeyControlBlock->KeyHive->BaseBlock->RootCell)
1559 {
1561 CmpUnlockRegistry();
1562 ObDereferenceObject(KeyBody);
1564 }
1565
1566 /* Call the internal API */
1569
1570 /* Unlock the registry */
1571 CmpUnlockRegistry();
1572
1573 /* Dereference the key object */
1574 ObDereferenceObject(KeyBody);
1575
1576 /* Write back the result */
1577 _SEH2_TRY
1578 {
1579 *HandleCount = SubKeys;
1580 }
1582 {
1584 }
1585 _SEH2_END;
1586
1588
1590}
ULONG NTAPI CmpEnumerateOpenSubKeys(_In_ PCM_KEY_CONTROL_BLOCK RootKcb, _In_ BOOLEAN LockHeldExclusively, _In_ BOOLEAN RemoveEmptyCacheEntries, _In_ BOOLEAN DereferenceOpenedEntries)
Definition: cmapi.c:2341
Referenced by START_TEST().
◆ NtQueryOpenSubKeysEx()
| NTSTATUS NTAPI NtQueryOpenSubKeysEx | ( | IN POBJECT_ATTRIBUTES | TargetKey, |
| IN ULONG | BufferLength, | ||
| IN PVOID | Buffer, | ||
| IN PULONG | RequiredSize | ||
| ) |
◆ NtQueryValueKey()
| NTSTATUS NTAPI NtQueryValueKey | ( | IN HANDLE | KeyHandle, |
| IN PUNICODE_STRING | ValueName, | ||
| IN KEY_VALUE_INFORMATION_CLASS | KeyValueInformationClass, | ||
| OUT PVOID | KeyValueInformation, | ||
| IN ULONG | Length, | ||
| OUT PULONG | ResultLength | ||
| ) |
Definition at line 744 of file ntapi.c.
750{
753 PCM_KEY_BODY KeyObject;
754 REG_QUERY_VALUE_KEY_INFORMATION QueryValueKeyInfo;
755 REG_POST_OPERATION_INFORMATION PostOperationInfo;
756 UNICODE_STRING ValueNameCopy;
757
758 PAGED_CODE();
759
762
763 /* Reject classes we don't know about */
769 {
770 /* Fail */
772 }
773
774 /* Verify that the handle is valid and is a registry key */
776 KEY_QUERY_VALUE,
777 CmpKeyObjectType,
778 PreviousMode,
779 (PVOID*)&KeyObject,
780 NULL);
783
785 {
786 _SEH2_TRY
787 {
789 ProbeForWrite(KeyValueInformation,
790 Length,
792 }
794 {
795 /* Dereference and return status */
796 ObDereferenceObject(KeyObject);
798 }
799 _SEH2_END;
800 }
801
802 /* Capture the string */
805 goto Quit;
806
807 /* Make sure the name is aligned properly */
809 {
810 /* It isn't, so we'll fail */
812 goto Quit;
813 }
814
815 /* Ignore any null characters at the end */
818 {
819 /* Skip it */
821 }
822
823 /* Setup the callback */
826 QueryValueKeyInfo.ValueName = &ValueNameCopy;
830
831 /* Do the callback */
834 {
835 /* Call the internal API */
837 ValueNameCopy,
839 KeyValueInformation,
840 Length,
841 ResultLength);
842
843 /* Do the post callback */
846 }
847
848Quit:
851
852 /* Dereference and return status */
853 ObDereferenceObject(KeyObject);
855}
NTSTATUS NTAPI CmQueryValueKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN UNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength)
Definition: cmapi.c:1074
Definition: cmtypes.h:776
KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
Definition: cmtypes.h:779
◆ NtRenameKey()
◆ NtReplaceKey()
| NTSTATUS NTAPI NtReplaceKey | ( | IN POBJECT_ATTRIBUTES | ObjectAttributes, |
| IN HANDLE | Key, | ||
| IN POBJECT_ATTRIBUTES | ReplacedObjectAttributes | ||
| ) |
Definition at line 1614 of file ntapi.c.
Referenced by RegReplaceKeyW().
◆ NtRestoreKey()
Definition at line 1624 of file ntapi.c.
Referenced by RegRestoreKeyW().
◆ NtSaveKey()
Definition at line 1634 of file ntapi.c.
1636{
1637 /* Call the extended API */
1639}
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE FileHandle
Definition: fltkernel.h:1231
NTSTATUS NTAPI NtSaveKeyEx(IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags)
Definition: ntapi.c:1643
Referenced by RegSaveKeyW(), and START_TEST().
