Software & Application Miscellaneous: ZwQueryValueKey

Hello,

I'm trying to query the computer name from the following registry key:
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
iveComputerName
The key is:
ComputerName

I can successfully pull this value out of the registry. However, it is in
the following format:
Name[0] = J 0x4a
Name[1] = \0 0x0
Name[2] = I 0x49
Name[3] = \0 0x0
.
.
.
Name[n-1] = \0 0x0
Name[n] = \0 0x0

I want to convert this unicode string to a regular string. However, when I call RtlUnicodeStringToAnsiString, I get an NTSTATUS error indicating that I have a buffer overrun.

Here is my call to RtlUnicodeStringToAnsiString:
RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname, (PUNICODE_STRING) valueInfoP->Data, FALSE);

I have done an ExAllocatePoolWithTag for the lHostname variable. Why doesn't this successfully convert to a regular string though?

I've tried everything (well, obviously not everything). Any help would be greatly appreciated.

Thank you,

Keywords & Tags: zwqueryvaluekey, software, application

URL: http://software.itags.org/software-application/240749/

«« Prev - Next »» 8 helpful answers below.

Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
lHostname and/or valueInfoP->Data are not valid pointers to valid
ANSI_STRING and UNICODE_STRING structures. You need to intialize all members
in both structures.

"John Thompson" <johnthompson1...hotmail.com> wrote in message
news:4106c732$1...news.xetron.com...
> Hello,
> I'm trying to query the computer name from the following registry key:
> L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> iveComputerName
> The key is:
> ComputerName
> I can successfully pull this value out of the registry. However, it is in
> the following format:
> Name[0] = J 0x4a
> Name[1] = \0 0x0
> Name[2] = I 0x49
> Name[3] = \0 0x0
> .
> .
> .
> Name[n-1] = \0 0x0
> Name[n] = \0 0x0
> I want to convert this unicode string to a regular string. However, when
> I
> call RtlUnicodeStringToAnsiString, I get an NTSTATUS error indicating that
> I
> have a buffer overrun.
> Here is my call to RtlUnicodeStringToAnsiString:
> RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname, (PUNICODE_STRING)
> valueInfoP->Data, FALSE);
> I have done an ExAllocatePoolWithTag for the lHostname variable. Why
> doesn't this successfully convert to a regular string though?
> I've tried everything (well, obviously not everything). Any help would be
> greatly appreciated.
> Thank you,
> -- John
>

nospam | Tue, 20 May 2008 08:03:00 GMT |

How to CAST from PUNICODE_STRING to PANSI_STRING?
<nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
:ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
> lHostname and/or valueInfoP->Data are not valid pointers to valid
> ANSI_STRING and UNICODE_STRING structures. You need to intialize all
members
> in both structures.
> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> news:4106c732$1...news.xetron.com...
> > Hello,
> >
> > I'm trying to query the computer name from the following registry key:
> >
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> > iveComputerName
> > The key is:
> > ComputerName
> >
> > I can successfully pull this value out of the registry. However, it is
in
> > the following format:
> > Name[0] = J 0x4a
> > Name[1] = \0 0x0
> > Name[2] = I 0x49
> > Name[3] = \0 0x0
> > .
> > .
> > .
> > Name[n-1] = \0 0x0
> > Name[n] = \0 0x0
> >
> > I want to convert this unicode string to a regular string. However,
when
> > I
> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error indicating
that
> > I
> > have a buffer overrun.
> >
> > Here is my call to RtlUnicodeStringToAnsiString:
> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname, (PUNICODE_STRING)
> > valueInfoP->Data, FALSE);
> >
> > I have done an ExAllocatePoolWithTag for the lHostname variable. Why
> > doesn't this successfully convert to a regular string though?
> >
> > I've tried everything (well, obviously not everything). Any help would
be
> > greatly appreciated.
> >
> > Thank you,
> > -- John
> >
> >
>

sean | Tue, 20 May 2008 08:04:00 GMT |

You cannot "cast" but you can "convert" with RtlUnicodeStringToAnsiString().
You have to properly initialize parameters for
RtlUnicodeStringToAnsiString(), which are structures, not pointers to
zero-terminated strings. Can you feel the difference?

Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:

char g_DebugComponent[]="Long long long output buffer";
ANSI_STRING stringDriverName;
UNICODE_STRING unicodeDriverName;

RtlInitAnsiString(&stringDriverName, g_DebugComponent);
RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be coverted");
RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName, FALSE);

"sean" <sigang...mti.xidian.edu.cn> wrote in message
news:ce76t4$a07$1...mail.cn99.com...
> How to CAST from PUNICODE_STRING to PANSI_STRING?
> <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
>> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
>> lHostname and/or valueInfoP->Data are not valid pointers to valid
>> ANSI_STRING and UNICODE_STRING structures. You need to intialize all
> members
>> in both structures.
>> "John Thompson" <johnthompson1...hotmail.com> wrote in message
>> news:4106c732$1...news.xetron.com...
>> > Hello,
>> >
>> > I'm trying to query the computer name from the following registry key:
>> >
> L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
>> > iveComputerName
>> > The key is:
>> > ComputerName
>> >
>> > I can successfully pull this value out of the registry. However, it is
> in
>> > the following format:
>> > Name[0] = J 0x4a
>> > Name[1] = \0 0x0
>> > Name[2] = I 0x49
>> > Name[3] = \0 0x0
>> > .
>> > .
>> > .
>> > Name[n-1] = \0 0x0
>> > Name[n] = \0 0x0
>> >
>> > I want to convert this unicode string to a regular string. However,
> when
>> > I
>> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error indicating
> that
>> > I
>> > have a buffer overrun.
>> >
>> > Here is my call to RtlUnicodeStringToAnsiString:
>> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
>> > (PUNICODE_STRING)
>> > valueInfoP->Data, FALSE);
>> >
>> > I have done an ExAllocatePoolWithTag for the lHostname variable. Why
>> > doesn't this successfully convert to a regular string though?
>> >
>> > I've tried everything (well, obviously not everything). Any help would
> be
>> > greatly appreciated.
>> >
>> > Thank you,
>> > -- John
>> >
>> >
>>
>

nospam | Tue, 20 May 2008 08:05:00 GMT |

Thanks guys,

I think I'm getting closer. This is what I have now:
ANSI_STRING lHostname;
UNICODE_STRING lUniHostname;
PKEY_VALUE_PARTIAL_INFORMATION PValueInfo;

RtlInitAnsiString(&lHostname, "Bla");
RtlInitUnicodeString(&lUniHostname, (PCWSTR) PValueInfo->Data);
// PValueInfo holds the value returned from the call to ZwQueryValueKey

status = RtlUnicodeStringToAnsiString(&lHostname, &lUniHostname, FALSE);
DbgPrint("ANSI = %s\n", lHostname.Buffer);

The DbgPrint seems to print out the first three letters of the computer's
name. However, status is still equal to:
0x80000005
This is still indicating a buffer overrun. Any other ideas?

Thanks again,
-- John

<nospam...cristalink.com> wrote in message
news:Orf29mFdEHA.3632...TK2MSFTNGP11.phx.gbl...
> You cannot "cast" but you can "convert" with
RtlUnicodeStringToAnsiString().
> You have to properly initialize parameters for
> RtlUnicodeStringToAnsiString(), which are structures, not pointers to
> zero-terminated strings. Can you feel the difference?
> Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:
> char g_DebugComponent[]="Long long long output buffer";
> ANSI_STRING stringDriverName;
> UNICODE_STRING unicodeDriverName;
> RtlInitAnsiString(&stringDriverName, g_DebugComponent);
> RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be
coverted");
> RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName,
FALSE);
>
> "sean" <sigang...mti.xidian.edu.cn> wrote in message
> news:ce76t4$a07$1...mail.cn99.com...
> > How to CAST from PUNICODE_STRING to PANSI_STRING?
> > <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> > :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> >> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
> >> lHostname and/or valueInfoP->Data are not valid pointers to valid
> >> ANSI_STRING and UNICODE_STRING structures. You need to intialize all
> > members
> >> in both structures.
> >>
> >> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> >> news:4106c732$1...news.xetron.com...
> >> > Hello,
> >> >
> >> > I'm trying to query the computer name from the following registry
key:
> >> >
> >
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> >> > iveComputerName
> >> > The key is:
> >> > ComputerName
> >> >
> >> > I can successfully pull this value out of the registry. However, it
is
> > in
> >> > the following format:
> >> > Name[0] = J 0x4a
> >> > Name[1] = \0 0x0
> >> > Name[2] = I 0x49
> >> > Name[3] = \0 0x0
> >> > .
> >> > .
> >> > .
> >> > Name[n-1] = \0 0x0
> >> > Name[n] = \0 0x0
> >> >
> >> > I want to convert this unicode string to a regular string. However,
> > when
> >> > I
> >> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error indicating
> > that
> >> > I
> >> > have a buffer overrun.
> >> >
> >> > Here is my call to RtlUnicodeStringToAnsiString:
> >> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
> >> > (PUNICODE_STRING)
> >> > valueInfoP->Data, FALSE);
> >> >
> >> > I have done an ExAllocatePoolWithTag for the lHostname variable. Why
> >> > doesn't this successfully convert to a regular string though?
> >> >
> >> > I've tried everything (well, obviously not everything). Any help
would
> > be
> >> > greatly appreciated.
> >> >
> >> > Thank you,
> >> > -- John
> >> >
> >> >
> >>
> >>
> >
> >
>

