📄 registry.c
字号:
// Registry.c
//
// Generated by C DriverWizard 3.1.0 (Build 1722)
// Requires DDK Only
// File created on 1/23/2009
//
#include "pch.h"
#ifdef CHARSAMPLE_WMI_TRACE
#include "Registry.tmh"
#endif
///////////////////////////////////////////////////////////////////////////////////////////////////
// CharSampleRegQueryValueKey
// Queries the value of a value key in the registry
//
// Arguments:
// IN RegKeyHandle
// Handle to the root key
//
// IN SubKeyName
// Optional subkey path string
//
// IN ValueName
// Value name string
//
// OUT Length
// Storage for return length of data buffer
//
// Return Value:
// Pointer to data buffer, or NULL on error
//
PVOID CharSampleRegQueryValueKey(
IN HANDLE RegKeyHandle,
IN PWSTR SubKeyName,
IN PWSTR ValueName,
OUT PULONG Length
)
{
NTSTATUS status;
PKEY_VALUE_PARTIAL_INFORMATION buffer;
ULONG length;
UNICODE_STRING regPath;
UNICODE_STRING name;
PVOID retBuffer;
OBJECT_ATTRIBUTES objAttributes;
HANDLE hReg;
BOOLEAN bFreeHandle;
// Callers of ZwQueryValueKey must be at PASSIVE_LEVEL IRQL
ASSERT(KeGetCurrentIrql() == PASSIVE_LEVEL);
ASSERT(RegKeyHandle != NULL);
ASSERT(ValueName != NULL);
ASSERT(Length != NULL);
buffer = NULL;
retBuffer = NULL;
bFreeHandle = FALSE;
// Initialize the return length
*Length = 0;
do
{
// Check for subkey path
if (SubKeyName != NULL)
{
// Open a new handle
RtlInitUnicodeString(®Path, SubKeyName);
// Initialize a new object attributes
InitializeObjectAttributes(
&objAttributes,
®Path,
OBJ_CASE_INSENSITIVE,
RegKeyHandle,
NULL
);
status = ZwOpenKey(&hReg, KEY_ALL_ACCESS, &objAttributes);
if (!NT_SUCCESS(status))
{
CharSampleDebugPrint(DBG_PNP, DBG_WARN, __FUNCTION__ ": ZwOpenKey failed %x", status);
break;
}
// Indicate that we need to free a handle here
bFreeHandle = TRUE;
}
else
{
hReg = RegKeyHandle;
}
RtlInitUnicodeString(&name, ValueName);
status = ZwQueryValueKey(
hReg,
&name,
KeyValuePartialInformation,
NULL,
0,
&length
);
if ((status != STATUS_BUFFER_TOO_SMALL) && (status != STATUS_BUFFER_OVERFLOW))
{
CharSampleDebugPrint(DBG_PNP, DBG_WARN, __FUNCTION__ ": ZwQueryValueKey failed %x", status);
break;
}
buffer =
(PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool, length, CHARSAMPLE_POOL_TAG);
if (buffer == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
status = ZwQueryValueKey(
hReg,
&name,
KeyValuePartialInformation,
buffer,
length,
&length
);
if (!NT_SUCCESS(status))
{
CharSampleDebugPrint(DBG_PNP, DBG_WARN, __FUNCTION__ ": ZwQueryValueKey failed %x", status);
break;
}
}
while (FALSE);
// Allocate a buffer to return
if (NT_SUCCESS(status))
{
// Zero terminate strings just for ease of handling
if ((buffer->Type == REG_EXPAND_SZ) ||
(buffer->Type == REG_MULTI_SZ) ||
(buffer->Type == REG_SZ))
{
// Allocate buffer
retBuffer = ExAllocatePoolWithTag(
PagedPool,
buffer->DataLength + sizeof(WCHAR),
CHARSAMPLE_POOL_TAG
);
// Zero the buffer
RtlZeroMemory(retBuffer, buffer->DataLength + sizeof(WCHAR));
}
else
{
// Allocate buffer
retBuffer = ExAllocatePoolWithTag(PagedPool, buffer->DataLength, CHARSAMPLE_POOL_TAG);
}
}
if (retBuffer != NULL)
{
// Copy the registry data to the return buffer
RtlCopyMemory(retBuffer, (PVOID)buffer->Data, buffer->DataLength);
// Set the return buffer length
*Length = buffer->DataLength;
}
if (buffer != NULL)
{
// Free our allocated memory
ExFreePool(buffer);
buffer = NULL;
}
if (bFreeHandle)
{
// Close our reg key handle
ZwClose(hReg);
}
return retBuffer;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// CharSampleRegEnumerateKeys
// Enumerates and print names of subkeys using a given registry key handle.
