Registry Callback Tests

This automated test exercises basic test cases for a registry filter driver.

Test details

Associated requirements

Filter.Driver.AntiVirus.MiniFilter Filter.Driver.AntiVirus.RegistryAndProcess Filter.Driver.FileSystem.MiniFilter Filter.Driver.FileSystem.RegistryAndProcess

See the filter hardware requirements.

Platforms

Windows 8 (x64) Windows 8 (x86) Windows Server 2012 (x64) Windows 8.1 x64 Windows 8.1 x86 Windows Server 2012 R2

Expected run time

~30 minutes

Categories

Certification

Type

Automated

 

Running the test

Before you run the test, complete the test setup as described in the test requirements: File System Testing Prerequisites.

Troubleshooting

For troubleshooting information, see Troubleshooting File System Testing.

All test cases return Pass or Fail. To review test details, review the test log from Windows Hardware Certification Kit (Windows HCK) Studio. For test failures, search for the term “+sev” in the log.

More information

This test includes the following test cases:

  • Altitude Conflict

  • CreateKey Block

  • CreateKey Bypass

  • CreateKey Override Access Denied

  • CreateKey Override Block

  • SetKeySecurity Bypass

  • Transacted CreateKey Bypass

  • Transacted CreateKey Bypass (No Commit)

  • Unregister Close Race

  • Save Restore Replace

To manually run each test case, use the following procedures.

To manually run the Altitude Conflict test case

  1. Register a callback at altitude 1000.

  2. Register another callback at the same altitude, and then verify that it fails.

  3. CreateKey the Monitor test.

  4. Register three of the same callbacks at altitudes 1000, 2000, and 3000. Set all three callbacks to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  5. Create a key, and then verify that it succeeds.

  6. Unregister the callbacks.

  7. Verify that each callback was invoked appropriately based on its altitude.

To manually run the CreateKey Block test case

  1. Register three of the same callbacks at altitudes 1000, 2000, and 3000.

  2. Set callbacks 1000 and 3000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  3. Set callback 2000 to “block” mode. This means that the callback will return an error status.

  4. Create a key, and then verify that it fails.

  5. Unregister the callbacks.

  6. Verify that each callback was invoked appropriately based on its altitude.

To manually run the CreateKey Bypass test case

  1. Register three of the same callbacks at altitudes 1000, 2000, and 3000.

  2. Set callbacks 1000 and 3000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  3. Set callback 2000 to “bypass” mode. This means that the callback will return an STATUS_CALLBACK_BYPASS and perform the operation on behalf of the registry.

  4. Create a key, and then verify that it succeeds.

  5. Unregister the callbacks.

  6. Verify that each callback was invoked appropriately based on its altitude.

To manually run the CreateKey Override Access Denied test case

  1. Create a key K1, and then set its discretionary access control list (DACL) to give read-only access.

  2. Create a key under K1. This should fail because of the read-only DACL.

  3. Register three of the same callbacks at altitudes 1000, 2000, and 3000. STATUS_CALLBACK_BYPASS.

  4. Set callbacks 1000 and 3000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  5. Set callback 2000 to “access denied bypass” mode. This means that the callback will perform the operation from user mode, not be blocked by the read-only DACL, and return.

  6. Create a key under K1, and then verify that it succeeds.

  7. Unregister the callbacks.

  8. Verify that each callback was invoked appropriately based on its altitude.

To manually run the CreateKey Override Block test case

  1. Register four of the same callbacks at altitudes 1000, 2000, 3000, and 4000.

  2. Set callbacks 1000 and 4000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  3. Set callback 2000 to “block” mode. This means that the callback will return STATUS_UNSUCCESSFUL.

  4. Set callback 3000 to “override failure” mode. This means that if the callback identifies STATUS_UNSUCCESSFUL in the post-operation callback, it will still perform the operation and return success.

  5. Create a key, and then verify that it succeeds.

  6. Unregister the callbacks.

  7. Verify that each callback was invoked appropriately based on its altitude.

To manually run the SetKeySecurity Bypass test case

  1. Register three of the same callbacks at altitudes 1000, 2000, and 3000.

  2. Set callbacks 1000 and 3000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  3. Set callback 2000 to “bypass” mode. This means that the callback will return STATUS_CALLBACK_BYPASS and perform the operation on behalf of the registry.

  4. Call RegSetKeySecurity to set the security descriptor of a key, and then verify that it succeeds.

  5. Unregister the callbacks.

  6. Verify that each callback was invoked appropriately based on its altitude.

To manually run the Transacted CreateKey Bypass test case

  1. Create a transaction T1.

  2. Create a key in the context of transaction T1.

  3. Verify that the key succeeds, and then delete it.

  4. Register three of the same callbacks at altitudes 1000, 2000, and 3000.

  5. Set callbacks 1000 and 3000 to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  6. Set callback 2000 to “bypass” mode. This means that the callback will return STATUS_CALLBACK_BYPASS and perform the operation on behalf of the registry.

  7. Create a key in the context of transaction T1, and then verify that it succeeds.

  8. Commit the transaction.

  9. Unregister the callbacks.

To manually run the Transacted CreateKey Bypass (No Commit) test case

  • Complete the same steps as in the Transacted CreateKey Bypass test case, but do not commit the transaction at the end.

To manually run the Unregister Close Race test case

  1. Start a thread that opens a test key, and then close the handle in a loop.

  2. In the original thread, register and unregister a callback 100 times.

  3. Signal the other thread to exit.

To manually run the Save Restore Replace test case

  1. Create a key under the software hive.

  2. Register a callback at altitude 1000 and set it to “monitor” mode. This means that the callback will do nothing but return STATUS_SUCCESS.

  3. Call RegSaveKey on the created key, and then verify that it succeeds.

  4. Call RegRestoreKey on the created key by using the hive file that RegSaveKey created, and then verify that it succeeds.

  5. Make a copy of the hive file.

  6. Load the original hive file under HKEY_LOCAL_MACHINE, and then verify that it succeeds.

  7. Call RegReplaceKey by using the copy of the hive file. This should fail with a sharing violation, but it will still trigger the callbacks for this operation.

  8. Unregister the callback, and then verify that it was invoked appropriately.

Command syntax

Command option Description

RegCbTestctrl.exe -regr

Runs the test.

 

Note  

For command-line help for this test binary, type /h.

 

File list

File Location

RegCbTestCtrl.exe

[WTT\TestBinRoot]\NTTEST\BASETEST\kernel\cm

RegCbTest.sys

[WTT\TestBinRoot]\NTTEST\BASETEST\kernel\cm

Ntlog.dll

 

 

 

Send comments about this topic to Microsoft