Addition information:
Driver and user application are running on the same pc.
The problem is occured only on “real” hardware, not by testing in VMWare (os also Windows 7 64bit).
Code extract for write key in user land application:
…
wchar_t wRegPathComp[2048];
DWORD dwReturn = 0;
ULONG key1 = 5;
char Guid= “{8F3A08E7-2912-4041-8776-FE32C62EE548}-{A114D25F-FE31-41EE-AF0E-E4CBE3799DCD}-0000”;
wchar_t wcGuid[512];
DWORD GuidLength = 0;
DWORD dwBufLength = 512;
…
swprintf(wRegPathComp,
2048,
L"%hs%hs",
“SYSTEM\ControlSet001\services\bsptreiber\CONF”,
“TestKey”);
/* Src_IP */
if((dwReturn = RegSetKeyValue(USERLAND_HKEY,
wRegPathComp,
“Key1”,
REG_DWORD,
(void*)&(key1),
sizeof(key1))) == 0)
{
swprintf(wcGuid, 512, L"%hs", Guid);
GuidLength = (DWORD)wcslen(wcGuid)* sizeof(WCHAR);
bResult = DeviceIoControl(hTreiber,
IOCTL_FILTER_RESTART_ONE_INSTANCE,
wcGuid,
GuidLength,
NULL,
0,
&dwBufLength,
NULL);
}
…
}
Code extract for reading key in ndis filter driver:
Use_decl_annotations
NTSTATUS
bsptreiberDeviceIoControl(
PDEVICE_OBJECT DeviceObject,
PIRP Irp
)
{
…
case IOCTL_FILTER_RESTART_ONE_INSTANCE:
InputBuffer = OutputBuffer = (PUCHAR)Irp->AssociatedIrp.SystemBuffer;
InputBufferLength = IrpSp->Parameters.DeviceIoControl.InputBufferLength;
pFilter = filterFindFilterModule (InputBuffer, InputBufferLength);
if (pFilter == NULL)
{
break;
}
Status = NdisFRestartFilter(pFilter->FilterHandle);
break;
…
}
IRQL_requires_max(DISPATCH_LEVEL)
PMS_FILTER
filterFindFilterModule(
In_reads_bytes(BufferLength)
PUCHAR Buffer,
In ULONG BufferLength
)
{
PMS_FILTER pFilter;
PLIST_ENTRY Link;
BOOLEAN bFalse = FALSE;
FILTER_ACQUIRE_LOCK(&FilterListLock, bFalse);
Link = FilterModuleList.Flink;
while (Link != &FilterModuleList)
{
pFilter = CONTAINING_RECORD(Link, MS_FILTER, FilterModuleLink);
if (BufferLength >= pFilter->FilterModuleName.Length)
{
if (NdisEqualMemory(Buffer, pFilter->FilterModuleName.Buffer, pFilter->FilterModuleName.Length))
{
FILTER_RELEASE_LOCK(&FilterListLock, bFalse);
return pFilter;
}
}
Link = Link->Flink;
}
FILTER_RELEASE_LOCK(&FilterListLock, bFalse);
return NULL;
}
Use_decl_annotations
NDIS_STATUS
FilterRestart(
NDIS_HANDLE FilterModuleContext,
PNDIS_FILTER_RESTART_PARAMETERS RestartParameters
)
{
wchar_t keyDest[2048];
HANDLE pHandleRegKey;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING RegistryKeyName;
ULONG ulResult = 0;
PKEY_VALUE_PARTIAL_INFORMATION regValBuffer = NULL;
…
ntStatus = RtlStringCbPrintfW(keyDest,
2048,
L"%hs%hs",
“SYSTEM\ControlSet001\services\bsptreiber\CONF”,
“TestKey”);
if (ntStatus == STATUS_SUCCESS)
{
ntStatus = ZwOpenKey(&HandleRegKey,
KEY_READ,
&ObjectAttributes);
RtlInitUnicodeString(&RegistryKeyName,
keyDest);
InitializeObjectAttributes(&ObjectAttributes,
&RegistryKeyName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL, // handle
NULL);
RtlInitUnicodeString(&RegistryKeyName, L"Key1");
ntStatus = ZwQueryValueKey(handleRegKey,
&RegistryKeyName,
KeyValuePartialInformation,
NULL,
0,
&ulResult);
if ((ntStatus != STATUS_BUFFER_TOO_SMALL) && (ntStatus != STATUS_BUFFER_OVERFLOW))
{
DEBUGP(DL_TRACE, “ZwQueryValueKey failed %x\n”, ntStatus);
}
else
{
regValBuffer = (PKEY_VALUE_PARTIAL_INFORMATION)FILTER_ALLOC_MEM(FilterModuleContext, ulResult);
if (regValBuffer != NULL)
{
ntStatus = ZwQueryValueKey(handleRegKey,
&RegistryKeyName,
KeyValuePartialInformation,
regValBuffer,
ulResult,
&ulResult);
}
}
…
}