|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
/* 在驱动程序中设置注册表表项 By exchen 2009-10-19 */ #include <ntddk.h> VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) { DbgPrint("Driver Unload\n"); } NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { HANDLE hKey; //注册表句柄 OBJECT_ATTRIBUTES obj; //obj UNICODE_STRING us_KeyPath; //注册表的路径 UNICODE_STRING us_ValueName; //注册表值名 PWCHAR ValueData = {L"My Value Data"}; //注册表值 NTSTATUS status; //返回值 //初始化注册表的路径与值名 RtlInitUnicodeString(&us_KeyPath,L"\\Registry\\Machine"); RtlInitUnicodeString(&us_ValueName,L"Test"); //初始化obj InitializeObjectAttributes(&obj, &us_KeyPath, OBJ_CASE_INSENSITIVE, NULL, NULL); //打开注册表键 status = ZwOpenKey(&hKey,KEY_ALL_ACCESS,&obj); if (!NT_SUCCESS(status)) { DbgPrint("Open Key Error\n"); return status; } //设置注册表值 status = ZwSetValueKey(hKey, &us_ValueName, 0, REG_SZ, ValueData, (wcslen(ValueData)+1) * sizeof(WCHAR) ); if(!NT_SUCCESS(status)) { //进行出错处理 DbgPrint("Set Value Error\n"); return status; } DriverObject->DriverUnload = DriverUnload; return STATUS_SUCCESS; } |
转载请注明:exchen's blog » 在 Ring0 中设置注册表键值