//
// Arguments:
// IN RegKeyHandle
// Handle to root key
//
// Return Value:
// none
//
VOID CharSampleRegEnumerateKeys(
IN HANDLE RegKeyHandle
)
{
NTSTATUS status;
ULONG index;
PKEY_BASIC_INFORMATION regBuffer;
PWCHAR nameBuffer;
ULONG length;
status = STATUS_SUCCESS;
index = 0;
regBuffer = NULL;
nameBuffer = NULL;
while (status != STATUS_NO_MORE_ENTRIES)
{
// Get the buffer size necessary
status = ZwEnumerateKey(
RegKeyHandle,
index,
KeyBasicInformation,
NULL,
0,
&length
);
if ((status != STATUS_BUFFER_TOO_SMALL) && (status != STATUS_BUFFER_OVERFLOW))
{
if (status != STATUS_NO_MORE_ENTRIES)
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateKey failed %x", status);
}
else
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": Enumerated %d keys", index);
}
break;
}
regBuffer =
(PKEY_BASIC_INFORMATION)ExAllocatePoolWithTag(NonPagedPool, length, CHARSAMPLE_POOL_TAG);
if (regBuffer == NULL)
{
continue;
}
// Now actually attempt to get subkey info
status = ZwEnumerateKey(
RegKeyHandle,
index,
KeyBasicInformation,
regBuffer,
length,
&length
);
if (!NT_SUCCESS(status))
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateKey failed %x", status);
// Free our temporary storage
ExFreePool(regBuffer);
continue;
}
// Allocate a buffer for the display name
nameBuffer = (PWCHAR)ExAllocatePoolWithTag(
PagedPool,
regBuffer->NameLength + sizeof(WCHAR),
CHARSAMPLE_POOL_TAG
);
if (nameBuffer == NULL)
{
// Free our temporary storage
ExFreePool(regBuffer);
continue;
}
// NULL terminate the string
RtlZeroMemory(nameBuffer, regBuffer->NameLength + sizeof(WCHAR));
// Copy the name over
RtlCopyMemory(nameBuffer, regBuffer->Name, regBuffer->NameLength);
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateKey returned %S", nameBuffer);
// Free both buffers
ExFreePool(regBuffer);
ExFreePool(nameBuffer);
// Increment our index
++index;
}
return;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// CharSampleRegEnumerateValueKeys
// Enumerates and print names of sub value keys using a given registry key handle.
//
// Arguments:
// IN RegKeyHandle
// Handle to root key
//
// Return Value:
// none
//
VOID CharSampleRegEnumerateValueKeys(
IN HANDLE RegKeyHandle
)
{
NTSTATUS status;
ULONG index;
PKEY_VALUE_BASIC_INFORMATION regBuffer;
PWCHAR nameBuffer;
ULONG length;
status = STATUS_SUCCESS;
index = 0;
regBuffer = NULL;
nameBuffer = NULL;
while (status != STATUS_NO_MORE_ENTRIES)
{
// Get the buffer size necessary
status = ZwEnumerateValueKey(
RegKeyHandle,
index,
KeyValueBasicInformation,
NULL,
0,
&length
);
if ((status != STATUS_BUFFER_TOO_SMALL) && (status != STATUS_BUFFER_OVERFLOW))
{
if (status != STATUS_NO_MORE_ENTRIES)
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateValueKey failed %x", status);
}
else
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": Enumerated %d value keys", index);
}
break;
}
regBuffer =
(PKEY_VALUE_BASIC_INFORMATION)ExAllocatePoolWithTag(NonPagedPool, length, CHARSAMPLE_POOL_TAG);
if (regBuffer == NULL)
{
continue;
}
// Now actually attempt to get subkey info
status = ZwEnumerateValueKey(
RegKeyHandle,
index,
KeyValueBasicInformation,
regBuffer,
length,
&length
);
if (!NT_SUCCESS(status))
{
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateValueKey failed %x", status);
// Free our temporary storage
ExFreePool(regBuffer);
continue;
}
// Allocate a buffer for the display name
nameBuffer = (PWCHAR)ExAllocatePoolWithTag(
PagedPool,
regBuffer->NameLength + sizeof(WCHAR),
CHARSAMPLE_POOL_TAG
);
if (nameBuffer == NULL)
{
// Free our temporary storage
ExFreePool(regBuffer);
continue;
}
// NULL terminate the string
RtlZeroMemory(nameBuffer, regBuffer->NameLength + sizeof(WCHAR));
// Copy the name over
RtlCopyMemory(nameBuffer, regBuffer->Name, regBuffer->NameLength);
CharSampleDebugPrint(DBG_PNP, DBG_INFO, __FUNCTION__ ": ZwEnumerateValueKey returned %S", nameBuffer);
// Free both buffers
ExFreePool(regBuffer);
ExFreePool(nameBuffer);
// Increment our index
++index;
}
return;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -