windows Driver 查询指定键值-白红宇

windows Driver 查询指定键值

阅读量：6853 次

发布时间：2019-06-26

本文共 1498 字，大约阅读时间需要 4 分钟。

NTSTATUS status;	HANDLE hKey = NULL;	OBJECT_ATTRIBUTES oa;	UNICODE_STRING strPath = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\HARDWARE\\DEVICEMAP\\SERIALCOMM");	UNICODE_STRING strKeyName = RTL_CONSTANT_STRING(L"\\Device\\Serial0");	ULONG ResultLength = 0;	PKEY_VALUE_PARTIAL_INFORMATION Pkvpi;	ULONG index = 0;	UNICODE_STRING strOutPut;	wchar_t strTemp[ArrayLength] = {0};	RtlInitEmptyUnicodeString(&strOutPut, strTemp, ArrayLength);	InitializeObjectAttributes(&oa, &strPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);	status = ZwOpenKey(&hKey, KEY_ALL_ACCESS, &oa);	if (!NT_SUCCESS(status)){		KdPrint(("ZwOpenKey failed"));		return;	}	status = ZwQueryValueKey(hKey, &strKeyName, KeyValuePartialInformation, NULL, 0, &ResultLength);	if (status == STATUS_OBJECT_NAME_NOT_FOUND || ResultLength == 0){		KdPrint(("ZwQueryValueKey failed"));		ZwClose(hKey);		return ;	}	Pkvpi = (PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, ResultLength);	if (!Pkvpi){		KdPrint(("ExAllocatePool failed"));		ExFreePool(Pkvpi);		ZwClose(hKey);		return;	}	status = ZwQueryValueKey(hKey, &strKeyName, KeyValuePartialInformation, Pkvpi, ResultLength, &ResultLength);	if (!NT_SUCCESS(status)){		KdPrint(("ZwQueryValueKey failed"));		ExFreePool(Pkvpi);		ZwClose(hKey);		return;	}	RtlStringCbPrintfW(strOutPut.Buffer, ArrayLength, L"%s", Pkvpi->Data);	KdPrint(("%ws", strOutPut.Buffer));	ExFreePool(Pkvpi);	ZwClose(hKey);

转载于:https://www.cnblogs.com/qq76211822/p/4712058.html

你可能感兴趣的文章

ES6变量的解构赋值

查看>>

ansible自动化运维详细教程及playbook详解

python通过luhn算法实现的信用卡卡号验证源码

查看>>