📄 registryaccess.cpp
字号:
/*+++ *******************************************************************\
*
* Copyright and Disclaimer:
*
* ---------------------------------------------------------------
* This software is provided "AS IS" without warranty of any kind,
* either expressed or implied, including but not limited to the
* implied warranties of noninfringement, merchantability and/or
* fitness for a particular purpose.
* ---------------------------------------------------------------
*
* Copyright (c) 2008 Conexant Systems, Inc.
* All rights reserved.
*
\******************************************************************* ---*/
#include "RegistryAccess.h"
#include "debug.h"
RegistryAccess::RegistryAccess(PDEVICE_OBJECT pdo):
_pdo(pdo)
{
}
RegistryAccess::~RegistryAccess()
{
}
/////////////////////////////////////////////////////////////////////////////////////////
//RegistryAccess::readDword
//
// Read a DWORD value from the device's "DriverData" registry key.
//
// Parameters
// name - Name of the DWORD to read
//
// p_value - Receives the DWORD value. Remains unchanged if the value didn't exist.
//
// The expected usage is to set the value to it's default, and then call this function
// that will override the default if the registry value exists.
//
NTSTATUS
RegistryAccess::readDword(PWCHAR keyname, PCHAR name, PDWORD p_value)
{
_key_handle = openDriverKey(keyname, KEY_READ | KEY_WRITE, _pdo);
if(!_key_handle)
{
return STATUS_UNSUCCESSFUL;
}
UNICODE_STRING key_name;
ANSI_STRING a_key_name;
NTSTATUS status = STATUS_SUCCESS;
RtlInitAnsiString(&a_key_name, name);
status = RtlAnsiStringToUnicodeString(&key_name, &a_key_name, TRUE);
if(NT_SUCCESS(status))
{
DWORD buffer;
status = getValue(&key_name, (PCHAR)&buffer, sizeof(buffer));
if(NT_SUCCESS(status))
{
*p_value = buffer;
}
RtlFreeUnicodeString( &key_name );
}
ZwClose(_key_handle);
return status;
}
/////////////////////////////////////////////////////////////////////////////////////////
//RegistryAccess::readDword
//
// Read a DWORD value from the device's "DriverData" registry key.
//
// Parameters
// name - Name of the DWORD to read
//
// p_value - Receives the DWORD value. Remains unchanged if the value didn't exist.
//
// The expected usage is to set the value to it's default, and then call this function
// that will override the default if the registry value exists.
//
NTSTATUS
RegistryAccess::readDword(PCHAR name, PDWORD p_value)
{
return readDword(L"DriverData", name, p_value);
}
NTSTATUS
RegistryAccess::writeDword(PCHAR name, DWORD value)
{
_key_handle = openDriverKey(L"DriverData", KEY_READ | KEY_WRITE, _pdo);
if(!_key_handle)
{
return STATUS_UNSUCCESSFUL;
}
UNICODE_STRING key_name;
ANSI_STRING a_key_name;
NTSTATUS status = STATUS_SUCCESS;
RtlInitAnsiString(&a_key_name, name);
status = RtlAnsiStringToUnicodeString(&key_name, &a_key_name, TRUE);
if(NT_SUCCESS(status))
{
status = ZwSetValueKey(
_key_handle,
&key_name,
0,
REG_DWORD,
&value,
sizeof(DWORD));
RtlFreeUnicodeString(&key_name);
}
ZwClose(_key_handle);
return status;
}
/////////////////////////////////////////////////////////////////////////////////////////
//RegistryAccess::openDriverKey
//
// This is a private helper function that opens the driver's registry key.
//
// Parameters
// desired_access - KEY_READ, KEY_WRITE, etc.
//
HANDLE
RegistryAccess::openDriverKey(PWCHAR key_name,
ACCESS_MASK desired_access,
PDEVICE_OBJECT pdo)
{
HANDLE dev_handle = NULL;
NTSTATUS status = IoOpenDeviceRegistryKey(
pdo,
PLUGPLAY_REGKEY_DRIVER,
STANDARD_RIGHTS_ALL,
&dev_handle);
HANDLE key_handle = NULL;
if (NT_SUCCESS(status))
{
OBJECT_ATTRIBUTES attr;
UNICODE_STRING dev_data_name;
RtlInitUnicodeString(&dev_data_name, key_name);
InitializeObjectAttributes(
&attr,
&dev_data_name,
OBJ_INHERIT,
dev_handle,
NULL);
if(!NT_SUCCESS(ZwOpenKey(&key_handle, desired_access, &attr)))
{
DbgLog(("OpenDriverKey: ZwOpenKey failed!\n"));
}
if (!NT_SUCCESS(ZwClose(dev_handle)))
{
DbgLog(("OpenDriverKey: ZwClose failed!\n"));
}
}
return key_handle;
}
/////////////////////////////////////////////////////////////////////////////////////////
//RegistryAcess::getValue
//
// A private helper function for retreiving values from the registry.
//
// Parameters
// handle - Handle to the registry key
// key_name - Actually the value name
// data - buffer to receive the registry data
// data_length - length of data buffer
//
NTSTATUS
RegistryAccess::getValue( const PUNICODE_STRING key_name,
PCHAR data,
ULONG data_length)
{
NTSTATUS status = STATUS_INSUFFICIENT_RESOURCES;
ULONG length = sizeof( KEY_VALUE_FULL_INFORMATION ) + data_length + key_name->MaximumLength;
if(length % 8)
{
length = ((length /8) + 1 ) * 8;
}
PKEY_VALUE_FULL_INFORMATION full_info = (struct _KEY_VALUE_FULL_INFORMATION *)ExAllocatePoolWithTag(PagedPool, length, 'txnC');
if (full_info)
{
status = ZwQueryValueKey(
_key_handle,
key_name,
KeyValueFullInformation,
full_info,
length,
&length);
if (NT_SUCCESS(status))
{
if (data_length >= full_info->DataLength ) {
RtlCopyMemory(
data,
((PUCHAR) full_info) + full_info->DataOffset,
full_info->DataLength );
}
else
{
status = STATUS_BUFFER_TOO_SMALL;
} // buffer right length
} // if success
ExFreePool(full_info);
} // if fullinfo
return status;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -