大理寺少卿 发表于 2025-3-16 19:57:45

驱动开发与系统原理-设置读取

代码
----

key的类型

![](https://raw.githubusercontent.com/Whitebird0/tuchuang/main/QQ%E6%88%AA%E5%9B%BE20211208232824.png)


```
#include<ntifs.h>
NTSTATUS SetRegValueCall() {
HANDLE hKey = NULL;
NTSTATUS ntStatus = STATUS_SUCCESS;
//对象属性
OBJECT_ATTRIBUTES ObjectArt;
ULONG uRet;
//设置数值的key的路径
UNICODE_STRING usRegPath = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Whitebird\\helloworld");
//初始化对象
InitializeObjectAttributes(&ObjectArt, &usRegPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
//打开key
ntStatus = ZwOpenKey(&hKey, KEY_ALL_ACCESS, &ObjectArt);
if (NT_SUCCESS(ntStatus))
{
    //key的名称KeyName1
    UNICODE_STRING uskeyname1 = RTL_CONSTANT_STRING(L"KeyName1");
    //key的类型有多种可以自己选择,见上图
    ZwSetValueKey(hKey, &uskeyname1, 0, REG_BINARY, "Hello", strlen("Hello"));
    //key的名称KeyName2
    UNICODE_STRING uskeyname2 = RTL_CONSTANT_STRING(L"KeyName2");
    ZwSetValueKey(hKey, &uskeyname2, 0, REG_SZ, L"Whitebird", wcslen(L"Whitebird")*sizeof(WCHAR));
    //关闭句柄
    ZwClose(hKey);
}
else {
    DbgPrint("OpenKey Failed!");
    return        ntStatus;
}
}

NTSTATUS ReadRegValueCall() {
HANDLE hKey = NULL;
NTSTATUS ntStatus = STATUS_SUCCESS;
//对象属性
OBJECT_ATTRIBUTES ObjectArt;
//定义一个结构体用来储存读取的key,同时进行内存分配
PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(NonPagedPool, 1024);
ULONG uRet;
//要读取的key的路径
UNICODE_STRING usRegPath = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Whitebird\\helloworld");
//初始化对象
InitializeObjectAttributes(&ObjectArt, &usRegPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
    ntStatus = ZwOpenKey(&hKey, KEY_ALL_ACCESS, &ObjectArt);
if (NT_SUCCESS(ntStatus))
{
//初始化要查找的key的名称字符串
    UNICODE_STRING uskeyname1 = RTL_CONSTANT_STRING(L"KeyName2");
    //对结构体内存进行初始化
    RtlZeroMemory(pKeyInfo, sizeof(pKeyInfo));
    //通过名字查找对应key的内容
    ZwQueryValueKey(hKey, &uskeyname1, KeyValuePartialInformation, pKeyInfo, 1024, &uRet);
    //打印数据
    if (pKeyInfo->Type== REG_SZ)
    {
      DbgPrint("%ls", pKeyInfo->Data);
    }

}
else {
    DbgPrint("OpenKey Failed!");
    return        ntStatus;
}


}
VOID DriverUnload(PDRIVER_OBJECT pDriverObject) {
DbgPrint("Unload Success!");
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegPath){
DbgPrint("Load Success!");
SetRegValueCall();
ReadRegValueCall();
pDriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS
}
```

设置与成功读取key
-----------------

![](https://raw.githubusercontent.com/Whitebird0/tuchuang/main/QQ%E6%88%AA%E5%9B%BE20211208233240.png)

页: [1]
查看完整版本: 驱动开发与系统原理-设置读取