john | Tue, 20 May 2008 08:06:00 GMT |

Whoops. Thank you no spam. :-) It's times like these I feel like I forgot
my brain. I just initialized the ANSI_STRING to a bigger buffer (hence the
buffer overrun), and now it works.

Thanks again,
-- John

"John Thompson" <johnthompson1...hotmail.com> wrote in message
news:4107a358$1...news.xetron.com...
> Thanks guys,
> I think I'm getting closer. This is what I have now:
> ANSI_STRING lHostname;
> UNICODE_STRING lUniHostname;
> PKEY_VALUE_PARTIAL_INFORMATION PValueInfo;
> RtlInitAnsiString(&lHostname, "Bla");
> RtlInitUnicodeString(&lUniHostname, (PCWSTR) PValueInfo->Data);
> // PValueInfo holds the value returned from the call to ZwQueryValueKey
> status = RtlUnicodeStringToAnsiString(&lHostname, &lUniHostname, FALSE);
> DbgPrint("ANSI = %s\n", lHostname.Buffer);
> The DbgPrint seems to print out the first three letters of the computer's
> name. However, status is still equal to:
> 0x80000005
> This is still indicating a buffer overrun. Any other ideas?
> Thanks again,
> -- John
>
> <nospam...cristalink.com> wrote in message
> news:Orf29mFdEHA.3632...TK2MSFTNGP11.phx.gbl...
> > You cannot "cast" but you can "convert" with
> RtlUnicodeStringToAnsiString().
> > You have to properly initialize parameters for
> > RtlUnicodeStringToAnsiString(), which are structures, not pointers to
> > zero-terminated strings. Can you feel the difference?
> >
> > Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:
> >
> > char g_DebugComponent[]="Long long long output buffer";
> > ANSI_STRING stringDriverName;
> > UNICODE_STRING unicodeDriverName;
> >
> > RtlInitAnsiString(&stringDriverName, g_DebugComponent);
> > RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be
> coverted");
> > RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName,
> FALSE);
> >
> >
> >
> > "sean" <sigang...mti.xidian.edu.cn> wrote in message
> > news:ce76t4$a07$1...mail.cn99.com...
> > > How to CAST from PUNICODE_STRING to PANSI_STRING?
> > > <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> > > :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> > >> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
> > >> lHostname and/or valueInfoP->Data are not valid pointers to valid
> > >> ANSI_STRING and UNICODE_STRING structures. You need to intialize all
> > > members
> > >> in both structures.
> > >>
> > >> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> > >> news:4106c732$1...news.xetron.com...
> > >> > Hello,
> > >> >
> > >> > I'm trying to query the computer name from the following registry
> key:
> > >> >
> > >
>
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> > >> > iveComputerName
> > >> > The key is:
> > >> > ComputerName
> > >> >
> > >> > I can successfully pull this value out of the registry. However,
it
> is
> > > in
> > >> > the following format:
> > >> > Name[0] = J 0x4a
> > >> > Name[1] = \0 0x0
> > >> > Name[2] = I 0x49
> > >> > Name[3] = \0 0x0
> > >> > .
> > >> > .
> > >> > .
> > >> > Name[n-1] = \0 0x0
> > >> > Name[n] = \0 0x0
> > >> >
> > >> > I want to convert this unicode string to a regular string.
However,
> > > when
> > >> > I
> > >> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error
indicating
> > > that
> > >> > I
> > >> > have a buffer overrun.
> > >> >
> > >> > Here is my call to RtlUnicodeStringToAnsiString:
> > >> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
> > >> > (PUNICODE_STRING)
> > >> > valueInfoP->Data, FALSE);
> > >> >
> > >> > I have done an ExAllocatePoolWithTag for the lHostname variable.
Why
> > >> > doesn't this successfully convert to a regular string though?
> > >> >
> > >> > I've tried everything (well, obviously not everything). Any help
> would
> > > be
> > >> > greatly appreciated.
> > >> >
> > >> > Thank you,
> > >> > -- John
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
> >
>

john | Tue, 20 May 2008 08:07:00 GMT |

Don't use a string constant to initialize ANSI_STRING (and UNICODE_STRING)
if you plan to modify this string. It may be placed to read-only memory.

"John Thompson" <johnthompson1...hotmail.com> wrote in message
news:4107a358$1...news.xetron.com...
> Thanks guys,
> I think I'm getting closer. This is what I have now:
> ANSI_STRING lHostname;
> UNICODE_STRING lUniHostname;
> PKEY_VALUE_PARTIAL_INFORMATION PValueInfo;
> RtlInitAnsiString(&lHostname, "Bla");
> RtlInitUnicodeString(&lUniHostname, (PCWSTR) PValueInfo->Data);
> // PValueInfo holds the value returned from the call to ZwQueryValueKey
> status = RtlUnicodeStringToAnsiString(&lHostname, &lUniHostname, FALSE);
> DbgPrint("ANSI = %s\n", lHostname.Buffer);
> The DbgPrint seems to print out the first three letters of the computer's
> name. However, status is still equal to:
> 0x80000005
> This is still indicating a buffer overrun. Any other ideas?
> Thanks again,
> -- John
>
> <nospam...cristalink.com> wrote in message
> news:Orf29mFdEHA.3632...TK2MSFTNGP11.phx.gbl...
> > You cannot "cast" but you can "convert" with
> RtlUnicodeStringToAnsiString().
> > You have to properly initialize parameters for
> > RtlUnicodeStringToAnsiString(), which are structures, not pointers to
> > zero-terminated strings. Can you feel the difference?
> >
> > Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:
> >
> > char g_DebugComponent[]="Long long long output buffer";
> > ANSI_STRING stringDriverName;
> > UNICODE_STRING unicodeDriverName;
> >
> > RtlInitAnsiString(&stringDriverName, g_DebugComponent);
> > RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be
> coverted");
> > RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName,
> FALSE);
> >
> >
> >
> > "sean" <sigang...mti.xidian.edu.cn> wrote in message
> > news:ce76t4$a07$1...mail.cn99.com...
> > > How to CAST from PUNICODE_STRING to PANSI_STRING?
> > > <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> > > :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> > >> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks like
> > >> lHostname and/or valueInfoP->Data are not valid pointers to valid
> > >> ANSI_STRING and UNICODE_STRING structures. You need to intialize all
> > > members
> > >> in both structures.
> > >>
> > >> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> > >> news:4106c732$1...news.xetron.com...
> > >> > Hello,
> > >> >
> > >> > I'm trying to query the computer name from the following registry
> key:
> > >> >
> > >
>
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> > >> > iveComputerName
> > >> > The key is:
> > >> > ComputerName
> > >> >
> > >> > I can successfully pull this value out of the registry. However,
it
> is
> > > in
> > >> > the following format:
> > >> > Name[0] = J 0x4a
> > >> > Name[1] = \0 0x0
> > >> > Name[2] = I 0x49
> > >> > Name[3] = \0 0x0
> > >> > .
> > >> > .
> > >> > .
> > >> > Name[n-1] = \0 0x0
> > >> > Name[n] = \0 0x0
> > >> >
> > >> > I want to convert this unicode string to a regular string.
However,
> > > when
> > >> > I
> > >> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error
indicating
> > > that
> > >> > I
> > >> > have a buffer overrun.
> > >> >
> > >> > Here is my call to RtlUnicodeStringToAnsiString:
> > >> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
> > >> > (PUNICODE_STRING)
> > >> > valueInfoP->Data, FALSE);
> > >> >
> > >> > I have done an ExAllocatePoolWithTag for the lHostname variable.
Why
> > >> > doesn't this successfully convert to a regular string though?
> > >> >
> > >> > I've tried everything (well, obviously not everything). Any help
> would
> > > be
> > >> > greatly appreciated.
> > >> >
> > >> > Thank you,
> > >> > -- John
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
> >
>

alexander | Tue, 20 May 2008 08:08:00 GMT |

these are constant
1 RtlInitAnsiString(IHostname, "Bla");
2 PUCHAR pBla = "Bla";

this on the other hand is not constant and is safe b/c it is declared on the
stack in its entirety.
UCHAR bla[] = "Bla"

d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alexander Grigoriev" <alegr...earthlink.net> wrote in message
news:e3BMomKdEHA.2408...tk2msftngp13.phx.gbl...
> Don't use a string constant to initialize ANSI_STRING (and UNICODE_STRING)
> if you plan to modify this string. It may be placed to read-only memory.
> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> news:4107a358$1...news.xetron.com...
> > Thanks guys,
> >
> > I think I'm getting closer. This is what I have now:
> > ANSI_STRING lHostname;
> > UNICODE_STRING lUniHostname;
> > PKEY_VALUE_PARTIAL_INFORMATION PValueInfo;
> >
> > RtlInitAnsiString(&lHostname, "Bla");
> > RtlInitUnicodeString(&lUniHostname, (PCWSTR) PValueInfo->Data);
> > // PValueInfo holds the value returned from the call to ZwQueryValueKey
> >
> > status = RtlUnicodeStringToAnsiString(&lHostname, &lUniHostname, FALSE);
> > DbgPrint("ANSI = %s\n", lHostname.Buffer);
> >
> > The DbgPrint seems to print out the first three letters of the
computer's
> > name. However, status is still equal to:
> > 0x80000005
> > This is still indicating a buffer overrun. Any other ideas?
> >
> > Thanks again,
> > -- John
> >
> >
> >
> > <nospam...cristalink.com> wrote in message
> > news:Orf29mFdEHA.3632...TK2MSFTNGP11.phx.gbl...
> > > You cannot "cast" but you can "convert" with
> > RtlUnicodeStringToAnsiString().
> > > You have to properly initialize parameters for
> > > RtlUnicodeStringToAnsiString(), which are structures, not pointers to
> > > zero-terminated strings. Can you feel the difference?
> > >
> > > Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:
> > >
> > > char g_DebugComponent[]="Long long long output buffer";
> > > ANSI_STRING stringDriverName;
> > > UNICODE_STRING unicodeDriverName;
> > >
> > > RtlInitAnsiString(&stringDriverName, g_DebugComponent);
> > > RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be
> > coverted");
> > > RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName,
> > FALSE);
> > >
> > >
> > >
> > > "sean" <sigang...mti.xidian.edu.cn> wrote in message
> > > news:ce76t4$a07$1...mail.cn99.com...
> > > > How to CAST from PUNICODE_STRING to PANSI_STRING?
> > > > <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> > > > :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> > > >> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks
like
> > > >> lHostname and/or valueInfoP->Data are not valid pointers to valid
> > > >> ANSI_STRING and UNICODE_STRING structures. You need to intialize
all
> > > > members
> > > >> in both structures.
> > > >>
> > > >> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> > > >> news:4106c732$1...news.xetron.com...
> > > >> > Hello,
> > > >> >
> > > >> > I'm trying to query the computer name from the following registry
> > key:
> > > >> >
> > > >
> >
>
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> > > >> > iveComputerName
> > > >> > The key is:
> > > >> > ComputerName
> > > >> >
> > > >> > I can successfully pull this value out of the registry. However,
> it
> > is
> > > > in
> > > >> > the following format:
> > > >> > Name[0] = J 0x4a
> > > >> > Name[1] = \0 0x0
> > > >> > Name[2] = I 0x49
> > > >> > Name[3] = \0 0x0
> > > >> > .
> > > >> > .
> > > >> > .
> > > >> > Name[n-1] = \0 0x0
> > > >> > Name[n] = \0 0x0
> > > >> >
> > > >> > I want to convert this unicode string to a regular string.
> However,
> > > > when
> > > >> > I
> > > >> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error
> indicating
> > > > that
> > > >> > I
> > > >> > have a buffer overrun.
> > > >> >
> > > >> > Here is my call to RtlUnicodeStringToAnsiString:
> > > >> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
> > > >> > (PUNICODE_STRING)
> > > >> > valueInfoP->Data, FALSE);
> > > >> >
> > > >> > I have done an ExAllocatePoolWithTag for the lHostname variable.
> Why
> > > >> > doesn't this successfully convert to a regular string though?
> > > >> >
> > > >> > I've tried everything (well, obviously not everything). Any help
> > would
> > > > be
> > > >> > greatly appreciated.
> > > >> >
> > > >> > Thank you,
> > > >> > -- John
> > > >> >
> > > >> >
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> >
> >
>

