ZwRegistryCreate rule (wdm)
The ZwRegistryCreate rule specifies that after calling ZwCreateKey, the driver can call the following registry functions only while holding an open handle to the registry key (that is, before any calls to ZwClose or ZwDeleteKey to close or delete the handle to the registry key):
This rule also specifies that the driver must not call ZwCreateKey or ZwOpenKey if it is already holding an open handle to that registry key.
Finally, this rule specifies that the driver must not return from the dispatch routine or cancel routine while holding an open handle to a registry key.
This rule does not verify that the driver has called ZwCreateKey or ZwOpenKey to acquire handle to the registry key before closing or deleting it.
Driver model: WDM
How to test
| At compile time |
|---|
Run Static Driver Verifier and specify the ZwRegistryCreate rule. Use the following steps to run an analysis of your code:
For more information, see Using Static Driver Verifier to Find Defects in Drivers. |
Applies to
ZwClose ZwCreateKey ZwDeleteKey ZwEnumerateKey ZwEnumerateValueKey ZwFlushKey ZwQueryKey ZwQueryValueKey ZwSetValueKey
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for