驱动注册表操作

驱动注册表操作

  (2009-12-05 22:04:51)

转载▼

标签：  杂谈

//------------------DeleteKey--------------------------------------------
NTSTATUS status = STATUS_SUCCESS;
HANDLE hSubKey;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING usRegistryPath;
RtlInitUnicodeString(&usRegistryPath,L"\\Registry\\Machine\\SOFTWARE\\3721\\CnsMin");
InitializeObjectAttributes(&oa, &usRegistryPath,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  

status=ZwOpenKey(&hSubKey, KEY_ALL_ACCESS, &oa);
DbgPrint("Open Key %d\n",status);

status=ZwDeleteKey(hSubKey);
DbgPrint("Delete Key %d\n",status);
    ZwClose(hSubKey);
//----------------------CreateKey-----------------------------------------
     NTSTATUS status = STATUS_SUCCESS;
HANDLE hSubKey;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING RegistryPath;
RtlInitUnicodeString(&RegistryPath,L"\\Registry\\Machine\\SOFTWARE\\3721\\CnsMin") ;
InitializeObjectAttributes(&oa, &RegistryPath,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  
   
status= ZwCreateKey(&hSubKey, KEY_ALL_ACCESS, &oa,0,&RegistryPath,REG_OPTION_NON_VOLATILE, NULL);
    ZwClose(hSubKey);
DbgPrint("Create Key %d\n",status);

//----------------------SetValue---------ULONG--------------------------------
NTSTATUS status = STATUS_SUCCESS;
HANDLE hSubKey;
ULONG dwKeyValue=1987;
UNICODE_STRING usValueName;
UNICODE_STRING usRegistryPath;
OBJECT_ATTRIBUTES oa;
OBJECT_ATTRIBUTES oa2;

RtlInitUnicodeString(&usRegistryPath,L"\\Registry\\Machine\\SOFTWARE\\3721\\CnsMin") ;
InitializeObjectAttributes(&oa, &usRegistryPath,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  
RtlInitUnicodeString(&usValueName,L"DrSmart") ;
InitializeObjectAttributes(&oa2, &usValueName,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  

    status= ZwCreateKey(&hSubKey, KEY_ALL_ACCESS, &oa,0,&usRegistryPath, REG_OPTION_NON_VOLATILE,NULL);
    DbgPrint("Create Key %d\n",status);
    status=ZwSetValueKey(hSubKey,&usValueName,0,REG_DWORD,&dwKeyValue,sizeof(ULONG));
    DbgPrint("Set Value %d\n",status);

    ZwClose(hSubKey);
//------------------SetValue---------WCHAR-----------------------------------------
NTSTATUS status = STATUS_SUCCESS;
HANDLE hSubKey;
OBJECT_ATTRIBUTES oa;
OBJECT_ATTRIBUTES oa2;
WCHAR   wszKeyValue[] = L"Welcome to Smart World";

UNICODE_STRING usValueName;
UNICODE_STRING usRegistryPath;
RtlInitUnicodeString(&usRegistryPath,L"\\Registry\\Machine\\SOFTWARE\\3721\\CnsMin") ;
InitializeObjectAttributes(&oa, &usRegistryPath,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  

RtlInitUnicodeString(&usValueName,L"DrSmart");
InitializeObjectAttributes(&oa2, &usValueName,(OBJ_KERNEL_HANDLE|OBJ_CASE_INSENSITIVE), NULL, NULL);  

    status= ZwCreateKey(&hSubKey, KEY_ALL_ACCESS, &oa,0,&usRegistryPath, REG_OPTION_NON_VOLATILE,NULL);
    DbgPrint("Create Key %d\n",status);
    status=ZwSetValueKey(hSubKey,&usValueName,0, REG_SZ,&wszKeyValue,sizeof(wszKeyValue)*2);
    DbgPrint("Set Value %d\n",status);
    ZwClose(hSubKey);

//--------------------------SetValue----------wchar---------------------------
WCHAR wszKeyValue[256]={0};
memset(wszKeyValue,0,256*2);
wcsncpy(wszKeyValue, L"F:\\Program Files\\Tencent\\TM\\TMShell.exe",256);
RtlWriteRegistryValue(RTL_REGISTRY_ABSOLUTE,L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows
       \\CurrentVersion\\Run",L"TM",REG_SZ,&wszKeyValue,wcslen(wszKeyValue)*2);
//-------------------check key exist--------------------------------------
status= RtlCheckRegistryKey(RTL_REGISTRY_ABSOLUTE,L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows
       \\CurrentVersion\\Run");
//-------------------------QueryValue-----------------------------------
UNICODE_STRING usKeyName;
    RTL_QUERY_REGISTRY_TABLE arrayTable[2];

    RtlInitUnicodeString( &usKeyName, NULL );
    RtlZeroMemory( arrayTable, sizeof(arrayTable) );

    arrayTable[0].Flags        = RTL_QUERY_REGISTRY_DIRECT;
    arrayTable[0].Name         = L"usKeyName";
    arrayTable[0].EntryContext = &usKeyName;
    arrayTable[0].DefaultType = REG_SZ;

