ZwRegistryOpen rule (wdm)
The ZwRegistryOpen rule specifies that after calling ZwOpenKey, the driver calls the following registry functions only while holding an open handle to a registry key (that is, before calling ZwClose or ZwDeleteKey):
This rule also specifies that the driver must not call ZwOpenKey if it is already holding an open handle to that registry key.
Finally, this rule specifies that the driver must not return from the dispatch routine or cancel routine while holding an open handle to a registry key.
This rule does not verify that the driver is holding an open handle to the correct registry key when it calls ZwClose or ZwDeleteKey.
Driver model: WDM
How to test
| At compile time |
|---|
Run Static Driver Verifier and specify the ZwRegistryOpen rule. Use the following steps to run an analysis of your code:
For more information, see Using Static Driver Verifier to Find Defects in Drivers. |
Applies to
ZwClose ZwCreateKey ZwDeleteKey ZwEnumerateKey ZwEnumerateValueKey ZwFlushKey ZwOpenKey ZwQueryKey ZwQueryValueKey ZwSetValueKey
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for