|
阅读:1466回复:1
在驱动中怎么读取注册表中某项内容
首先我用外部程序在注册中填入注册信息
然后想从注册表读取路径信息。 |
|
最新喜欢: zackar...
|
|
沙发#
发布于:2002-06-28 15:19
这是FileSpy中的一段代码,你参考参考。
DBGSTATIC VOID SpyReadDriverParameters ( IN PUNICODE_STRING RegistryPath, IN PDRIVER_OBJECT DriverObject ) /*++ Routine Description: This routine tries to read the FileSpy-specific parameters from the registry. These values will be found in the registry location indicated by the RegistryPath passed in. Arguments: RegistryPath - the path key which contains the values that are the FileSpy parameters Return Value: None. CallStack: Called by DriverEntry routine --*/ { OBJECT_ATTRIBUTES attributes; HANDLE driverRegKey; NTSTATUS status; ULONG bufferSize, resultLength; PVOID buffer = NULL; ULONG keyIndex; UNICODE_STRING valueName; PKEY_VALUE_PARTIAL_INFORMATION pValuePartialInfo; PWSTR attachDrives; InitializeObjectAttributes( &attributes, RegistryPath, OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenKey( &driverRegKey, KEY_READ, &attributes); if (!NT_SUCCESS(status)) { driverRegKey = NULL; goto SpyReadDriverParameters_Error; } bufferSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + ATTACH_BUFFER_SIZE; buffer = ExAllocatePool(NonPagedPool, bufferSize); if (NULL == buffer) { goto SpyReadDriverParameters_Error; } // // Read the gMaxRecordsToAllocate from the registry // RtlInitUnicodeString(&valueName, MAX_RECORDS_TO_ALLOCATE); status = ZwQueryValueKey( driverRegKey, &valueName, KeyValuePartialInformation, buffer, bufferSize, &resultLength); if (NT_SUCCESS(status)) { pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION) buffer; ASSERT(pValuePartialInfo->Type == REG_DWORD); gMaxRecordsToAllocate = *((PLONG)&(pValuePartialInfo->Data)); } else { gMaxRecordsToAllocate = DEFAULT_MAX_RECORDS_TO_ALLOCATE; } // // Read the gMaxNamesToAllocate from the registry // RtlInitUnicodeString(&valueName, MAX_NAMES_TO_ALLOCATE); status = ZwQueryValueKey( driverRegKey, &valueName, KeyValuePartialInformation, buffer, bufferSize, &resultLength); if (NT_SUCCESS(status)) { pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION) buffer; ASSERT(pValuePartialInfo->Type == REG_DWORD); gMaxNamesToAllocate = *((PLONG)&(pValuePartialInfo->Data)); } else { gMaxNamesToAllocate = DEFAULT_MAX_NAMES_TO_ALLOCATE; } #ifdef SPY_BOOT_DRIVER // // Read initial drives to attach to from the registry // RtlInitUnicodeString(&valueName, ATTACH_TO); status = ZwQueryValueKey( driverRegKey, &valueName, KeyValuePartialInformation, buffer, bufferSize, &resultLength); if (NT_SUCCESS(status)) { pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION) buffer; if(pValuePartialInfo->Type != REG_MULTI_SZ){ goto SpyReadDriverParameters_Exit; } attachDrives = (PWSTR)&pValuePartialInfo->Data; if(*attachDrives){ // // Register with the I/O System to be called again once all the // devices in the system have been enumerated and started. // IoRegisterBootDriverReinitialization(DriverObject, SpyReinitDriver, buffer); // // In this instance, SpyReinitDriver will free buffer when it is done parsing and attaching. // buffer = NULL; } } #endif goto SpyReadDriverParameters_Exit; SpyReadDriverParameters_Error: gMaxRecordsToAllocate = DEFAULT_MAX_RECORDS_TO_ALLOCATE; gMaxNamesToAllocate = DEFAULT_MAX_NAMES_TO_ALLOCATE; SpyReadDriverParameters_Exit: if (NULL != buffer) { ExFreePool(buffer); } if (NULL != driverRegKey) { ZwClose(driverRegKey); } return; } |
|
|
