-
-
[求助]ZwQueryValueKey 蓝屏
-
发表于: 2009-9-6 09:15
-
HANDLE hKey = NULL;
UNICODE_STRING key_name = RTL_CONSTANT_STRING(L"SystemRoot");
UNICODE_STRING key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\MicroSoft\\Windows NT\\CurrentVersion");
OBJECT_ATTRIBUTES object_attr;
KEY_VALUE_PARTIAL_INFORMATION keyInfo;
PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo;
ULONG ulLength;
InitializeObjectAttributes(&object_attr,&key_path,OBJ_CASE_INSENSITIVE ,NULL,NULL);
status = ZwOpenKey(&hKey,
KEY_READ,
&object_attr);
if (!NT_SUCCESS(status))
{
goto last;
}
status = ZwQueryValueKey(hKey,
&key_name,
KeyValuePartialInformation,
&keyInfo,
sizeof(KEY_VALUE_PARTIAL_INFORMATION),
&ulLength);
if (!NT_SUCCESS(status) && status != STATUS_BUFFER_OVERFLOW && status != STATUS_BUFFER_TOO_SMALL)
{
goto last;
}
pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,ulLength,'TAG');
if (pKeyInfo == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
goto last;
}
status = ZwQueryValueKey(hKey,
&key_name,
KeyValuePartialInformation,
&keyInfo,
ulLength,
&ulLength);
last:
if (hKey != NULL)
{
ZwClose(hKey);
}
if (pKeyInfo != NULL)
{
ExFreePool(pKeyInfo);
}
///////////////////////////////////////////////////////////////////////////////////////////
UNICODE_STRING key_name = RTL_CONSTANT_STRING(L"SystemRoot");
UNICODE_STRING key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\MicroSoft\\Windows NT\\CurrentVersion");
OBJECT_ATTRIBUTES object_attr;
KEY_VALUE_PARTIAL_INFORMATION keyInfo;
PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo;
ULONG ulLength;
InitializeObjectAttributes(&object_attr,&key_path,OBJ_CASE_INSENSITIVE ,NULL,NULL);
status = ZwOpenKey(&hKey,
KEY_READ,
&object_attr);
if (!NT_SUCCESS(status))
{
goto last;
}
status = ZwQueryValueKey(hKey,
&key_name,
KeyValuePartialInformation,
&keyInfo,
sizeof(KEY_VALUE_PARTIAL_INFORMATION),
&ulLength);
if (!NT_SUCCESS(status) && status != STATUS_BUFFER_OVERFLOW && status != STATUS_BUFFER_TOO_SMALL)
{
goto last;
}
pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool,ulLength,'TAG');
if (pKeyInfo == NULL)
{
status = STATUS_INSUFFICIENT_RESOURCES;
goto last;
}
status = ZwQueryValueKey(hKey,
&key_name,
KeyValuePartialInformation,
&keyInfo,
ulLength,
&ulLength);
last:
if (hKey != NULL)
{
ZwClose(hKey);
}
if (pKeyInfo != NULL)
{
ExFreePool(pKeyInfo);
}
///////////////////////////////////////////////////////////////////////////////////////////
|
|
|---|---|
|
|
|
|
|
status = ZwQueryValueKey(hKey,
&key_name, KeyValuePartialInformation, &keyInfo, ulLength, &ulLength); 楼主要仔细~ 
|
|
|
|
