RtlQueryRegistryValues
- From: Ray Trent <rat@xxxxxxxxxxxxx>
- Date: Wed, 01 Nov 2006 10:08:26 -0800
I was just reading Doron's latest blog entry where he was talking about strings in the registry not being NULL terminated, and I realized that I have no idea how RtlQueryRegistryValues works when you specify RTL_QUERY_REGISTRY_DIRECT in the QueryTable.
Is this thing just a giant security hole waiting to happen or what?
It doesn't appear that you can specify the type of the value (at least if you also happen to pass RTL_QUERY_REGISTRY_REQUIRED... and I'm not sure that the DefaultValue constrains the DDI even if you don't), so how can you possibly pass in anything in the EntryContext that can hold the result regardless of what type that registry value happens to be?
I mean I suppose if you always passed in an 8 byte buffer where the first DWORD was 8 and the second 0, that it would technically work regardless of whether the value was a REG_SZ (where it would be interpreted as a UNICODE_STRING with a NULL buffer to be allocated, or a raw buffer of length 8, depending on what type the value was)... Is that what you have to do?
I'm perplexed that I can't find any discussion of this problem anywhere that I've looked (maybe that's because I haven't had my coffee this morning, and somehow it's not a problem, but...).
Sure... the correct answer is probably "use KMDF", but still I'm curious (besides, even in our KMDF driver we're still using RtlQueryRegistryValues in some places).
--
Ray
.
- Prev by Date: Re: PREfast (5744) fails some WDF headers, and thus my code too
- Next by Date: Re: PREfast (5744) fails some WDF headers, and thus my code too
- Previous by thread: Re: About allocating small blocks of memory often
- Next by thread: How to set KSPROPERTY_PIN_GLOBALCINSTANCES in minidriver?
- Index(es):
Relevant Pages
|
