How to access registry items under driver service registry key path of Win11 24H2 in a WDF driver?
I am currently utilizing a Kernel Mode Driver Framework (KMDF) driver, employing the RtlQueryRegistryValues function with parameters (RTL_REGISTRY_ABSOLUTE, L"\Registry\Machine\System\CurrentControlSet\Services...") to access specific registry entries.
However, upon enabling the verifier of version 24H2 (build 26100), I encountered an error recorded in the System.evtx log. The error message indicates a violation: "Registry operations should not use absolute paths. Detected querying of value(s) under unisolated registry key relative to RTL_REGISTRY_ABSOLUTE"
Consequently, I modified the initial parameter of RtlQueryRegistryValues to "RTL_REGISTRY_SERVICES." Subsequently, the error message in the System.evtx log changed to: "Registry operations should only use key handles returned from WDF or WDM APIs."
In an attempt to rectify this issue, I explored alternative approaches such as utilizing "WdfDeviceOpenRegistryKey" with parameters "PLUGPLAY_REGKEY_DEVICE" and "PLUGPLAY_REGKEY_DRIVER," as well as "WdfDriverOpenParametersRegistryKey." However, it appears that none of these methods successfully access the intended registry path "\Registry\Machine\System\CurrentControlSet\Services...". Furthermore, the absence of an API to retrieve the registry path following the invocation of "WdfDeviceOpenRegistryKey" exacerbates the challenge, as I am unable to ascertain the specific registry key opened by the function.
Presently, I am at a loss regarding how to access the driver service registry item without encountering error prompts. Moreover, I find it perplexing that while invoking WdfDriverGetRegistryPath(Driver) yields the correct path of the driver service, I am unable to identify the appropriate API to utilize this path effectively."