RtlValidateCorrelationVector function

Validates the specified correlation vector to check whether it conforms to the Correlation Vector Specification (v2). The function specifically checks if the first 22 bytes are a valid base64 representation of a 16 byte buffer and the remaining characters match the (.\d+)+ regular expression.

Syntax

NTSYSAPI NTSTATUS RtlValidateCorrelationVector(
  PCORRELATION_VECTOR Vector
);

Parameters

Vector

A pointer to a CORRELATION_VECTOR structure that represents the correlation vector to be validated.

Return Value

Returns an NTSTATUS value that indicates the success of failure of the operation.

Return code Description
STATUS_SUCCESS
The correlation vector is valid.
STATUS_INVALID_PARAMETER
The supplied correlation vector is invalid.

Requirements

   
Minimum supported client Windows 10, version 1709
Minimum supported server Windows Server 2016
Target Platform Windows
Header ntddk.h
Library NtosKrnl.lib
DLL NtosKrnl.exe (kernel mode)
IRQL PASSIVE_LEVEL