doron | Tue, 20 May 2008 08:09:00 GMT |

Good to know. Thanks guys. I suppose you can tell I'm a little new to
driver development. :-)

Thanks for the help.

"Doron Holan [MS]" <doronh...nospam.microsoft.com> wrote in message
news:uRFe6WLdEHA.3728...TK2MSFTNGP09.phx.gbl...
> these are constant
> 1 RtlInitAnsiString(IHostname, "Bla");
> 2 PUCHAR pBla = "Bla";
> this on the other hand is not constant and is safe b/c it is declared on
the
> stack in its entirety.
> UCHAR bla[] = "Bla"
> d
> --
> Please do not send e-mail directly to this alias. this alias is for
> newsgroup purposes only.
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Alexander Grigoriev" <alegr...earthlink.net> wrote in message
> news:e3BMomKdEHA.2408...tk2msftngp13.phx.gbl...
> > Don't use a string constant to initialize ANSI_STRING (and
UNICODE_STRING)
> > if you plan to modify this string. It may be placed to read-only memory.
> >
> > "John Thompson" <johnthompson1...hotmail.com> wrote in message
> > news:4107a358$1...news.xetron.com...
> > > Thanks guys,
> > >
> > > I think I'm getting closer. This is what I have now:
> > > ANSI_STRING lHostname;
> > > UNICODE_STRING lUniHostname;
> > > PKEY_VALUE_PARTIAL_INFORMATION PValueInfo;
> > >
> > > RtlInitAnsiString(&lHostname, "Bla");
> > > RtlInitUnicodeString(&lUniHostname, (PCWSTR) PValueInfo->Data);
> > > // PValueInfo holds the value returned from the call to
ZwQueryValueKey
> > >
> > > status = RtlUnicodeStringToAnsiString(&lHostname, &lUniHostname,
FALSE);
> > > DbgPrint("ANSI = %s\n", lHostname.Buffer);
> > >
> > > The DbgPrint seems to print out the first three letters of the
> computer's
> > > name. However, status is still equal to:
> > > 0x80000005
> > > This is still indicating a buffer overrun. Any other ideas?
> > >
> > > Thanks again,
> > > -- John
> > >
> > >
> > >
> > > <nospam...cristalink.com> wrote in message
> > > news:Orf29mFdEHA.3632...TK2MSFTNGP11.phx.gbl...
> > > > You cannot "cast" but you can "convert" with
> > > RtlUnicodeStringToAnsiString().
> > > > You have to properly initialize parameters for
> > > > RtlUnicodeStringToAnsiString(), which are structures, not pointers
to
> > > > zero-terminated strings. Can you feel the difference?
> > > >
> > > > Copy-paste from ddk\src\wdm\videocap\atiwdm\atishare\registry.cpp:
> > > >
> > > > char g_DebugComponent[]="Long long long output buffer";
> > > > ANSI_STRING stringDriverName;
> > > > UNICODE_STRING unicodeDriverName;
> > > >
> > > > RtlInitAnsiString(&stringDriverName, g_DebugComponent);
> > > > RtlInitUnicodeString(&unicodeDriverName, L"Unicode string to be
> > > coverted");
> > > > RtlUnicodeStringToAnsiString(&stringDriverName, &unicodeDriverName,
> > > FALSE);
> > > >
> > > >
> > > >
> > > > "sean" <sigang...mti.xidian.edu.cn> wrote in message
> > > > news:ce76t4$a07$1...mail.cn99.com...
> > > > > How to CAST from PUNICODE_STRING to PANSI_STRING?
> > > > > <nospam...cristalink.com> Ð´ÈëÏûÏ¢ÐÂÎÅ
> > > > > :ukxoyZCdEHA.3016...tk2msftngp13.phx.gbl...
> > > > >> Why do you use PANSI_STRING and PUNICODE_STRING casts? It looks
> like
> > > > >> lHostname and/or valueInfoP->Data are not valid pointers to valid
> > > > >> ANSI_STRING and UNICODE_STRING structures. You need to intialize
> all
> > > > > members
> > > > >> in both structures.
> > > > >>
> > > > >> "John Thompson" <johnthompson1...hotmail.com> wrote in message
> > > > >> news:4106c732$1...news.xetron.com...
> > > > >> > Hello,
> > > > >> >
> > > > >> > I'm trying to query the computer name from the following
registry
> > > key:
> > > > >> >
> > > > >
> > >
> >
>
L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\Act
> > > > >> > iveComputerName
> > > > >> > The key is:
> > > > >> > ComputerName
> > > > >> >
> > > > >> > I can successfully pull this value out of the registry.
However,
> > it
> > > is
> > > > > in
> > > > >> > the following format:
> > > > >> > Name[0] = J 0x4a
> > > > >> > Name[1] = \0 0x0
> > > > >> > Name[2] = I 0x49
> > > > >> > Name[3] = \0 0x0
> > > > >> > .
> > > > >> > .
> > > > >> > .
> > > > >> > Name[n-1] = \0 0x0
> > > > >> > Name[n] = \0 0x0
> > > > >> >
> > > > >> > I want to convert this unicode string to a regular string.
> > However,
> > > > > when
> > > > >> > I
> > > > >> > call RtlUnicodeStringToAnsiString, I get an NTSTATUS error
> > indicating
> > > > > that
> > > > >> > I
> > > > >> > have a buffer overrun.
> > > > >> >
> > > > >> > Here is my call to RtlUnicodeStringToAnsiString:
> > > > >> > RtlUnicodeStringToAnsiString((PANSI_STRING) lHostname,
> > > > >> > (PUNICODE_STRING)
> > > > >> > valueInfoP->Data, FALSE);
> > > > >> >
> > > > >> > I have done an ExAllocatePoolWithTag for the lHostname
variable.
> > Why
> > > > >> > doesn't this successfully convert to a regular string though?
> > > > >> >
> > > > >> > I've tried everything (well, obviously not everything). Any
help
> > > would
> > > > > be
> > > > >> > greatly appreciated.
> > > > >> >
> > > > >> > Thank you,
> > > > >> > -- John
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>