   RtlQueryRegistryValues(RTL_REGISTRY_ABSOLUTE,L"\\Registry\\MACHINE\\HARDWARE\\DESCRIPTION\\System", arrayTable, NULL, NULL );
    DbgPrint("%S",usKeyName.Buffer);
    RtlFreeUnicodeString( &usKeyName );

//-------------------enum key---------------------------------------------
ULONG GetAdapterRegistry()
{
NTSTATUS status = STATUS_SUCCESS;
NDIS_STRING UC_SubKey = NDIS_STRING_CONST("\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\" );
NDIS_STRING UC_KeyValue = NDIS_STRING_CONST( "ImagePath" );
NDIS_STRING NetCardName;
UNICODE_STRING NetCardKey;
UNICODE_STRING NetCardDev;
HANDLE hKey, hKeyNet;
PWCHAR NetCardGuid = NULL;
ULONG i, lRtn;
UCHAR keyBuffer[2048]={0};

OBJECT_ATTRIBUTES KeyAttrib;
OBJECT_ATTRIBUTES KeyAttribNet;

PKEY_BASIC_INFORMATION pKeyInfo;
KEY_VALUE_PARTIAL_INFORMATION * KeyValueInfo;

RtlZeroMemory( &KeyAttrib, sizeof(OBJECT_ATTRIBUTES) );
RtlInitUnicodeString(&NetCardKey,L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services" );
InitializeObjectAttributes( &KeyAttrib, &NetCardKey, 0, NULL, NULL );

status = ZwOpenKey( &hKey, KEY_ALL_ACCESS, &KeyAttrib );
if( NT_SUCCESS(status) )
{
for( i = 0 ; ; i++ )
{
   RtlZeroMemory(keyBuffer, sizeof(keyBuffer));
   pKeyInfo = (PKEY_BASIC_INFORMATION) keyBuffer;
   status = ZwEnumerateKey( hKey, i, KeyBasicInformation, pKeyInfo, sizeof(keyBuffer), &lRtn );
   if (!NT_SUCCESS(status))
   {
    if (status != STATUS_NO_MORE_ENTRIES)
    {
     DbgPrint( "FindScsiAdapter: Error %lx enumerating key\n", status );
     return(status);
    }
    DbgPrint( "Enum Key Finished !\n" );
    break; // return NOT_FOUND
   }
    取得一个子键
   NetCardName.MaximumLength = UC_SubKey.Length + 2048 + sizeof(UNICODE_NULL);
   NetCardName.Length = UC_SubKey.Length;
   NetCardName.Buffer = ExAllocatePool( PagedPool, NetCardName.MaximumLength );
  
   if ( !NetCardName.Buffer )
   {
    DbgPrint("Can't allocate pool for NetCardName !\n" );
    continue;
   }
  
   RtlCopyUnicodeString( &NetCardName, &UC_SubKey );
   status = RtlAppendUnicodeToString( &NetCardName, pKeyInfo->Name );
  
   if (!NT_SUCCESS(status))
   {
    // DbgPrint( "%ws \n", NetCardName.Buffer );
    if( NetCardName.Buffer ) ExFreePool( NetCardName.Buffer );
    continue;
   }
  
   RtlZeroMemory( &KeyAttribNet, sizeof(OBJECT_ATTRIBUTES) );
   InitializeObjectAttributes( &KeyAttribNet, &NetCardName, 0, NULL, NULL );
   status = ZwOpenKey( &hKeyNet, KEY_ALL_ACCESS, &KeyAttribNet );
  
   if (!NT_SUCCESS(status))
   {
    DbgPrint( " Can`t Oepn Key : %ws \n", NetCardName.Buffer );
    if( NetCardName.Buffer ) ExFreePool( NetCardName.Buffer );
    continue;
   }
  
   DbgPrint( "%ws \n", NetCardName.Buffer) ;
  
   KeyValueInfo = (KEY_VALUE_PARTIAL_INFORMATION * )keyBuffer;
   status = ZwQueryValueKey( hKeyNet, &UC_KeyValue, KeyValuePartialInformation,
    KeyValueInfo, sizeof(keyBuffer), &lRtn );
  
   if ( NT_SUCCESS(status) )
   {
      
    NetCardDev.MaximumLength = 512 + 512 + sizeof(UNICODE_NULL);
    NetCardDev.Length = 512 + 512;
    NetCardDev.Buffer = ExAllocatePool( PagedPool, NetCardDev.MaximumLength );
   
    if ( NetCardDev.Buffer )
    {
     NetCardGuid = ExAllocatePool( NonPagedPool, KeyValueInfo->DataLength );
     DbgPrint( "%ws \n", KeyValueInfo->Data); //子键值
       if( NetCardDev.Buffer )
      ExFreePool( NetCardDev.Buffer );
    }
    else
     DbgPrint( "Can't allocate pool for NetCardDev !\n" );
   }
   else
    DbgPrint(" Can`t get Key value: %ws %x \n", UC_KeyValue.Buffer, status );
   if( NetCardName.Buffer ) ExFreePool( NetCardName.Buffer );
   ZwClose(hKeyNet);
}
ZwClose(hKey);
}
else
DbgPrint( "Can`t Open Registry \n!") ;

    return STATUS_SUCCESS;

}

转自：http://hi.baidu.com/xwind85/blog/item/6a32d2438941fc1973f05ddf.html