📄 driver.cpp

📁 Windows 驱动开发技术详解书籍的配套代码
💻 CPP
📖 第 1 页 / 共 2 页
字号:
12 下一页
/************************************************************************
* 文件名称:Driver.cpp                                                 
* 作    者:张帆
* 完成日期:2007-11-1
*************************************************************************/

#include "Driver.h"


#define  MY_REG_SOFTWARE_KEY_NAME		L"\\Registry\\Machine\\Software\\Zhangfan"
#pragma INITCODE
VOID CreateRegTest() 
{
	//创建或打开某注册表项目
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感 
							NULL, 
							NULL );
	ULONG ulResult;
	//创建或带开注册表项目
	NTSTATUS ntStatus = ZwCreateKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes,
							0,
							NULL,
							REG_OPTION_NON_VOLATILE,
							&ulResult);

	if (NT_SUCCESS(ntStatus))
	{
		//判断是被新创建，还是已经被创建
		if(ulResult==REG_CREATED_NEW_KEY)
		{
			KdPrint(("The register item is created\n"));
		}else if(ulResult==REG_OPENED_EXISTING_KEY)
		{
			KdPrint(("The register item has been created,and now is opened\n"));
		}
	}

	//(2)创建或打开某注册表项目的子项
	UNICODE_STRING subRegUnicodeString;
	HANDLE hSubRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &subRegUnicodeString, 
		L"SubItem");

	OBJECT_ATTRIBUTES subObjectAttributes;
	//初始化subObjectAttributes
	InitializeObjectAttributes(&subObjectAttributes,
							&subRegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感 
							hRegister, 
							NULL );
	//创建或带开注册表项目
	ntStatus = ZwCreateKey( &hSubRegister,
							KEY_ALL_ACCESS,
							&subObjectAttributes,
							0,
							NULL,
							REG_OPTION_NON_VOLATILE,
							&ulResult);

	if (NT_SUCCESS(ntStatus))
	{
		//判断是被新创建，还是已经被创建
		if(ulResult==REG_CREATED_NEW_KEY)
		{
			KdPrint(("The sub register item is created\n"));
		}else if(ulResult==REG_OPENED_EXISTING_KEY)
		{
			KdPrint(("The sub register item has been created,and now is opened\n"));
		}
	}

	//关闭注册表句柄
	ZwClose(hRegister);
	ZwClose(hSubRegister);
}

#pragma INITCODE
VOID OpenRegTest()
{
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感
							NULL, 
							NULL );
	//打开注册表
	NTSTATUS ntStatus = ZwOpenKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes);

	if (NT_SUCCESS(ntStatus))
	{
		KdPrint(("Open register successfully\n"));
	}

	ZwClose(hRegister);
}

#pragma INITCODE
VOID DeleteItemRegTest()
{
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

#define MY_REG_SOFTWARE_KEY_NAME1 L"\\Registry\\Machine\\Software\\Zhangfan\\SubItem"
	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME1);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感
							NULL, 
							NULL );
	//打开注册表
	NTSTATUS ntStatus = ZwOpenKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes);

	if (NT_SUCCESS(ntStatus))
	{
		KdPrint(("Open register successfully\n"));
	}

	ntStatus = ZwDeleteKey(hRegister);
	if (NT_SUCCESS(ntStatus))
	{
		KdPrint(("Delete the item successfully\n"));
	}else if(ntStatus == STATUS_ACCESS_DENIED)
	{
		KdPrint(("STATUS_ACCESS_DENIED\n"));

	}else if(ntStatus == STATUS_INVALID_HANDLE)
	{
		KdPrint(("STATUS_INVALID_HANDLE\n"));
	}else
	{
		KdPrint(("Maybe the item has sub item to delete\n"));
	}

	ZwClose(hRegister);
}


#pragma INITCODE
VOID SetRegTest()
{
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感
							NULL, 
							NULL );
	//打开注册表
	NTSTATUS ntStatus = ZwOpenKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes);

	if (NT_SUCCESS(ntStatus))
	{
		KdPrint(("Open register successfully\n"));
	}

	UNICODE_STRING ValueName;
	//初始化ValueName
	RtlInitUnicodeString( &ValueName, L"REG_DWORD value");

	//设置REG_DWORD子键
	ULONG ulValue = 1000;
	ZwSetValueKey(hRegister,
				&ValueName,
				0,
				REG_DWORD,
				&ulValue,
				sizeof(ulValue));

	//初始化ValueName
	RtlInitUnicodeString( &ValueName, L"REG_SZ value");
	WCHAR* strValue = L"hello world";

