程序博客网 > 西瓜影音 mac版本

注册表_操作

来源:互联网 发布:西瓜影音 mac版本 编辑:程序博客网 时间:2024/05/21 00:18
#pragma once#ifdef __cplusplusextern "C"{#endif#include <NTDDK.h>#ifdef __cplusplus}#endif #define PAGEDCODE code_seg("PAGE")#define LOCKEDCODE code_seg()#define INITCODE code_seg("INIT")#define PAGEDDATA data_seg("PAGE")#define LOCKEDDATA data_seg()#define INITDATA data_seg("INIT")#define arraysize(p) (sizeof(p)/sizeof((p)[0]))typedef struct _DEVICE_EXTENSION {PDEVICE_OBJECT pDevice;UNICODE_STRING ustrDeviceName;//设备名称UNICODE_STRING ustrSymLinkName;//符号链接名} DEVICE_EXTENSION, *PDEVICE_EXTENSION;// 函数声明NTSTATUS CreateDevice (IN PDRIVER_OBJECT pDriverObject);VOID HelloDDKUnload (IN PDRIVER_OBJECT pDriverObject);NTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp);
#include "Driver.h"#define  MY_REG_SOFTWARE_KEY_NAMEL"\\Registry\\Machine\\Software\\Zhangfan"#pragma INITCODEVOID CreateRegTest() //创建或打开某注册表项目{UNICODE_STRING RegUnicodeString;HANDLE hRegister;RtlInitUnicodeString( &RegUnicodeString,MY_REG_SOFTWARE_KEY_NAME);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感初始化objectAttributesULONG ulResult;NTSTATUS ntStatus = ZwCreateKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes,0,NULL,REG_OPTION_NON_VOLATILE,&ulResult);//创建或带开注册表项目if (NT_SUCCESS(ntStatus))//创建成功{if(ulResult==REG_CREATED_NEW_KEY)//判断是被新创建,还是已经被创建{KdPrint(("The register item is created\n"));//新创建}else if(ulResult==REG_OPENED_EXISTING_KEY)//已经创建了{KdPrint(("The register item has been created,and now is opened\n"));}}//(2)创建或打开某注册表项目的子项UNICODE_STRING subRegUnicodeString;HANDLE hSubRegister;RtlInitUnicodeString( &subRegUnicodeString, L"SubItem");//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES subObjectAttributes;InitializeObjectAttributes(&subObjectAttributes,&subRegUnicodeString,OBJ_CASE_INSENSITIVE, hRegister, NULL );//对大小写敏感初始化subObjectAttributesntStatus = ZwCreateKey( &hSubRegister,KEY_ALL_ACCESS,&subObjectAttributes,0,NULL,REG_OPTION_NON_VOLATILE,&ulResult);//创建或带开注册表项目if (NT_SUCCESS(ntStatus)){if(ulResult==REG_CREATED_NEW_KEY)//判断是被新创建,还是已经被创建{KdPrint(("The sub register item is created\n"));}else if(ulResult==REG_OPENED_EXISTING_KEY){KdPrint(("The sub register item has been created,and now is opened\n"));}}//关闭注册表句柄ZwClose(hRegister);ZwClose(hSubRegister);}#pragma INITCODEVOID OpenRegTest(){UNICODE_STRING RegUnicodeString;HANDLE hRegister;//初始化UNICODE_STRING字符串RtlInitUnicodeString( &RegUnicodeString, MY_REG_SOFTWARE_KEY_NAME);OBJECT_ATTRIBUTES objectAttributes;//初始化objectAttributesInitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感//打开注册表NTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);if (NT_SUCCESS(ntStatus)){KdPrint(("Open register successfully\n"));}ZwClose(hRegister);}#pragma INITCODEVOID DeleteItemRegTest()//删除子项 删除没有子项的项{UNICODE_STRING RegUnicodeString;HANDLE hRegister;#define MY_REG_SOFTWARE_KEY_NAME1 L"\\Registry\\Machine\\Software\\Zhangfan\\SubItem"RtlInitUnicodeString( &RegUnicodeString,MY_REG_SOFTWARE_KEY_NAME1);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感初始化objectAttributesNTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);//打开注册表if (NT_SUCCESS(ntStatus))//打开成功 获得句柄{KdPrint(("Open register successfully\n"));}ntStatus = ZwDeleteKey(hRegister);//删除 SubItemif (NT_SUCCESS(ntStatus)){KdPrint(("Delete the item successfully\n"));}else if(ntStatus == STATUS_ACCESS_DENIED){KdPrint(("STATUS_ACCESS_DENIED\n"));}else if(ntStatus == STATUS_INVALID_HANDLE){KdPrint(("STATUS_INVALID_HANDLE\n"));}else{KdPrint(("Maybe the item has sub item to delete\n"));}ZwClose(hRegister);}#pragma INITCODEVOID SetRegTest()//设置键值{UNICODE_STRING RegUnicodeString;HANDLE hRegister;RtlInitUnicodeString( &RegUnicodeString, MY_REG_SOFTWARE_KEY_NAME);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感初始化objectAttributesNTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);//打开注册表 L"\\Registry\\Machine\\Software\\Zhangfan"if (NT_SUCCESS(ntStatus)){KdPrint(("Open register successfully\n"));}UNICODE_STRING ValueName;RtlInitUnicodeString( &ValueName, L"REG_DWORD 李赛赛");//初始化ValueNameULONG ulValue = 1000;ZwSetValueKey(hRegister,&ValueName,0,REG_DWORD,&ulValue,sizeof(ulValue));//设置REG_DWORD子键李赛赛1000RtlInitUnicodeString(&ValueName, L"REG_SZ 李发起");//初始化ValueNameWCHAR* strValue = L"hello world";ZwSetValueKey(hRegister,&ValueName,0,REG_SZ,strValue,wcslen(strValue)*2+2);//设置REG_SZ子键李发起"hello world"RtlInitUnicodeString( &ValueName, L"REG_BINARY 邱坤");//初始化ValueNameUCHAR buffer[10];RtlFillMemory(buffer,sizeof(buffer),0xFF);ZwSetValueKey(hRegister,&ValueName,0,REG_BINARY,buffer,sizeof(buffer));//设置REG_MULTI_SZ子键邱坤二进制0xffZwClose(hRegister);//关闭注册表句柄}#pragma INITCODEVOID QueryRegTest()//查询注册表键值{UNICODE_STRING RegUnicodeString;HANDLE hRegister;RtlInitUnicodeString( &RegUnicodeString,MY_REG_SOFTWARE_KEY_NAME);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感初始化objectAttributesNTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);//打开注册表if (NT_SUCCESS(ntStatus)){KdPrint(("Open register successfully\n"));}UNICODE_STRING ValueName;RtlInitUnicodeString( &ValueName, L"REG_DWORD 李赛赛");//初始化ValueNameULONG ulSize;//读取REG_DWORD子键ntStatus = ZwQueryValueKey(hRegister,&ValueName,KeyValuePartialInformation ,NULL,0,&ulSize);//查询注册表键值 三种   获取这种数据结构体的长度if (ntStatus==STATUS_OBJECT_NAME_NOT_FOUND || ulSize==0){ZwClose(hRegister);KdPrint(("The item is not exist\n"));return;}PKEY_VALUE_PARTIAL_INFORMATION pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool,ulSize);ntStatus = ZwQueryValueKey(hRegister,&ValueName,KeyValuePartialInformation ,pvpi,ulSize,&ulSize);//查询注册表键值 三种if (!NT_SUCCESS(ntStatus)){ZwClose(hRegister);KdPrint(("Read regsiter error\n"));return;}//判断是否为REG_DWORD类型if (pvpi->Type==REG_DWORD && pvpi->DataLength==sizeof(ULONG)){PULONG pulValue = (PULONG) pvpi->Data;KdPrint(("打印数值The value:%d\n",*pulValue));//查询到的数据的值}ExFreePool(pvpi);RtlInitUnicodeString( &ValueName, L"REG_SZ 李发起");//初始化ValueNamentStatus = ZwQueryValueKey(hRegister,&ValueName,KeyValuePartialInformation ,NULL,0,&ulSize);//读取REG_SZ子键  小的结构体体 先自己查询大小 再申请结构体if (ntStatus==STATUS_OBJECT_NAME_NOT_FOUND || ulSize==0){ZwClose(hRegister);KdPrint(("The item is not exist\n"));return;}pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool,ulSize);ntStatus = ZwQueryValueKey(hRegister,&ValueName,KeyValuePartialInformation ,pvpi,ulSize,&ulSize);//查询键值if (!NT_SUCCESS(ntStatus)){ZwClose(hRegister);KdPrint(("Read regsiter error\n"));return;}//判断是否为REG_SZ类型if (pvpi->Type==REG_SZ){KdPrint(("打印字符串The value:%S\n",pvpi->Data));//打印字符串}ZwClose(hRegister);}#pragma INITCODEVOID EnumerateSubItemRegTest(){UNICODE_STRING RegUnicodeString;HANDLE hRegister;RtlInitUnicodeString( &RegUnicodeString, MY_REG_SOFTWARE_KEY_NAME);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感初始化objectAttributesNTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);//打开注册表if (NT_SUCCESS(ntStatus)){KdPrint(("打开注册表成功 Open register successfully\n"));}ULONG ulSize;ZwQueryKey(hRegister, KeyFullInformation, NULL, 0, &ulSize);//第一次调用ZwQueryKey为了获取KEY_FULL_INFORMATION数据的长度PKEY_FULL_INFORMATION pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool,ulSize);ZwQueryKey(hRegister,KeyFullInformation,pfi,ulSize,&ulSize);//第二次调用ZwQueryKey为了获取KEY_FULL_INFORMATION数据的数据for (ULONG i=0;i<pfi->SubKeys;i++)//项的个数{ZwEnumerateKey(hRegister,i,KeyBasicInformation,NULL,0,&ulSize);//第一次调用ZwEnumerateKey为了获取KEY_BASIC_INFORMATION数据的长度   结构体的长度PKEY_BASIC_INFORMATION pbi =(PKEY_BASIC_INFORMATION)ExAllocatePool(PagedPool,ulSize);ZwEnumerateKey(hRegister,i,KeyBasicInformation,pbi,ulSize,&ulSize);//第二次调用ZwEnumerateKey为了获取KEY_BASIC_INFORMATION数据的数据UNICODE_STRING uniKeyName;uniKeyName.Length = uniKeyName.MaximumLength =(USHORT)pbi->NameLength;uniKeyName.Buffer = pbi->Name;//名字KdPrint(("子项:The %d sub item name:%wZ\n",i,&uniKeyName));ExFreePool(pbi);}ExFreePool(pfi);ZwClose(hRegister);}#pragma INITCODEVOID EnumerateSubValueRegTest(){UNICODE_STRING RegUnicodeString;HANDLE hRegister;RtlInitUnicodeString( &RegUnicodeString,MY_REG_SOFTWARE_KEY_NAME);//初始化UNICODE_STRING字符串OBJECT_ATTRIBUTES objectAttributes;InitializeObjectAttributes(&objectAttributes,&RegUnicodeString,OBJ_CASE_INSENSITIVE,NULL, NULL );//对大小写敏感//初始化objectAttributesNTSTATUS ntStatus = ZwOpenKey( &hRegister,KEY_ALL_ACCESS,&objectAttributes);//打开注册表if (NT_SUCCESS(ntStatus)){KdPrint(("Open register successfully\n"));}ULONG ulSize;ZwQueryKey(hRegister,KeyFullInformation,NULL,0,&ulSize);//得到项的结构体的大小 要申请内存PKEY_FULL_INFORMATION pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool,ulSize);ZwQueryKey(hRegister,KeyFullInformation,pfi,ulSize,&ulSize);//得到项的个数for (ULONG i=0;i<pfi->Values;i++)//项的个数{ZwEnumerateValueKey(hRegister,i,KeyValueBasicInformation,NULL,0,&ulSize);//得到结构体的大小 要申请内存PKEY_VALUE_BASIC_INFORMATION pvbi =(PKEY_VALUE_BASIC_INFORMATION)ExAllocatePool(PagedPool,ulSize);ZwEnumerateValueKey(hRegister,i,KeyValueBasicInformation,pvbi,ulSize,&ulSize);UNICODE_STRING uniKeyName;uniKeyName.Length = uniKeyName.MaximumLength =(USHORT)pvbi->NameLength;uniKeyName.Buffer = pvbi->Name;//键的名字KdPrint(("The %d sub value name:%wZ\n",i,&uniKeyName));if (pvbi->Type==REG_SZ){KdPrint(("The sub value type:REG_SZ\n"));}else if (pvbi->Type==REG_MULTI_SZ){KdPrint(("The sub value type:REG_MULTI_SZ\n")); }else if (pvbi->Type==REG_DWORD){KdPrint(("The sub value type:REG_DWORD\n")); }else