|
20楼#
发布于:2002-06-07 14:00
我为什么在内核态打开这个键失败?
代码如下: BOOLEAN ret = FALSE; NTSTATUS status; OBJECT_ATTRIBUTES Attributes; HANDLE LogonKey; ULONG BufferSize, ResultLength; PVOID Buffer = NULL; PKEY_VALUE_PARTIAL_INFORMATION pValuePartialInfo; // // The registry key that the current logon usre name stays. // WCHAR UserKey[] = L\"\\\\Registry\\\\User\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\"; UNICODE_STRING Logon; WCHAR UserName[] = L\"\\\\Logon User Name\"; UNICODE_STRING LogonUser; __try { __try { // // Initialize the registry key. // RtlInitUnicodeString( &Logon, UserKey ); InitializeObjectAttributes( &Attributes, &Logon, OBJ_CASE_INSENSITIVE, NULL, NULL ); //Void return status = ZwOpenKey( &LogonKey, KEY_READ, &Attributes ); if( !NT_SUCCESS(status) ) { LogonKey = NULL; return( ret=FALSE ); } BufferSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + USERNAMELEN; Buffer = ExAllocatePool(NonPagedPool, BufferSize); if( !Buffer ) return( ret=FALSE ); // // Read the \"Logon User Name\" from the registry key // RtlInitUnicodeString( &LogonUser, UserName ); status = ZwQueryValueKey( LogonKey, &LogonUser, KeyValuePartialInformation, Buffer, BufferSize, &ResultLength); if( NT_SUCCESS(status) ) { pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION) Buffer; ASSERT( pValuePartialInfo->Type == REG_SZ ); // gMaxRecordsToAllocate = *((PLONG)&(pValuePartialInfo->Data)); RtlCopyMemory( pGlobalData->LogonUserName, (PCHAR)(pValuePartialInfo->Data), pValuePartialInfo->DataLength ); } else { RtlCopyMemory( pGlobalData->LogonUserName, \"???\", 3 ); } } __except( EXCEPTION_EXECUTE_HANDLER ) { DbgPrint((\"Read registry key value error\\n\")); } } __finally { if( Buffer) ExFreePool( Buffer ); if( LogonKey ) ZwClose( LogonKey ); } return ret; |
|
|
|
21楼#
发布于:2002-06-07 14:57
你的驱动程序是什么时候运行这部分代码的啊!用户登陆之前还是之后啊?
|
|
|
22楼#
发布于:2002-06-07 17:03
是登录以后运行的。
|
|
|
上一页
下一页