驅動編程學習----註冊表操作

參考教程：楚狂人的《windows驅動編程基礎教程》

程序實現功能：註冊表的讀、寫（包括REG_SZ、REG_BINARY、REG_DWORD）

HANDLE my_key=NULL;
UNICODE_STRING my_key_path=RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion");
OBJECT_ATTRIBUTES my_obj_attr={0};
UNICODE_STRING my_key_name=RTL_CONSTANT_STRING(L"LicenseInfo");
KEY_VALUE_PARTIAL_INFORMATION key_infor;
PKEY_VALUE_PARTIAL_INFORMATION ac_key_infor;
ULONG ac_length;
int datai,i;

UNICODE_STRING name=RTL_CONSTANT_STRING(L"Test");
UNICODE_STRING sz_name=RTL_CONSTANT_STRING(L"SZTest");
UNICODE_STRING binary_name=RTL_CONSTANT_STRING(L"BINARYTest");
UNICODE_STRING dword_name=RTL_CONSTANT_STRING(L"DWORDTest");
PWCHAR sz_value={L"My Test value"};   //REG_SZ
unsigned int binary_value[4];            //REG_BINARY           
for (i=0;i<4;i++)                 //低位開始寫
binary_value[i]=256*i+i+1;
unsigned long dword_value=0x12345678;            //REG_DWORD          

//註冊表的寫
InitializeObjectAttributes(&my_obj_attr,&my_key_path,OBJ_CASE_INSENSITIVE,NULL,NULL);
status=ZwOpenKey(&my_key,KEY_READ,&my_obj_attr);
if(!NT_SUCCESS(status))
DbgPrint("open regedit fail~\n");
else
DbgPrint("open regedit successful~\n");
status=ZwSetValueKey(my_key,&sz_name,0,REG_SZ,sz_value,(wcslen(sz_value)+1)*sizeof(WCHAR));
status=ZwSetValueKey(my_key,&binary_name,0,REG_BINARY,binary_value,4*sizeof(int));
status=ZwSetValueKey(my_key,&dword_name,0,REG_DWORD,&dword_value,4);  //這裏最後一個參數如果不是4，會導致寫DWORD類型失敗。
if(!NT_SUCCESS(status))
DbgPrint("write fail^^\n");
else
DbgPrint("write success ~~\n");

//註冊表的讀
status=ZwQueryValueKey(my_key,&my_key_name,KeyValuePartialInformation,&key_infor,sizeof(KEY_VALUE_PARTIAL_INFORMATION),&ac_length);
if(!NT_SUCCESS(status)&&status!=STATUS_BUFFER_OVERFLOW&&status!=STATUS_BUFFER_TOO_SMALL)
DbgPrint("read value fail~\n");
else
DbgPrint("read value successful~\n");
ac_key_infor=(PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,ac_length,'MEM');//內存標誌不能超過四個字符
if(ac_key_infor==NULL)
DbgPrint("Allocate mem fail~\n");
else
DbgPrint("Allocate mem successful\n");
status=ZwQueryValueKey(my_key,&my_key_name,KeyValuePartialInformation,ac_key_infor,ac_length,&ac_length);
if(status!=STATUS_SUCCESS)
DbgPrint("Read fail");
else
{
if(ac_key_infor->Type==REG_BINARY)
for(datai=0;datai<ac_key_infor->DataLength;datai++)
DbgPrint("%x",ac_key_infor->Data[datai]);
else if(ac_key_infor->Type==REG_DWORD)
for(datai=0;datai<ac_key_infor->DataLength;datai++)   //從低位到高位存
DbgPrint("%x",ac_key_infor->Data[datai]);
else
DbgPrint("%ws",ac_key_infor->Data);
}