windows Driver 查询指定键值

时间:2022-06-07 15:44:42
NTSTATUS status;

	HANDLE hKey = NULL;

	OBJECT_ATTRIBUTES oa;

	UNICODE_STRING strPath = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\HARDWARE\\DEVICEMAP\\SERIALCOMM");

	UNICODE_STRING strKeyName = RTL_CONSTANT_STRING(L"\\Device\\Serial0");

	ULONG ResultLength = 0;

	PKEY_VALUE_PARTIAL_INFORMATION Pkvpi;

	ULONG index = 0;

	UNICODE_STRING strOutPut;

	wchar_t strTemp[ArrayLength] = {0};

	RtlInitEmptyUnicodeString(&strOutPut, strTemp, ArrayLength);

	InitializeObjectAttributes(&oa, &strPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);

	status = ZwOpenKey(&hKey, KEY_ALL_ACCESS, &oa);

	if (!NT_SUCCESS(status)){

		KdPrint(("ZwOpenKey failed"));

		return;

	}

	status = ZwQueryValueKey(hKey, &strKeyName, KeyValuePartialInformation, NULL, 0, &ResultLength);

	if (status == STATUS_OBJECT_NAME_NOT_FOUND || ResultLength == 0){

		KdPrint(("ZwQueryValueKey failed"));

		ZwClose(hKey);

		return ;

	}

	Pkvpi = (PKEY_VALUE_PARTIAL_INFORMATION) ExAllocatePool(PagedPool, ResultLength);

	if (!Pkvpi){

		KdPrint(("ExAllocatePool failed"));

		ExFreePool(Pkvpi);

		ZwClose(hKey);

		return;

	}

	status = ZwQueryValueKey(hKey, &strKeyName, KeyValuePartialInformation, Pkvpi, ResultLength, &ResultLength);

	if (!NT_SUCCESS(status)){

		KdPrint(("ZwQueryValueKey failed"));

		ExFreePool(Pkvpi);

		ZwClose(hKey);

		return;

	}

	RtlStringCbPrintfW(strOutPut.Buffer, ArrayLength, L"%s", Pkvpi->Data);

	KdPrint(("%ws", strOutPut.Buffer));

	ExFreePool(Pkvpi);

	ZwClose(hKey);

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章