◆ NtSaveKeyEx()
Definition at line 1643 of file ntapi.c.
1646{
1649 PCM_KEY_BODY KeyObject;
1651
1652 PAGED_CODE();
1653
1655
1656 /* Verify the flags */
1660 {
1661 /* Only one of these values can be specified */
1663 }
1664
1665 /* Validate privilege */
1667 {
1669 }
1670
1671 /* Make sure the target file handle is a kernel handle */
1673 IoFileObjectType,
1674 FILE_WRITE_DATA,
1675 PreviousMode,
1676 &KmFileHandle);
1678 goto Quit;
1679
1680 /* Verify that the handle is valid and is a registry key */
1682 KEY_READ,
1683 CmpKeyObjectType,
1684 PreviousMode,
1685 (PVOID*)&KeyObject,
1686 NULL);
1688 goto Quit;
1689
1690 /* Call the internal API */
1692
1693 /* Dereference the registry key */
1694 ObDereferenceObject(KeyObject);
1695
1696Quit:
1697 /* Close the local kernel handle */
1698 if (KmFileHandle)
1700
1702}
NTSTATUS NTAPI CmSaveKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN HANDLE FileHandle, IN ULONG Flags)
Definition: cmapi.c:2661
Referenced by CreateRegistryFile(), and NtSaveKey().
◆ NtSaveMergedKeys()
| NTSTATUS NTAPI NtSaveMergedKeys | ( | IN HANDLE | HighPrecedenceKeyHandle, |
| IN HANDLE | LowPrecedenceKeyHandle, | ||
| IN HANDLE | FileHandle | ||
| ) |
Definition at line 1706 of file ntapi.c.
1709{
1715
1716 PAGED_CODE();
1717
1719 HighPrecedenceKeyHandle, LowPrecedenceKeyHandle, FileHandle);
1720
1722
1723 /* Validate privilege */
1725 {
1727 }
1728
1729 /* Make sure the target file handle is a kernel handle */
1731 IoFileObjectType,
1732 FILE_WRITE_DATA,
1733 PreviousMode,
1734 &KmFileHandle);
1736 goto Quit;
1737
1738 /* Verify that the handles are valid and are registry keys */
1740 KEY_READ,
1741 CmpKeyObjectType,
1742 PreviousMode,
1743 (PVOID*)&HighPrecedenceKeyObject,
1744 NULL);
1746 goto Quit;
1747
1749 KEY_READ,
1750 CmpKeyObjectType,
1751 PreviousMode,
1752 (PVOID*)&LowPrecedenceKeyObject,
1753 NULL);
1755 goto Quit;
1756
1757 /* Call the internal API */
1759 LowPrecedenceKeyObject->KeyControlBlock,
1760 KmFileHandle);
1761
1762Quit:
1763 /* Dereference the opened key objects */
1764 if (LowPrecedenceKeyObject)
1765 ObDereferenceObject(LowPrecedenceKeyObject);
1766 if (HighPrecedenceKeyObject)
1767 ObDereferenceObject(HighPrecedenceKeyObject);
1768
1769 /* Close the local kernel handle */
1770 if (KmFileHandle)
1772
1774}
NTSTATUS NTAPI CmSaveMergedKeys(IN PCM_KEY_CONTROL_BLOCK HighKcb, IN PCM_KEY_CONTROL_BLOCK LowKcb, IN HANDLE FileHandle)
Definition: cmapi.c:2755
◆ NtSetInformationKey()
| NTSTATUS NTAPI NtSetInformationKey | ( | IN HANDLE | KeyHandle, |
| IN KEY_SET_INFORMATION_CLASS | KeyInformationClass, | ||
| IN PVOID | KeyInformation, | ||
| IN ULONG | KeyInformationLength | ||
| ) |
◆ NtSetValueKey()
| NTSTATUS NTAPI NtSetValueKey | ( | IN HANDLE | KeyHandle, |
| IN PUNICODE_STRING | ValueName, | ||
| IN ULONG TitleIndex | OPTIONAL, | ||
| IN ULONG | Type, | ||
| IN PVOID | Data, | ||
| IN ULONG | DataSize | ||
| ) |
Definition at line 859 of file ntapi.c.
