Cannot ZwQueryKey() HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
-
Thursday, April 28, 2011 3:35 AM
Hello,
We have a KMDF, non-PnP, kernel service that has been working great. During testing, we've discovered that when it tries to query the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
We receive the following error from ZwQueryKey() even though ZwOpenKey() was successful:
status: 0xC00000024, which is STATUS_OBJECT_TYPE_MISMATCH
Of course, our driver converts the user mode path to kernel mode. Anyway, for all other keys that we've tested, regular and symbolic, the code works properly.
So, I am hoping that someone may know what is special about this key... I think that it is related to performance information and it has two REG_MULTI_SZ
values: "Counter" and "Help".I am able to export this key, so I don't believe that it is corrupt. I was able to get information about it using www.somarsoft.com's dumpreg.exe. Its output
looked correct, but the last edit datetime, was a bizaar negative number.Anyway, I would really appreciate learning what you know about this key.
Thanks,
Mike
Here is the relevant code...
------------------
RtlZeroMemory(&attributes, sizeof(OBJECT_ATTRIBUTES));InitializeObjectAttributes(&attributes, (UNICODE_STRING*)key,
(OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE), NULL, NULL);status = ZwOpenKey(&hKey, KEY_ALL_ACCESS, &attributes);
.
.
.
status = ZwQueryKey(hKey, KeyFullInformation, NULL, 0, &resultLength);
All Replies
-
Thursday, April 28, 2011 7:03 AM
I did some research on just the registry key and have found an interesting trail
to follow...It seems that there is a known corruption issue for performance data. In my
case, the \009 indicates it the English version. In RegEdit, if you open the
key and go to the bottom of the Count and Help lists, there are blank lines,
which, according to what I have read is bad, bad, bad! I found that this
situation existed on my Vista 64-bit development computer and my Win7 64-bit
test system.So, I am thinking that STATUS_OBJECT_TYPE_MISMATCH is trying to say that some of
the data was bad when I tried to query this key.There is a very good summary of this issue at the following link,
and Microsoft has published a manual method to fix it. I will try to fix it and
see if this issue disappears. I will report my results...More to follow...
Mike
- Marked As Answer by Doron Holan [MSFT]Microsoft Community Contributor, Owner Tuesday, March 06, 2012 7:23 AM
