-
编程语言
站-
热门城市 全国站>
-
其他省市
-
-
15692118659
小标
2019-05-31
来源 :
阅读 3188
评论 0
摘要:本文主要向大家介绍了C/C++知识点之win0环注册表操作相关函数,通过具体的内容向大家展示,希望对大家学习C/C++知识点有所帮助。
本文主要向大家介绍了C/C++知识点之win0环注册表操作相关函数,通过具体的内容向大家展示,希望对大家学习C/C++知识点有所帮助。
#include <ntifs.h>//创建键void RegCreateKey(LPWSTR KeyName) {
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING usKeyName;
NTSTATUS ntStatus;
HANDLE hRegister;
RtlInitUnicodeString(&usKeyName, KeyName);
InitializeObjectAttributes(&objectAttributes,
&usKeyName,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL);
ntStatus = ZwCreateKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes, 0, NULL, REG_OPTION_NON_VOLATILE, NULL); if (NT_SUCCESS(ntStatus)) {
ZwClose(hRegister);
DbgPrint(""ZwCreateKey success!\n"");
} else
DbgPrint(""ZwCreateKey failed!\n"");
}//删除键void RegDeleteKey(LPWSTR KeyName) {
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING usKeyName;
NTSTATUS ntStatus;
HANDLE hRegister;
RtlInitUnicodeString(&usKeyName, KeyName);
InitializeObjectAttributes(&objectAttributes,
&usKeyName,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL);
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes); if (NT_SUCCESS(ntStatus)) {
ntStatus = ZwDeleteKey(hRegister);
ZwClose(hRegister);
DbgPrint(""ZwDeleteKey success!\n"");
} else
DbgPrint(""ZwDeleteKey failed!\n"");
}//设置键值void RegSetValueKey(LPWSTR KeyName, LPWSTR ValueName, DWORD DataType, PVOID DataBuffer, DWORD DataLength) {
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING usKeyName, usValueName;
NTSTATUS ntStatus;
HANDLE hRegister;
ULONG Type;
RtlInitUnicodeString(&usKeyName, KeyName);
RtlInitUnicodeString(&usValueName, ValueName);
InitializeObjectAttributes(&objectAttributes,
&usKeyName,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL);
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes); if (NT_SUCCESS(ntStatus))
{
ntStatus = ZwSetValueKey(hRegister, &usValueName, 0, DataType, DataBuffer, DataLength);
ZwFlushKey(hRegister);
ZwClose(hRegister);
DbgPrint(""ZwSetValueKey success!\n"");
} else
DbgPrint(""ZwSetValueKey failed!\n"");
}//读取键值NTSTATUS RegQueryValueKey(LPWSTR KeyName, LPWSTR ValueName,
PKEY_VALUE_PARTIAL_INFORMATION *pkvpi){
ULONG ulSize;
NTSTATUS ntStatus;
PKEY_VALUE_PARTIAL_INFORMATION pvpi;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE hRegister;
UNICODE_STRING usKeyName;
UNICODE_STRING usValueName;
RtlInitUnicodeString(&usKeyName, KeyName);
RtlInitUnicodeString(&usValueName, ValueName);
InitializeObjectAttributes(&objectAttributes,
&usKeyName,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL);
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes);
ntStatus = ZwQueryValueKey(hRegister,
&usValueName,
KeyValuePartialInformation, NULL, 0,
&ulSize); if (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND || ulSize == 0)
{
DbgPrint(""ZwQueryValueKey 1 failed!\n""); return STATUS_UNSUCCESSFUL;
}
pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool, ulSize);
ntStatus = ZwQueryValueKey(hRegister,
&usValueName,
KeyValuePartialInformation,
pvpi,
ulSize,
&ulSize); if (!NT_SUCCESS(ntStatus))
{
DbgPrint(""ZwQueryValueKey 2 failed!\n""); return STATUS_UNSUCCESSFUL;
} //这里的pvpi是没有释放的用完要释放。
ExFreePool(pvpi);
*pkvpi = pvpi;
DbgPrint(""ZwQueryValueKey success!\n""); return STATUS_SUCCESS;
}//删除键值void RegDeleteValueKey(LPWSTR KeyName, LPWSTR ValueName) {
OBJECT_ATTRIBUTES objectAttributes;
UNICODE_STRING usKeyName, usValueName;
NTSTATUS ntStatus;
HANDLE hRegister;
RtlInitUnicodeString(&usKeyName, KeyName);
RtlInitUnicodeString(&usValueName, ValueName);
InitializeObjectAttributes(&objectAttributes,
&usKeyName,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL);
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes); if (NT_SUCCESS(ntStatus))
{
ntStatus = ZwDeleteValueKey(hRegister, &usValueName);
