注册表操作

#include"ntddk.h"      #define lisaisai1 'MyTt'    VOID xiezai1(PDRIVER_OBJECT qudongduixiang){KdPrint(("已经执行到了 驱动卸载历程\n"));}VOID dakaizhucebiao()//打开注册表键{NTSTATUS zhuangtai1;HANDLE handle1 = NULL;OBJECT_ATTRIBUTES duixiangshuxing = {0};UNICODE_STRING mingzi = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SYSTEM\\Setup");//\\Registry\\Machine\\Microsoft\\Windows NT\\CurrentVersion 书上的UNICODE_STRING mingzi2 = RTL_CONSTANT_STRING(L"李赛赛");PWCHAR zifuchuan1 = { L"李赛赛爱邱坤" };KEY_VALUE_PARTIAL_INFORMATION xinxi1;//PKEY_VALUE_PARTIAL_INFORMATION xinxi2_zhizhen;ULONG changdu1=0;InitializeObjectAttributes(&duixiangshuxing, &mingzi, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);zhuangtai1=ZwOpenKey(&handle1, KEY_READ, &duixiangshuxing);if (!NT_SUCCESS(zhuangtai1)){KdPrint(("打开键失败\n"));}KdPrint(("得到的句柄%x", handle1));UNICODE_STRING mingzi1 = RTL_CONSTANT_STRING(L"SetupType");//SystemRootzhuangtai1 = ZwQueryValueKey(handle1, &mingzi1, KeyValuePartialInformation, &xinxi1, sizeof(KEY_VALUE_PARTIAL_INFORMATION), &changdu1);if (!NT_SUCCESS(zhuangtai1) && zhuangtai1 != STATUS_BUFFER_OVERFLOW&&zhuangtai1 != STATUS_BUFFER_TOO_SMALL){KdPrint(("查询键错误 错误1\n"));}KdPrint(("查询到的大小%d", changdu1));KdPrint(("Type%d TitleIndex%d DataLength%d \n", xinxi1.Type, xinxi1.TitleIndex, xinxi1.DataLength));//xinxi2_zhizhen = ExAllocatePoolWithTag(NonPagedPool, changdu1, lisaisai1);//zhuangtai1 = ZwQueryValueKey(handle1, &mingzi1, KeyValuePartialInformation, &xinxi2_zhizhen, changdu1, &changdu1);//if (!NT_SUCCESS(zhuangtai1) )//{//KdPrint(("查询键错误 错误2\n"));//}//else//{//KdPrint(("查询键成功\n"));//}//ExFreePool(xinxi2_zhizhen);ZwSetValueKey(handle1, &mingzi2, 0, REG_SZ, zifuchuan1,(wcslen(zifuchuan1) + 1)*sizeof(WCHAR));if (NT_SUCCESS(zhuangtai1)){KdPrint(("设置成功\n"));}ZwClose(handle1);}NTSTATUS DriverEntry(PDRIVER_OBJECT qudongduixiang, PUNICODE_STRING zhucebiao1){dakaizhucebiao();qudongduixiang->DriverUnload = xiezai1;return STATUS_SUCCESS;}