Windows内核代码片段
+ -
Windows驱动中注册系统关闭重启回调函数IoRegisterShutdownNotification
Windows内核STRING转UNICODE

Windows驱动中读取注册表中的DWORD32值

2022-02-11 46 0 
ULONG GetRegisterMicChannelDWORD32()
{
    HANDLE hHandle = NULL;
    OBJECT_ATTRIBUTES oa;
    NTSTATUS statues;
    UNICODE_STRING  path;
    UNICODE_STRING  keyName;
    ULONG rtn = 0;
    UCHAR buff[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 4] = { 0 };
    ULONG MicChannelDisableMask = 0;


    RtlInitUnicodeString(&path, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\pnpon");
    RtlInitUnicodeString(&keyName, L"DWORD32_KEY");//设置键名字        

    InitializeObjectAttributes(&oa, &path, OBJ_CASE_INSENSITIVE, NULL, NULL);

    do
    {
        statues = ZwOpenKey(&hHandle, KEY_ALL_ACCESS, &oa);
        if (!NT_SUCCESS(statues))
        {
            break;
        }

        statues = ZwQueryValueKey(hHandle, &keyName, KeyValuePartialInformation, (PVOID)buff, sizeof(buff), &rtn);
        if (NT_SUCCESS(statues))
        {
            PKEY_VALUE_PARTIAL_INFORMATION prv = (PKEY_VALUE_PARTIAL_INFORMATION)buff;
            if (prv->DataLength == sizeof(ULONG))
            {
                RtlCopyMemory(&MicChannelDisableMask, prv->Data, sizeof(ULONG));
            }
        }

    } while (0);


    if (hHandle != NULL)
    {
        ZwClose(hHandle);
        hHandle = NULL;
    }

    return MicChannelDisableMask;
}
Windows驱动中注册系统关闭重启回调函数IoRegisterShutdownNotification
Windows内核STRING转UNICODE

0 篇笔记 写笔记

Windows驱动中读取注册表中的DWORD32值
ULONG GetRegisterMicChannelDWORD32(){ HANDLE hHandle = NULL; OBJECT_ATTRIBUTES oa; NTSTATUS statues; UNICODE_STRING path; UNICOD......
作者信息
我爱内核
Windows驱动开发,网站开发
好好学习,天天向上。
  • Windows驱动
  • KS-AUDIO-COM
  • Windows消息队列
  • Windows进程&线程
  • 驱动批处理示例
    • 取消
    感谢您的支持,我会继续努力的!
    扫码支持
    扫码打赏,你说多少就多少

    打开支付宝扫一扫,即可进行扫码打赏哦

    您的支持,是我们前进的动力!