ZwFlushKey(hRegister);
ZwClose(hRegister);
DbgPrint(""ZwDeleteValueKey success!\n"");
} else
DbgPrint(""ZwDeleteValueKey failed!\n"");
}//枚举子健VOID EnumSubKeyTest() {
WCHAR MY_KEY_NAME[] = L""\\Registry\\Machine\\Software"";
UNICODE_STRING RegUnicodeString;
HANDLE hRegister;
OBJECT_ATTRIBUTES objectAttributes;
NTSTATUS ntStatus;
ULONG ulSize, i;
UNICODE_STRING uniKeyName;
PKEY_FULL_INFORMATION pfi; //初始化UNICODE_STRING字符串
RtlInitUnicodeString(&RegUnicodeString, MY_KEY_NAME); //初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&RegUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL ); //打开注册表
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes); if (NT_SUCCESS(ntStatus)) {
DbgPrint(""Open register successfully\n"");
} if (NT_SUCCESS(ntStatus))
{
DbgPrint(""Open register successfully\n"");
} //第一次调用ZwQueryKey为了获取KEY_FULL_INFORMATION数据的长度
ZwQueryKey(hRegister, KeyFullInformation, NULL, 0, &ulSize);
pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool, ulSize); //第二次调用ZwQueryKey为了获取KEY_FULL_INFORMATION数据的数据
ZwQueryKey(hRegister, KeyFullInformation, pfi, ulSize, &ulSize); for (i = 0; i < pfi->SubKeys; i++)
{
PKEY_BASIC_INFORMATION pbi; //第一次调用ZwEnumerateKey为了获取KEY_BASIC_INFORMATION数据的长度
ZwEnumerateKey(hRegister, i, KeyBasicInformation, NULL, 0, &ulSize);
pbi = (PKEY_BASIC_INFORMATION)ExAllocatePool(PagedPool, ulSize); //第二次调用ZwEnumerateKey为了获取KEY_BASIC_INFORMATION数据的数据
ZwEnumerateKey(hRegister, i, KeyBasicInformation, pbi, ulSize, &ulSize);
uniKeyName.Length = (USHORT)pbi->NameLength;
uniKeyName.MaximumLength = (USHORT)pbi->NameLength;
uniKeyName.Buffer = pbi->Name;
DbgPrint(""The %d sub item name:%wZ\n"", i, &uniKeyName);
ExFreePool(pbi);
}
ExFreePool(pfi);
ZwClose(hRegister);
}//枚举子健值VOID EnumSubValueTest(){
WCHAR MY_KEY_NAME[] = L""\\Registry\\Machine\\Software\\Microsoft\\.NETFramework"";
UNICODE_STRING RegUnicodeString;
HANDLE hRegister;
OBJECT_ATTRIBUTES objectAttributes;
ULONG ulSize, i;
UNICODE_STRING uniKeyName;
PKEY_FULL_INFORMATION pfi;
NTSTATUS ntStatus; //初始化UNICODE_STRING字符串
RtlInitUnicodeString(&RegUnicodeString, MY_KEY_NAME); //初始化objectAttributes
InitializeObjectAttributes(&objectAttributes,
&RegUnicodeString,
OBJ_CASE_INSENSITIVE,//对大小写敏感 NULL, NULL); //打开注册表
ntStatus = ZwOpenKey(&hRegister, KEY_ALL_ACCESS, &objectAttributes); if (NT_SUCCESS(ntStatus))
{
DbgPrint(""Open register successfully\n"");
} //查询VALUE的大小
ZwQueryKey(hRegister, KeyFullInformation, NULL, 0, &ulSize);
pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool, ulSize);
ZwQueryKey(hRegister, KeyFullInformation, pfi, ulSize, &ulSize); for (i = 0; i < pfi->Values; i++)
{
PKEY_VALUE_BASIC_INFORMATION pvbi; //查询单个VALUE的大小
ZwEnumerateValueKey(hRegister, i, KeyValueBasicInformation, NULL, 0, &ulSize);
pvbi = (PKEY_VALUE_BASIC_INFORMATION)ExAllocatePool(PagedPool, ulSize); //查询单个VALUE的详情
ZwEnumerateValueKey(hRegister, i, KeyValueBasicInformation, pvbi, ulSize, &ulSize);
uniKeyName.Length = (USHORT)pvbi->NameLength;
uniKeyName.MaximumLength = (USHORT)pvbi->NameLength;
uniKeyName.Buffer = pvbi->Name;
DbgPrint(""The %d sub value name:%wZ\n"", i, &uniKeyName); if (pvbi->Type == REG_SZ)
DbgPrint(""The sub value type:REG_SZ\n""); else if (pvbi->Type == REG_MULTI_SZ)
DbgPrint(""The sub value type:REG_MULTI_SZ\n""); else if (pvbi->Type == REG_DWORD)
DbgPrint(""The sub value type:REG_DWORD\n""); else if (pvbi->Type == REG_BINARY)
DbgPrint(""The sub value type:REG_BINARY\n"");
ExFreePool(pvbi);
}
ExFreePool(pfi);
ZwClose(hRegister);
}本文由职坐标整理并发布,希望对同学们有所帮助。了解更多详情请关注职坐标编程语言C/C+频道!
喜欢 | 0
不喜欢 | 0
您输入的评论内容中包含违禁敏感词
我知道了
请输入正确的手机号码
请输入正确的验证码
您今天的短信下发次数太多了,明天再试试吧!
我们会在第一时间安排职业规划师联系您!
您也可以联系我们的职业规划师咨询:
版权所有 职坐标-一站式AI+学习就业服务平台 沪ICP备13042190号-4
上海海同信息科技有限公司 Copyright ©2015 www.zhizuobiao.com,All Rights Reserved.
沪公网安备 31011502005948号
资料领取
答疑解惑
技术交流
职业测评
面试技巧
高薪秘笈
