Hartmut Birr wrote:
I see two ways to solve the wrong referencing problem. The first one is, we create the key object and reference it again. One reference is for holding the key object in the parent key structure valid. The second reference is for the caller (ObFindObject..) and he could do what he want with it.
it should be this way
The problem is, the first reference is never removed and it is not possible to dereference (delete) the parent.
imo a key should always hold a reference to it's parent and dereference it when deleted (in the deletion callback), that would automatically delete all no longer used keys since they'd always dereference their parent, which might dereference even more keys nearer to the root key. when a key get's deleted it should be sufficient to mark it as deleted+unlink it from the parent key (while holding the registry lock) and remove it's keep-alive reference. as soon as sub-keys get freed, they'd just dereference their parents and if they get to dereference the parent key that was deleted it'd be directly freed.
Best Regards