865{
868 PCM_KEY_BODY KeyObject;
869 REG_SET_VALUE_KEY_INFORMATION SetValueKeyInfo;
870 REG_POST_OPERATION_INFORMATION PostOperationInfo;
871 UNICODE_STRING ValueNameCopy;
872
873 PAGED_CODE();
874
876
877 /* Verify that the handle is valid and is a registry key */
879 KEY_SET_VALUE,
880 CmpKeyObjectType,
881 PreviousMode,
882 (PVOID*)&KeyObject,
883 NULL);
886
889
890 /* Probe and copy the data */
892 {
894
895 _SEH2_TRY
896 {
898 }
900 {
902 }
903 _SEH2_END;
904
906 {
907 /* Dereference and return status */
908 ObDereferenceObject(KeyObject);
910 }
911
913 if (!DataCopy)
914 {
915 /* Dereference and return status */
916 ObDereferenceObject(KeyObject);
918 }
919
920 _SEH2_TRY
921 {
923 }
925 {
927 }
928 _SEH2_END;
929
931 {
932 /* Dereference and return status */
934 ObDereferenceObject(KeyObject);
936 }
937
938 Data = DataCopy;
939 }
940
941 /* Capture the string */
944 goto Quit;
945
948
949 /* Make sure the name is aligned, not too long, and the data under 4GB */
952 (DataSize > 0x80000000))
953 {
954 /* Fail */
956 goto Quit;
957 }
958
959 /* Ignore any null characters at the end */
962 {
963 /* Skip it */
965 }
966
967 /* Don't touch read-only keys */
969 {
970 /* Fail */
972 goto Quit;
973 }
974
975 /* Setup callback */
978 SetValueKeyInfo.ValueName = &ValueNameCopy;
983
984 /* Do the callback */
987 {
988 /* Call the internal API */
990 &ValueNameCopy,
991 Type,
992 Data,
993 DataSize);
994
995 /* Do the post-callback */
998 }
999
1000Quit:
1003
1006
1007 /* Dereference and return status */
1008 ObDereferenceObject(KeyObject);
1010}
NTSTATUS NTAPI CmSetValueKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN PUNICODE_STRING ValueName, IN ULONG Type, IN PVOID Data, IN ULONG DataLength)
Definition: cmapi.c:643
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
Definition: sort_test.cpp:77
Definition: cmtypes.h:711
Referenced by AddCodepageToRegistry(), AddFontsSettingsToRegistry(), AddHotkeySettings(), AddKbLayoutsToRegistry(), BasepMoveFileDelayed(), CmpCreateControlSet(), CmpInitializeMachineDependentConfiguration(), CmpInitializeRegistryNode(), CmpSetSystemValues(), CmpSetVersionData(), CreateSymLinkKey(), do_reg_operation(), InitFunctionPtrs(), InstallDriver(), Phase1InitializationDiscard(), ProcessLocaleRegistry(), RegpCopyTree(), RegSetValueExW(), SdbRegisterDatabaseEx(), SdbSetPermLayerKeys(), SetActiveComputerNameToRegistry(), SetComputerNameToRegistry(), SetDefaultPagefile(), SetGeoID(), SetLocaleInfoW(), SetMountedDeviceValue(), SetUserGeoID(), SetValueTest1(), SetValueTest2(), SmpCreateDynamicEnvironmentVariables(), SmpTranslateSystemPartitionInformation(), START_TEST(), test2(), test3(), and test6().
◆ NtUnloadKey()
| NTSTATUS NTAPI NtUnloadKey | ( | IN POBJECT_ATTRIBUTES | KeyObjectAttributes | ) |
Definition at line 1789 of file ntapi.c.
1790{
1792}
NTSTATUS NTAPI NtUnloadKey2(IN POBJECT_ATTRIBUTES TargetKey, IN ULONG Flags)
Definition: ntapi.c:1796
Referenced by DisconnectRegistry(), and RegUnLoadKeyW().
◆ NtUnloadKey2()
Definition at line 1796 of file ntapi.c.
