[myid]

Hi, everyone.
How to redirect registry key in registry callback?
I use RegEdit to test, OS environment is WIN7.
For example: redirect \\REGISTRY\\MACHINE\\SOFTWARE\\1111 to \\REGISTRY\\MACHINE\\SOFTWARE\\2222. These two keys are already exists.
I try to filter RegNtPreCreateKeyEx and RegNtPreOpenKeyEx, I can catch the call, but I cannot change the result.
1.Modify CompleteName and RootObject in PreInfo: no effect.
2.Use ZwCreateKey/ZwOpenKey to operate redirection key with original parameters, modify *ResultObject(convert handle to object by ObReferenceObjectByHandle), GrantedAccess and *Disposition(for RegNtPreOpenKeyEx only) after call: RegEdit cannot open the target key. No redirect effect.

[Brock]

This should help you override and redirect the operation but I haven't tested it.

http://joyasystems.com/sample-code%2FWi ... s%2Fpost.c

*see example CallbackPostNotificationOverrideError()*

[myid]

This should help you override and redirect the operation but I haven't tested it.

http://joyasystems.com/sample-code%2FWi ... s%2Fpost.c

*see example CallbackPostNotificationOverrideError()*

This code is come from WDK demo code package, but it cannot work (No effect for REGEDIT).

[Brock]

Microsoft's sample code doesn't work on Microsoft's Regedit? What do you mean it "cannot" work? Have you verified this with other registry editors/viewers?

[myid]

Microsoft's sample code doesn't work on Microsoft's Regedit? What do you mean it "cannot" work? Have you verified this with other registry editors/viewers?

https://github.com/Microsoft/Windows-dr ... ry/regfltr
You can test this code if you don't believe me.