if (pvbi->Type==REG_BINARY){KdPrint(("The sub value type:REG_BINARY\n")); }ExFreePool(pvbi);}ExFreePool(pfi);ZwClose(hRegister);}#pragma INITCODEvoid RtlRegTest()//rtl简单函数 封装{//创建子项目NTSTATUS ntStatus =RtlCreateRegistryKey(RTL_REGISTRY_SERVICES,L"HelloDDK\\Zhangfan");//Registry\Machine\System\CurrentControlSet\Servicesif (NT_SUCCESS(ntStatus)){KdPrint(("Create the item successfully\n"));}ntStatus =RtlCheckRegistryKey(RTL_REGISTRY_SERVICES,L"HelloDDK\\Zhangfan");//检查某项是否存在if (NT_SUCCESS(ntStatus)){KdPrint(("The item is exist\n"));}ULONG value1 = 100;ntStatus = RtlWriteRegistryValue(RTL_REGISTRY_SERVICES, L"HelloDDK\\Zhangfan", L"DWORD_Value_李赛赛", REG_DWORD, &value1, sizeof(value1));//写入REG_DWORD的数据if (NT_SUCCESS(ntStatus)){KdPrint(("Write the DWORD value succuessfully\n"));}PWCHAR szString = L"Hello DDK";ntStatus = RtlWriteRegistryValue(RTL_REGISTRY_SERVICES,L"HelloDDK\\Zhangfan",L"SZ_Value_邱坤",REG_SZ,szString,wcslen(szString)*2+2);if (NT_SUCCESS(ntStatus)){KdPrint(("Write the REG_SZ value succuessfully\n"));}    RTL_QUERY_REGISTRY_TABLE paramTable[2];    RtlZeroMemory(paramTable, sizeof(paramTable));ULONG defaultData=0;ULONG uQueryValue;    paramTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;    paramTable[0].Name = L"DWORD_Value";    paramTable[0].EntryContext = &uQueryValue;    paramTable[0].DefaultType = REG_DWORD;    paramTable[0].DefaultData = &defaultData;    paramTable[0].DefaultLength = sizeof(ULONG);ntStatus = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,L"HelloDDK\\Zhangfan",paramTable,NULL,NULL);//查询REG_DWORD的数据if (NT_SUCCESS(ntStatus)){KdPrint(("Query the item successfully\n"));KdPrint(("The item is :%d\n",uQueryValue));//查询到的值}ntStatus = RtlDeleteRegistryValue(RTL_REGISTRY_SERVICES,L"HelloDDK\\Zhangfan",L"DWORD_Value_李赛赛");//删除子键if (NT_SUCCESS(ntStatus)){KdPrint(("delete the value successfully\n"));}KdPrint(("执行完毕"));}#pragma INITCODEVOID RegTest() { //CreateRegTest();// OpenRegTest();//SetRegTest();//QueryRegTest();//EnumerateSubItemRegTest();//EnumerateSubValueRegTest();//DeleteItemRegTest();//RtlRegTest();}/************************************************************************* 函数名称:DriverEntry* 功能描述:初始化驱动程序,定位和申请硬件资源,创建内核对象* 参数列表:      pDriverObject:从I/O管理器中传进来的驱动对象      pRegistryPath:驱动程序在注册表的中的路径* 返回 值:返回初始化驱动状态*************************************************************************/#pragma INITCODEextern "C" NTSTATUS DriverEntry (IN PDRIVER_OBJECT pDriverObject,IN PUNICODE_STRING pRegistryPath) {NTSTATUS status;KdPrint(("Enter DriverEntry\n"));//注册其他驱动调用函数入口pDriverObject->DriverUnload = HelloDDKUnload;pDriverObject->MajorFunction[IRP_MJ_CREATE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_WRITE] = HelloDDKDispatchRoutine;pDriverObject->MajorFunction[IRP_MJ_READ] = HelloDDKDispatchRoutine;//创建驱动设备对象status = CreateDevice(pDriverObject);RegTest();KdPrint(("DriverEntry end\n"));return status;}/************************************************************************* 函数名称:CreateDevice* 功能描述:初始化设备对象* 参数列表:      pDriverObject:从I/O管理器中传进来的驱动对象* 返回 