	//设置REG_SZ子键
	ZwSetValueKey(hRegister,
				&ValueName,
				0,
				REG_SZ,
				strValue,
				wcslen(strValue)*2+2);


	//初始化ValueName
	RtlInitUnicodeString( &ValueName, L"REG_BINARY value");
	
	UCHAR buffer[10];
	RtlFillMemory(buffer,sizeof(buffer),0xFF);

	//设置REG_MULTI_SZ子键
	ZwSetValueKey(hRegister,
				&ValueName,
				0,
				REG_BINARY,
				buffer,
				sizeof(buffer));

	//关闭注册表句柄
	ZwClose(hRegister);
}

#pragma INITCODE
VOID QueryRegTest()
{
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感
							NULL, 
							NULL );
	//打开注册表
	NTSTATUS ntStatus = ZwOpenKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes);

	if (NT_SUCCESS(ntStatus))
	{
		KdPrint(("Open register successfully\n"));
	}

	UNICODE_STRING ValueName;
	//初始化ValueName
	RtlInitUnicodeString( &ValueName, L"REG_DWORD value");

	//读取REG_DWORD子键
	ULONG ulSize;
	ntStatus = ZwQueryValueKey(hRegister,
				&ValueName,
				KeyValuePartialInformation ,
				NULL,
				0,
				&ulSize);

	if (ntStatus==STATUS_OBJECT_NAME_NOT_FOUND || ulSize==0)
	{
		ZwClose(hRegister);
		KdPrint(("The item is not exist\n"));
		return;
	}
	PKEY_VALUE_PARTIAL_INFORMATION pvpi = 
		(PKEY_VALUE_PARTIAL_INFORMATION)
		ExAllocatePool(PagedPool,ulSize);

	ntStatus = ZwQueryValueKey(hRegister,
				&ValueName,
				KeyValuePartialInformation ,
				pvpi,
				ulSize,
				&ulSize);
	if (!NT_SUCCESS(ntStatus))
	{
		ZwClose(hRegister);
		KdPrint(("Read regsiter error\n"));
		return;
	}
	//判断是否为REG_DWORD类型
	if (pvpi->Type==REG_DWORD && pvpi->DataLength==sizeof(ULONG))
	{
		PULONG pulValue = (PULONG) pvpi->Data;
		KdPrint(("The value:%d\n",*pulValue));
	}

	ExFreePool(pvpi);

	//初始化ValueName
	RtlInitUnicodeString( &ValueName, L"REG_SZ value");
	//读取REG_SZ子键
	ntStatus = ZwQueryValueKey(hRegister,
				&ValueName,
				KeyValuePartialInformation ,
				NULL,
				0,
				&ulSize);

	if (ntStatus==STATUS_OBJECT_NAME_NOT_FOUND || ulSize==0)
	{
		ZwClose(hRegister);
		KdPrint(("The item is not exist\n"));
		return;
	}
	pvpi = 
		(PKEY_VALUE_PARTIAL_INFORMATION)
		ExAllocatePool(PagedPool,ulSize);

	ntStatus = ZwQueryValueKey(hRegister,
				&ValueName,
				KeyValuePartialInformation ,
				pvpi,
				ulSize,
				&ulSize);
	if (!NT_SUCCESS(ntStatus))
	{
		ZwClose(hRegister);
		KdPrint(("Read regsiter error\n"));
		return;
	}
	//判断是否为REG_SZ类型
	if (pvpi->Type==REG_SZ)
	{
		KdPrint(("The value:%S\n",pvpi->Data));
	}

	ZwClose(hRegister);
}

#pragma INITCODE
VOID EnumerateSubItemRegTest()
{
	UNICODE_STRING RegUnicodeString;
	HANDLE hRegister;

	//初始化UNICODE_STRING字符串
	RtlInitUnicodeString( &RegUnicodeString, 
		MY_REG_SOFTWARE_KEY_NAME);
	
	OBJECT_ATTRIBUTES objectAttributes;
	//初始化objectAttributes
	InitializeObjectAttributes(&objectAttributes,
							&RegUnicodeString,
							OBJ_CASE_INSENSITIVE,//对大小写敏感
							NULL, 
							NULL );
	//打开注册表
	NTSTATUS ntStatus = ZwOpenKey( &hRegister,
							KEY_ALL_ACCESS,
							&objectAttributes);

	if (NT_SUCCESS(ntStatus))
	{
12 下一页
💿 文件大小 1245 K
👤 上传用户 apsdn
📂 所属分类驱动编程
🏷️ 相关标签

#Windows #驱动 #开发技术 #书籍
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -