Read unknown number of string values from a registry key

NTFSD
1

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo = NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status = ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status = ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i = 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status = ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status == STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status == STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte

********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

2

You need to build the UNICODE_STRING yourself. Of course your code has some
problems that have to be dealt with first, such as you need to allocate the
dirInfo buffer, and sizeof(dirInfo) is incorrect since that will be the size
of a pointer, not the size of the structure with additional space for the
string.

Assuming you fix the above (and any other items missing in the code), you
then simply need to have something like:

UNICODE_STRING str;

str->Length = (USHORT) dirInfo->NameLength;
str->MaximumLength = str->Length;
str->Buffer = dirInfo->Name;

Of course this will only last until the next ZwEnumerateValueKey so be sure
to process the string, or copy it before you go to the next entry.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Oliver, Jonathan (UK)” wrote in message
news:xxxxx@ntfsd…

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo = NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status = ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status = ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i = 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status = ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status == STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status == STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.

3

Look at RtlQueryRegistryValues

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Oliver, Jonathan (UK)”
To: “Windows File Systems Devs Interest List”
Sent: Monday, August 14, 2006 4:33 PM
Subject: [ntfsd] Read unknown number of string values from a registry key

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo = NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status = ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status = ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i = 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status = ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status == STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status == STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

How do I allocate the dirInfo buffer as you suggest?

Should the sizeof(dirInfo) parameter actually be
sizeof(KEY_VALUE_BASIC_INFORMATION) + sizeof(UNICODE_STRING)?=20

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: 14 August 2006 13:46
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Read unknown number of string values from a registry
key

*** WARNING ***

This mail has originated outside your organization, either from an
external partner or the Global Internet.=20
Keep this in mind if you answer this message.=20

You need to build the UNICODE_STRING yourself. Of course your code has
some problems that have to be dealt with first, such as you need to
allocate the dirInfo buffer, and sizeof(dirInfo) is incorrect since that
will be the size of a pointer, not the size of the structure with
additional space for the string.

Assuming you fix the above (and any other items missing in the code),
you then simply need to have something like:

UNICODE_STRING str;

str->Length =3D (USHORT) dirInfo->NameLength;
str->MaximumLength =3D str->Length;
str->Buffer =3D dirInfo->Name;

Of course this will only last until the next ZwEnumerateValueKey so be
sure to process the string, or copy it before you go to the next entry.

–=20
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Oliver, Jonathan (UK)” wrote in
message=20
news:xxxxx@ntfsd…

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo =3D NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status =3D ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status =3D ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i =3D 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status =3D ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status =3D=3D STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status =3D=3D STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
 =20


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=3D17

You are currently subscribed to ntfsd as: xxxxx@baesystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

5

Either allocate a reasonable size buffer estimate the size of the largest
string plus something, or issue the call ZwEnumerateValueKey call twice.
For the latter, the first time you call ZwEnumerateValueKey use a length of
zero and then use the value returned in nbytes to allocate the buffer, and
as the input lenght for the second ZwEnumerateValueKey call. Be sure to
free the buffer afterward.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com

“Oliver, Jonathan (UK)” wrote in message
news:xxxxx@ntfsd…
How do I allocate the dirInfo buffer as you suggest?

Should the sizeof(dirInfo) parameter actually be
sizeof(KEY_VALUE_BASIC_INFORMATION) + sizeof(UNICODE_STRING)?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: 14 August 2006 13:46
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Read unknown number of string values from a registry
key

WARNING

This mail has originated outside your organization, either from an
external partner or the Global Internet.
Keep this in mind if you answer this message.

You need to build the UNICODE_STRING yourself. Of course your code has
some problems that have to be dealt with first, such as you need to
allocate the dirInfo buffer, and sizeof(dirInfo) is incorrect since that
will be the size of a pointer, not the size of the structure with
additional space for the string.

Assuming you fix the above (and any other items missing in the code),
you then simply need to have something like:

UNICODE_STRING str;

str->Length = (USHORT) dirInfo->NameLength;
str->MaximumLength = str->Length;
str->Buffer = dirInfo->Name;

Of course this will only last until the next ZwEnumerateValueKey so be
sure to process the string, or copy it before you go to the next entry.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Oliver, Jonathan (UK)” wrote in
message
news:xxxxx@ntfsd…

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo = NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status = ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status = ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i = 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status = ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status == STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status == STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@baesystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

>Should the sizeof(dirInfo) parameter actually be

sizeof(KEY_VALUE_BASIC_INFORMATION) + sizeof(UNICODE_STRING)?

The first call to ZwQueryValueKey should return you the required allocation
size.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

7

Thanks for your help, I now have a UNICODE_STRING created on each time
through the loop of registry data in the key.=20

I need to store all these strings in an array that is accessible from
other functions in my driver (originally the driver hardcoded an array
of UNICODE_STRINGS, my work at the moment is to remove this hardcoded
array so the data can be read from the registry instead).=20

The number of strings to store is determined by a call to ZwQueryKey for
KeyFullInformation which precedes the ZwEnumerateValueKey loop. As I
don’t know this value until run-time, how can I then declare an array of
the appropiate size to store the strings?

I tried declaring a global variable as follows:

UNICODE_STRING DirNamesToScan =3D {0, 0, NULL};

Then after constructing the string from the registry data
UNICODE_STRING, calling=20


RtlInitUnicodeString(&str,Data);
DirNamesToScan[i] =3D str;
i++

But this just changes the first string in the array with each loop,
rather than adding additional strings to it.

Do I need to do some memory manipulation to get this to work, ie
DirNamesToScan as a memory buffer and copying str.Buffer into it, then
reparsing DirNamesToScan into unicode_strings?

Any suggestions?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: 14 August 2006 13:46
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Read unknown number of string values from a registry
key

*** WARNING ***

This mail has originated outside your organization, either from an
external partner or the Global Internet.=20
Keep this in mind if you answer this message.=20

You need to build the UNICODE_STRING yourself. Of course your code has
some problems that have to be dealt with first, such as you need to
allocate the dirInfo buffer, and sizeof(dirInfo) is incorrect since that
will be the size of a pointer, not the size of the structure with
additional space for the string.

Assuming you fix the above (and any other items missing in the code),
you then simply need to have something like:

UNICODE_STRING str;

str->Length =3D (USHORT) dirInfo->NameLength;
str->MaximumLength =3D str->Length;
str->Buffer =3D dirInfo->Name;

Of course this will only last until the next ZwEnumerateValueKey so be
sure to process the string, or copy it before you go to the next entry.

–=20
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Oliver, Jonathan (UK)” wrote in
message=20
news:xxxxx@ntfsd…

My file system filter driver needs to read an unknown number of strings
from the registry at start-up.

These are in the key
\Registry\Machine\System\CurrentControlSet\Services\FileSystemFilterDriv
er\Directories.

I am trying to call ZwEnumerateValue key in a loop until this returns
STATUS_NO_MORE_ENTRIES.

How do I extract the registry data for each value into a unicode string?

Here is my code:

VOID

ReadDriverParameters (

IN PUNICODE_STRING RegistryPath

)

{

OBJECT_ATTRIBUTES attributes;

OBJECT_ATTRIBUTES oa;

HANDLE driverRegKey;

HANDLE driverParamsRegKey;

NTSTATUS status;

UNICODE_STRING subDirName;

ULONG i;

PKEY_VALUE_BASIC_INFORMATION dirInfo =3D NULL;

PAGED_CODE();

//Get a handle to the registry root path for our driver

InitializeObjectAttributes( &attributes,

RegistryPath,

OBJ_CASE_INSENSITIVE,

NULL,

NULL );

status =3D ZwOpenKey( &driverRegKey,

KEY_READ,

&attributes );

//The drivers parameters are in a sub-key named Directories

RtlInitUnicodeString( &subDirName, L"Directories" );

//Open the Directories sub-key

InitializeObjectAttributes( &oa,

&subDirName,

OBJ_CASE_INSENSITIVE,

driverRegKey, //HANDLE

NULL );

//Open the subkey and get a handle to it

status =3D ZwOpenKey( &driverParamsRegKey,

KEY_READ,

&oa );

if (!NT_SUCCESS( status ))

{

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to open directories
registry sub-key %X\n”,status);

return;

}

//Loop through the sub-key and read all the directory names

i =3D 0;

while (TRUE)

{

NTSTATUS status;

ULONG nbytes;

status =3D ZwEnumerateValueKey(

driverParamsRegKey,

i,

KeyValueBasicInformation,

dirInfo,

sizeof(dirInfo),

&nbytes

);

if (status =3D=3D STATUS_NO_MORE_ENTRIES) {

DbgPrint(“!!! FileSystemFilterDriver.sys – ReadDriverParameters -
STATUS_NO_MORE_ENTRIES\n”);

break;

}

if (status =3D=3D STATUS_BUFFER_OVERFLOW) {

DbgPrint(“!!! FileSystemFilterDriver.sys – failed to read directories -
STATUS_BUFFER_OVERFLOW\n”);

i++;

continue;

}

//Store the name from DirInfo into a UNICODE_STRING

//Read the next value

i++;

}

// Close the registry handle

ZwClose(driverParamsRegKey);

}

Jonathan Oliver
WinST
BAE Systems Insyte


This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
 =20


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=3D17

You are currently subscribed to ntfsd as: xxxxx@baesystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com