|
阅读:1252回复:0
驱动读取注册表问题,帮忙解决一下。
怎么注册表读取显示出来只有一位???
UNICODE_STRING uPath, uName, uResult; ANSI_STRING aResult; HANDLE hFolder = NULL; OBJECT_ATTRIBUTES objAttribs; NTSTATUS status = STATUS_SUCCESS; ULONG dataLength = 0x80; ULONG structLength = sizeof(KEY_VALUE_BASIC_INFORMATION) + dataLength + sizeof(UNICODE_NULL); PKEY_VALUE_BASIC_INFORMATION pBasicValue = NULL; PKEY_VALUE_PARTIAL_INFORMATION pPartialValue = NULL; PKEY_VALUE_FULL_INFORMATION pFullValue = NULL; pBasicValue = (PKEY_VALUE_BASIC_INFORMATION) ExAllocatePool(PagedPool, structLength); pPartialValue = (PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, structLength); pFullValue = (PKEY_VALUE_FULL_INFORMATION) ExAllocatePool(PagedPool, structLength); RtlInitUnicodeString(&uPath, L"\\Registry\\Machine\\Software\\XXXXX" ); RtlInitUnicodeString(&uName, L"XXXX"); InitializeObjectAttributes(&objAttribs, &uPath, OBJ_CASE_INSENSITIVE, NULL, NULL); status = ZwOpenKey(&hFolder, KEY_READ, &objAttribs); if(status != STATUS_SUCCESS) { DbgPrint("Couldn't open key. Ending function.\n"); return status; } memset(pPartialValue, 0, structLength); status = ZwQueryValueKey(hFolder, &uName, KeyValuePartialInformation, pPartialValue, structLength, &dataLength); switch(status) { case STATUS_INVALID_HANDLE: //Always end up here. DbgPrint("ZwQueryValueKey(Partial) says the handle is bogus.\n"); break; case STATUS_BUFFER_OVERFLOW: DbgPrint("Buffer overflow error"); if(status != STATUS_SUCCESS) { DbgPrint("ZwQueryValueKey(Partial): Still didn't get it."\ " Status: %X\n", status); break; } //Fall Through case STATUS_SUCCESS: DbgPrint("Success"); DbgPrint(pPartialValue->Data); //只有一位????????????? } ExFreePool(pPartialValue); |
|
最新喜欢: Leopar...
|
