Windows驱动开发之注册表操作_windows注册表objetdirectories-优快云博客

本文介绍了如何在Windows驱动程序中进行注册表操作，包括打开注册表键、读取和写入键值。详细讲解了使用ZwCreateKey、ZwOpenKey、ZwQueryValueKey和ZwSetValueKey等API的步骤，并提供了示例代码。

转载请注明来源:
enjoy5512的博客 : http://blog.youkuaiyun.com/enjoy5512
GitHub : https://github.com/whu-enjoy

1. 在驱动中操作注册表

注册表项相当于文件夹，注册表子项子文件夹（类似目录）

1.1 打开注册表键

ZwCreateKey/ZwOpenKey
代码中测试了ZwOpenKey的使用方式
先初始化OBJECT_ATTRIBUTES结构体,然后打开注册表键


NTSTATUS ZwCreateKey(
  _Out_      PHANDLE            KeyHandle,
  _In_       ACCESS_MASK        DesiredAccess,
  _In_       POBJECT_ATTRIBUTES ObjectAttributes,
  _Reserved_ ULONG              TitleIndex,
  _In_opt_   PUNICODE_STRING    Class,
  _In_       ULONG              CreateOptions,
  _Out_opt_  PULONG             Disposition
);

Parameters

KeyHandle [out]
Pointer to a HANDLE variable that receives a handle to the key.

DesiredAccess [in]
Specifies an ACCESS_MASK value that determines the requested access to the object. In addition to the access rights that are defined for all types of objects (see ACCESS_MASK), the caller can specify one or more of the following access rights, which are specific to object directories:

DesiredAccess flag	Allows caller to do this
KEY_QUERY_VALUE	Read key values.
KEY_SET_VALUE	Write key values.
KEY_CREATE_SUB_KEY	Create subkeys for the key.
KEY_ENUMERATE_SUB_KEYS	Read the key’s subkeys.
KEY_CREATE_LINK	Create a symbolic link to the key. This flag is not used by device and intermediate drivers.
KEY_NOTIFY	Ask to receive notification when the name, value, or attributes of the key change. For more information, see ZwNotifyChangeKey.

The caller can also specify one of the following constants, which combines several ACCESS_MASK flags.

Constant Consists of these	ACCESS_MASK flags
KEY_READ	STANDARD_RIGHTS_READ, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY
KEY_WRITE	STANDARD_RIGHTS_WRITE, KEY_SET_VALUE, and KEY_CREATE_SUBKEY
KEY_EXECUTE	Same as KEY_READ.
KEY_ALL_ACCESS	STANDARD_RIGHTS_ALL, KEY_QUERY_VALUE, KEY_SET_VALUE, KEY_CREATE_SUB_KEY, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, and KEY_CREATE_LINK

ObjectAttributes [in]
Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes.
TitleIndex
Device and intermediate drivers set this parameter to zero.

Class [in, optional]
Pointer to a Unicode string that contains the key's object class. This information is used by the configuration manager.

CreateOptions [in]
Specifies the options to