1798{
1800 OBJECT_ATTRIBUTES CapturedTargetKey;
1803 CM_PARSE_CONTEXT ParseContext = {0};
1806 ULONG ParentConv = 0, ChildConv = 0;
1808
1809 PAGED_CODE();
1810
1811 /* Validate privilege */
1813 {
1816 }
1817
1818 /* Check for user-mode caller */
1820 {
1821 /* Prepare to probe parameters */
1822 _SEH2_TRY
1823 {
1824 /* Probe object attributes */
1825 ProbeForRead(TargetKey,
1828
1829 CapturedTargetKey = *TargetKey;
1830
1831 /* Probe the string */
1834 ObjectName.Length,
1836
1838 }
1840 {
1841 /* Return the exception code */
1843 }
1844 _SEH2_END;
1845 }
1846 else
1847 {
1848 /* Save the target attributes directly */
1849 CapturedTargetKey = *TargetKey;
1850 }
1851
1852 /* Make sure the target key root directory handle is a kernel handle */
1854 CmpKeyObjectType,
1855 KEY_WRITE,
1856 PreviousMode,
1857 &KmTargetKeyRootDir);
1860 CapturedTargetKey.RootDirectory = KmTargetKeyRootDir;
1862
1863 /* Setup the parse context */
1866
1867 /* Do the create */
1868 /* Open a local handle to the key */
1870 CmpKeyObjectType,
1871 KernelMode,
1872 NULL,
1873 KEY_WRITE,
1874 &ParseContext,
1875 &Handle);
1877 {
1878 /* Reference the key object */
1880 KEY_WRITE,
1881 CmpKeyObjectType,
1882 KernelMode,
1883 (PVOID*)&KeyBody,
1884 NULL);
1885
1886 /* Close the handle */
1888 }
1889
1890 /* Close the local kernel handle */
1891 if (KmTargetKeyRootDir)
1893
1894 /* Return if a failure was encountered */
1897
1898 /* Acquire the lock depending on flags */
1900 {
1901 /* Lock registry exclusively */
1902 CmpLockRegistryExclusive();
1903 }
1904 else
1905 {
1906 /* Lock registry */
1907 CmpLockRegistry();
1908
1909 /* Acquire the hive loading lock */
1911
1912 /* Lock parent and child */
1914 ParentConv = KeyBody->KeyControlBlock->ParentKcb->ConvKey;
1915 else
1916 ParentConv = KeyBody->KeyControlBlock->ConvKey;
1917
1918 ChildConv = KeyBody->KeyControlBlock->ConvKey;
1919
1920 CmpAcquireTwoKcbLocksExclusiveByKey(ChildConv, ParentConv);
1921 }
1922
1923 /* Check if it's being deleted already */
1925 {
1926 /* Return appropriate status */
1928 goto Quit;
1929 }
1930
1931 /* Check if it's a read-only key */
1933 {
1934 /* Return appropriate status */
1936 goto Quit;
1937 }
1938
1939 /* Call the internal API. Note that CmUnloadKey() unlocks the registry only on success. */
1941
1942 /* Check if we failed, but really need to succeed */
1944 {
1945 /* TODO: We should perform another attempt here */
1946 _SEH2_TRY
1947 {
1948 DPRINT1("NtUnloadKey2(%wZ): We want to force-unload the hive but couldn't unload it: Retrying is UNIMPLEMENTED!\n", TargetKey->ObjectName);
1949 }
1951 {
1952 }
1953 _SEH2_END;
1954 }
1955
1956 /* If CmUnloadKey() failed we need to unlock registry ourselves */
1958 {
1960 {
1961 /* Release the KCB locks */
1962 CmpReleaseTwoKcbLockByKey(ChildConv, ParentConv);
1963
1964 /* Release the hive loading lock */
1966 }
1967
1968 /* Unlock the registry */
1969 CmpUnlockRegistry();
1970 }
1971
1972Quit:
1973 /* Dereference the key */
1974 ObDereferenceObject(KeyBody);
1975
1976 /* Return status */
1978}
NTSTATUS NTAPI CmUnloadKey(IN PCM_KEY_CONTROL_BLOCK Kcb, IN ULONG Flags)
Definition: cmapi.c:2209
VOID NTAPI CmpAcquireTwoKcbLocksExclusiveByKey(IN ULONG ConvKey1, IN ULONG ConvKey2)
Definition: cmsysini.c:2079
VOID NTAPI CmpReleaseTwoKcbLockByKey(IN ULONG ConvKey1, IN ULONG ConvKey2)
Definition: cmsysini.c:2108
FORCEINLINE VOID ExAcquirePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1036
FORCEINLINE VOID ExReleasePushLockExclusive(PEX_PUSH_LOCK PushLock)
Definition: ex.h:1252
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
Referenced by DisconnectRegistry(), and NtUnloadKey().
◆ NtUnloadKeyEx()
◆ ProbeAndCaptureObjectAttributes()
| NTSTATUS ProbeAndCaptureObjectAttributes | ( | _Out_ POBJECT_ATTRIBUTES | CapturedObjectAttributes, |
| _Out_ PUNICODE_STRING | ObjectName, | ||
| _In_ KPROCESSOR_MODE | AccessMode, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ BOOLEAN | CaptureSecurity | ||
| ) |
Definition at line 53 of file ntapi.c.