john | Tue, 20 May 2008 08:10:00 GMT |

Software & Application Miscellaneous Related Links

Software & Application Miscellaneous Hot Answers

ZwQueryDirectoryFile
Question about ZwQueryDirectoryFile: The declaration of this funct is def'd as ....OUT PVOID FileInformation.... and FileInformation is said to be a pointer to a buffer... Should not this be the address of a pointer to a buffer... The returned buffer is to be freed with EXFreePool. I guess...
ZwMapViewOfSection returning a user mode address
ZwMapViewOfSection(, NtCurrentProcess(),...); returns a pointer to the address of my section, but it in one case this is a user mode address. When I do a subsequent call of ZwWriteFile(...another file...) I am using this address as input and it crashes bugcheck C4 because of this. What I need th...
ZwMapViewOfSection always blue screens my driver
hi I try to map a region in the page file to Iter process comunicate in kernel mode. with no further commet s I'll give show the code to see if its something wrong: NTSTATUS FillPortViewClient(PPORT_VIEW ClientView) { NTSTATUS Status; HANDLE hSection,hFile,hProc; PVOID BaseAddress=NULL; LAR...
ZWJ&XML
Unicode Technical Report #20 (Unicode in XML and other Markup Languages) specifies that Zero-width Joiners/ nonjoiners (ZWJ and ZWNJ) are suitable for use with in the markup. But when an xml file with the tags written in Malayalam using ZWJs (In Malayalam ZWJ is used to form certain characters)...
ZWiki RecentChanges as RSS feed
I've got a Zwiki instance that works just fine. If I visit it at I get a nicefeed of all the recent changes.But I don't want to reach it by URL, I want to reach itprogrammatically. How do I do that?"return self.wiki.RecentChanges()" gives an AttributeError.I've looked throught the...

