ZwRegistryCreate rule (wdm)

The ZwRegistryCreate rule specifies that after calling ZwCreateKey, the driver can call the following registry functions only while holding an open handle to the registry key (that is, before any calls to ZwClose or ZwDeleteKey to close or delete the handle to the registry key):

• ZwClose

• ZwDeleteKey

• ZwEnumerateKey

• ZwEnumerateValueKey

• ZwFlushKey

• ZwQueryKey

• ZwQueryValueKey

• ZwSetValueKey

This rule also specifies that the driver must not call ZwCreateKey or ZwOpenKey if it is already holding an open handle to that registry key.

Finally, this rule specifies that the driver must not return from the dispatch routine or cancel routine while holding an open handle to a registry key.

This rule does not verify that the driver has called ZwCreateKey or ZwOpenKey to acquire handle to the registry key before closing or deleting it.

Driver model: WDM

How to test

At compile time
Run Static Driver Verifier and specify the ZwRegistryCreate rule. Use the following steps to run an analysis of your code: Prepare your code (use role type declarations). Run Static Driver Verifier. View and analyze the results. For more information, see Using Static Driver Verifier to Find Defects in Drivers.

Applies to

ZwClose ZwCreateKey ZwDeleteKey ZwEnumerateKey ZwEnumerateValueKey ZwFlushKey ZwQueryKey ZwQueryValueKey ZwSetValueKey