值:返回初始化状态*************************************************************************/#pragma INITCODENTSTATUS CreateDevice (IN PDRIVER_OBJECTpDriverObject) {NTSTATUS status;PDEVICE_OBJECT pDevObj;PDEVICE_EXTENSION pDevExt;//创建设备名称UNICODE_STRING devName;RtlInitUnicodeString(&devName,L"\\Device\\MyDDKDevice");//创建设备status = IoCreateDevice( pDriverObject,sizeof(DEVICE_EXTENSION),&(UNICODE_STRING)devName,FILE_DEVICE_UNKNOWN,0, TRUE,&pDevObj );if (!NT_SUCCESS(status))return status;pDevObj->Flags |= DO_BUFFERED_IO;pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;pDevExt->pDevice = pDevObj;pDevExt->ustrDeviceName = devName;//创建符号链接UNICODE_STRING symLinkName;RtlInitUnicodeString(&symLinkName,L"\\??\\HelloDDK");pDevExt->ustrSymLinkName = symLinkName;status = IoCreateSymbolicLink( &symLinkName,&devName );if (!NT_SUCCESS(status)) {IoDeleteDevice( pDevObj );return status;}return STATUS_SUCCESS;}/************************************************************************* 函数名称:HelloDDKUnload* 功能描述:负责驱动程序的卸载操作* 参数列表:      pDriverObject:驱动对象* 返回 值:返回状态*************************************************************************/#pragma PAGEDCODEVOID HelloDDKUnload (IN PDRIVER_OBJECT pDriverObject) {PDEVICE_OBJECTpNextObj;KdPrint(("Enter DriverUnload\n"));pNextObj = pDriverObject->DeviceObject;//while (pNextObj != NULL) //{//PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)//pNextObj->DeviceExtension;////删除符号链接//UNICODE_STRING pLinkName = pDevExt->ustrSymLinkName;//IoDeleteSymbolicLink(&pLinkName);//pNextObj = pNextObj->NextDevice;//IoDeleteDevice( pDevExt->pDevice );//}UNICODE_STRING symLinkName;RtlInitUnicodeString(&symLinkName, L"\\??\\HelloDDK");IoDeleteSymbolicLink(&symLinkName);//删除符号连接    IoDeleteDevice(pDriverObject->DeviceObject);//删除设备    }/************************************************************************* 函数名称:HelloDDKDispatchRoutine* 功能描述:对读IRP进行处理* 参数列表:      pDevObj:功能设备对象      pIrp:从IO请求包* 返回 值:返回状态*************************************************************************/#pragma PAGEDCODENTSTATUS HelloDDKDispatchRoutine(IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp) {KdPrint(("Enter HelloDDKDispatchRoutine\n"));NTSTATUS status = STATUS_SUCCESS;pIrp->IoStatus.Status = status;pIrp->IoStatus.Information = 0;// bytes xferedIoCompleteRequest( pIrp, IO_NO_INCREMENT );// 完成IRPKdPrint(("Leave HelloDDKDispatchRoutine\n"));return status;}

阅读全文
0 0
西瓜影音 mac版本 西瓜影音 mac版本
原创粉丝点击
热门IT博客
和孩子一起学编程 官网和孩子一起学编程 官网
北风网大数据百度云北风网大数据百度云
浩方对战平台官方 mac
网络规划设计师 考试
阻挡广告的软件
如何挑选基金产品知乎
淘宝童装市场分析
阿里云和腾讯云是什么
表白网页源码下载
软件外包方案
数据备份的厂商有哪些
linux l2tp搭建
数据整合工具
胜通软件多少钱
喊麦软件手机软件
js创建图片节点
淘宝试衣服软件叫什么
linux查看service列表
男女合唱网络歌曲大全
淘宝上的药店
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 礼义廉耻孝悌忠信16字 不悌 其为人也孝悌而好犯上者 首孝悌次见闻是什么意思 首孝悌次见闻知某数识某文 孝悌忠信礼义廉耻含意解识 孝悌也者其为仁之本欤意思是 弟子入则孝出则悌 礼仪廉耻忠孝信悌全文 仁义礼智信忠孝悌节恕勇让 不敢 不离 不敢不敢 愧不敢当 不敢为 此生不悔入华夏 衣带渐宽终不悔为伊消人憔悴 衣带渐宽终不悔 谁言情深不悔 悔不当初 此生不悔入华夏下一句 今生不悔入华夏 不悔梦归处只恨太匆匆 江山不悔 执迷不悔 相思不悔 总裁悔不当初 衣带渐宽终不悔全诗 今生不悔入华夏下一句 悔不该辕门来发笑 不悔入华夏 谁言情深不悔霍言深 此生不悔入华夏原句 错付之不悔不归 九死不悔 相思不悔女尊 不悔 许你余生不悔 不悔2006 衣带渐宽终不悔意思 后来李晓冬

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里