59{
62 // PSECURITY_QUALITY_OF_SERVICE SecurityQos;
64
65 /* Zero out the Capture Data */
67
68 /* SEH everything here for protection */
69 _SEH2_TRY
70 {
71 /* Check if we got attributes */
73 {
74 /* Check if we're in user mode */
76 {
77 /* Probe the attributes */
81 }
82
83 /* Validate the Size and Attributes */
85 (ObjectAttributes->Attributes & ~OBJ_VALID_KERNEL_ATTRIBUTES)) // Understood as all the possible valid attributes
86 {
87 /* Invalid combination, fail */
89 }
90
91 /* Set some Create Info and do not allow user-mode kernel handles */
93 CapturedObjectAttributes->RootDirectory = ObjectAttributes->RootDirectory;
94 CapturedObjectAttributes->Attributes = ObpValidateAttributes(ObjectAttributes->Attributes, AccessMode);
95 LocalObjectName = ObjectAttributes->ObjectName;
97 // SecurityQos = ObjectAttributes->SecurityQualityOfService;
98
99 /* Check if we have a security descriptor */
101 {
102 /*
103 * Capture it.
104 * Note: This has an implicit memory barrier due
105 * to the function call, so cleanup is safe here.
106 */
108 AccessMode,
109 NonPagedPool,
110 TRUE,
111 &CapturedObjectAttributes->
112 SecurityDescriptor);
114 {
115 /* Capture failed, quit */
116 CapturedObjectAttributes->SecurityDescriptor = NULL;
118 }
119 }
120 else
121 {
122 CapturedObjectAttributes->SecurityDescriptor = NULL;
123 }
124
125#if 0
126// We don't use the QoS!
127
128 /* Check if we have QoS */
129 if (SecurityQos)
130 {
131 /* Check if we came from user mode */
133 {
134 /* Validate the QoS */
135 ProbeForRead(SecurityQos,
138 }
139
140 /* Save Info */
141 CapturedObjectAttributes->SecurityQualityOfService = *SecurityQos;
142 CapturedObjectAttributes->SecurityQos =
143 &CapturedObjectAttributes->SecurityQualityOfService;
144 }
145#else
146 CapturedObjectAttributes->SecurityQualityOfService = NULL;
147#endif
148 }
149 else
150 {
151 /* We don't have a name */
152 LocalObjectName = NULL;
153 }
154 }
156 {
157 /* Cleanup and return the exception code */
160 }
161 _SEH2_END;
162
163 /* Now check if the Object Attributes had an Object Name */
164 if (LocalObjectName)
165 {
167 }
168 else
169 {
170 /* Clear the string */
172
173 /* It cannot have specified a Root Directory */
174 if (CapturedObjectAttributes->RootDirectory)
175 {
177 }
178 }
179
180 /* Set the caputured object attributes name pointer to the one the user gave to us */
181 CapturedObjectAttributes->ObjectName = ObjectName;
182
183 /* Cleanup if we failed */
185 {
187 }
188
189 /* Return status to caller */
191}
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
Definition: ob_x.h:22
Definition: ms-dtyp.idl:301
Definition: lsa.idl:63
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Referenced by NtLoadKeyEx().
◆ ReleaseCapturedObjectAttributes()
| VOID ReleaseCapturedObjectAttributes | ( | _In_ POBJECT_ATTRIBUTES | CapturedObjectAttributes, |
| _In_ KPROCESSOR_MODE | AccessMode | ||
| ) |
Definition at line 27 of file ntapi.c.
30{
31 /* Check if we have a security descriptor */
32 if (CapturedObjectAttributes->SecurityDescriptor)
33 {
34 /* Release it */
35 SeReleaseSecurityDescriptor(CapturedObjectAttributes->SecurityDescriptor,
36 AccessMode,
37 TRUE);
38 CapturedObjectAttributes->SecurityDescriptor = NULL;
39 }
40
41 /* Check if we have an object name */
42 if (CapturedObjectAttributes->ObjectName)
43 {
44 /* Release it */
46 }
47}
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
Referenced by NtLoadKeyEx(), and ProbeAndCaptureObjectAttributes().
Variable Documentation
◆ CmBootAcceptFirstTime
Definition at line 16 of file ntapi.c.
Referenced by NtInitializeRegistry().
◆ CmFirstTime
Definition at line 17 of file ntapi.c.
Referenced by CmShutdownSystem(), and NtInitializeRegistry().
◆ InitSafeBootMode
|
extern |
Definition at line 71 of file init.c.
Referenced by NtLockProductActivationKeys().
