|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
/* 写注册表键值 by exchen 2009-10-04 */ #include <ntddk.h> UNICODE_STRING uStr; VOID DriverUnload(IN PDRIVER_OBJECT DriverObject) { DbgPrint("驱动已经被停止了\n"); } //自定义写注册表值的函数 void reg() { HANDLE my_key = NULL; NTSTATUS status; UNICODE_STRING my_key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"); OBJECT_ATTRIBUTES obj = {0}; UNICODE_STRING name = RTL_CONSTANT_STRING(L"Test"); PWCHAR value = {L"C:\\windows\\system32\\cmd.exe"}; InitializeObjectAttributes(&obj, &my_key_path, OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenKey(&my_key, KEY_READ, &obj); if(!NT_SUCCESS(status)) { } status = ZwSetValueKey(my_key, &name, 0, REG_SZ, value, (wcslen(value)+1)*sizeof(WCHAR) ); if(!NT_SUCCESS(status)) { DbgPrint("写注册表值失败\n"); } } NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { reg(); DriverObject->DriverUnload = DriverUnload; return STATUS_SUCCESS; } |
转载请注明:exchen's blog » 在驱动程序中写注册表