Geoff Chappell, Software Analyst
This function unregisters a shim if it is not currently applied to any driver.
NTSTATUS KseUnregisterShim ( KSE_SHIM *Shim, PVOID, PVOID);
Except for KSE_SHIM, the names and types in the preceding declaration are confected for this article, Microsoft’s being unknown.
The Shim argument is the address of a KSE_SHIM structure that describes the shim, including to specify a GUID for the shim.
The other arguments are ignored.
The function returns STATUS_SUCCESS if successful, else a negative error code.
The KseUnregisterShim function is exported by name from the kernel in version 6.2 and higher.
The KseUnregisterShim function is not documented. Nor is it declared in any header from any known Windows Driver Kit (WDK).
The function must be given a shim to unregister else it has nothing to do: if instead Shim is NULL, the function returns STATUS_INVALID_PARAMETER.
If some problem occurred while initialising the Kernel Shim Engine (KSE) such that it is not operational, there is no point trying to proceed, and the function returns STATUS_UNSUCCESSFUL.
A shim can be unregisered only if it’s registered but not in use. If no shim with the same GUID is currently registered, the function returns STATUS_OBJECT_NAME_NOT_FOUND. If the registered shim with the same GUID has a non-zero reference count, indicating that it is currently applied to a loaded driver, the function fails, returning STATUS_ACCESS_DENIED. Ordinarily, however, the structure that represents the registered shim is removed from the KSE’s list of such structures, and the shim thus becomes unregistered.