Software & Application Miscellaneous New questions

ZwSetValueKey and registry replication in MSCS
Hi, I'm using the win32 reg function: ZwSetValueKey (from my driver) to set a key registered with a cluster resource. According to Microsoft documentation when a change to the local registry is made the checkpoint on the quorum is updated as well. Can I assume that the registry write and the...
ZwQueryKey with not opened handle?
Using Regmon I have watched registry operations during a process' initialization time.The weired thing is "ZwQueryKey's input handle and the result" Sometimes, ZwQueryKey uses not-yet-opened handle values and get SUCCESSFUL return value. how is this possible?(I am sure that my tests are correct,...
ZwQueryInformationFile(..FileAlignmentInformation..) always returns FILE_WORD_ALIGNMENT
GreetingsI'am assuming ZwQueryInformationFile(..FileAlignmentInformation..) to always return FILE_BYTE_ALIGNMENT(0) for files opened without FILE_NO_INTERMEDIATE_BUFFERING and FILE_512_BYTE_ALIGNMENT(0x1ff) for files opened with FILE_NO_INTERMEDIATE_BUFFERING on sector size = 512but for me the...
ZwQueryInformationFile Returns Wrong File Size
I am using ZwQueryInformationFile to obtain the size of a binary file that contains firmware. Problem is that 3 of the files return the correct size, however two files return a file size off-by-one (-1). So currently I am just doing a cheap hack. I use StandardInformation.EndOfFile.LowPart to...
ZwQueryInformationFile
Hello I'm using ZwQueryInformationFile to retreive a file name from a file handle. So i use the FileNameInformation class. Unfortunately the filename always begins with / (for example /Windows). My question is: how am i supposed to make a difference between C:\Windows and D:\Windows?...
ZwOpenFile issue
I have a filter driver that filters the UDF. When the UDF mounts the filter looks for certain files on the DVD to verify if it is something that I want to "filter". I use ZwOpenFile in the SetupCallback routine. This works fine except for one problem. If the last disc to be in the drive was one...
ZwMapViewOfSection() fails in free build driver on Windows XP x6
&SectionHaHi, I used shared memory object to share memory between multiple processes and a kernel mode driver. The application created the shared object using CreateFileMapping() and the driver maps it using ZwMapViewOfSection(). Application in this case is a 32bit application. Driver function...
ZwLockVirtualMemory Load-time error.
Hello, I couldnt find the solution to this anywhere. I am writing a kernel mode driver that needs to lock a particular page of an user-mode process (since I dont have the source for this, I can't use API calls from within the user-space process) so that it doesn't get paged out. I am u...
ZWiki with Zope 2.7, OS X Server 10.4.x
I installed ZWiki by unpacking and putting the folder into my ZopeProducts directory. I restarted Zope and ZWiki shows up as a validproduct. However, when I actually try to add a ZWiki from the "selecttype to add" pulldown menu, I get this error:Time2006/06/22 09:05:41.911 GMT-4User Name (User I...
zwiki users - own color text?
hi allI've had a search thro the mailing list, but can't find out how to set up zwiki so that each user's contribution to a wiki automatically shows up in a particular color, or failing that how the user themselves can change the color of their contributioni have access to a serve...

'ZwQueryValueKey', Total 8 answers.

Software & Application Miscellaneous: ZwQueryValueKey

Keywords & Tags: zwqueryvaluekey, software, application

Software & Application Miscellaneous Related Links

Software & Application Miscellaneous Hot Answers

Software & Application Miscellaneous New questions

Software & Application Miscellaneous Related Categories

Apache

BEA/Weblogic

Berkeley Software Design (BSD)

Business & Enterprise Application

Cisco

Computer Game Development

Crm

Debian

Desktop Environment (KDE)

Email Servers Technologies

Game Technologies

IBM/Websphere

Linux & Unix

Mac OS

Mozilla

Multimedia Technologies

Open Source Software

Oracle Technologies

PocketPC Developer

Samba

Software & Application Miscellaneous

Solaris Operating System