ZwOpenKey

本文详细介绍了ZwOpenKey函数的使用方法,包括其参数说明、返回值含义及注意事项等。该函数用于打开已存在的注册表键,并提供了一个用于操纵注册表键的句柄。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

ZwOpenKey

The ZwOpenKey routine opens an existing registry key.

NTSTATUS
ZwOpenKey(
OUT PHANDLE KeyHandle ,
IN ACCESS_MASK DesiredAccess ,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

Parameters
KeyHandle
Pointer to the HANDLE variable that receives the handle to the key.
DesiredAccess
Specifies an ACCESS_MASK value that determines the requested access to the object. For more information, see the DesiredAccess parameter of ZwCreateKey .
ObjectAttributes
Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes .
Return Value

ZwOpenKey returns STATUS_SUCCESS if the given key was opened. Otherwise, it can return an error status, including the following:

STATUS_INVALID_HANDLE

STATUS_ACCESS_DENIED

Comments

ZwOpenKey supplies a handle that the caller can use to manipulate a registry key. The routine provides a subset of the functionality of ZwCreateKey . For more information, see Using the Registry in a Driver.

If the specified key does not exist, ZwOpenKey returns an error status and does not return a key handle.

Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.

ZwOpenKey ignores the security information in the structure that the ObjectAttributes parameter points to.

If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.

For more information about working with registry keys, see Using the Registry in a Driver.

Note   If the call to this function occurs in user mode, you should use the name "NtOpenKey " instead of "ZwOpenKey ".

Requirements

IRQL: PASSIVE_LEVEL

Headers: Declared in Wdm.h . Include Wdm.h , Ntddk.h , or Ntifs.h .

### Windows 内核驱动开发教程 #### 创建基础环境 为了开始编写 Windows 内核模式驱动程序,开发者需安装 Windows 驱动工具包 (WDK),并配置集成开发环境 Visual Studio。通过Visual Studio创建新的WDM(Windows Driver Model)驱动项目时可以选择“Empty WDM Driver”,这会提供一个基本框架用于进一步定制[^2]。 #### 连接调试器 在实际环境中测试和调试内核级代码至关重要。连接至目标计算机上的调试器允许实时监控驱动行为以及捕获潜在错误信息。具体操作可参照官方文档指导完成设置过程[^1]。 #### 注册表访问 注册表作为操作系统存储配置数据的地方,在驱动开发中有重要作用。它不仅能够保存硬件参数还能记录软件状态等信息。利用 `ZwOpenKey()` 函数可以实现对指定路径下键值的操作权限获取;而像`IoOpenDeviceRegistryKey` 和 `IoOpenDeviceInterfaceRegistryKey`这样的API则专门用来处理与设备实例及其接口关联的特殊位置的数据读写需求[^3][^4]。 ```cpp NTSTATUS OpenRegKey(PHANDLE KeyHandle, PUNICODE_STRING RegPath){ OBJECT_ATTRIBUTES obja; HANDLE hKey = NULL; InitializeObjectAttributes(&obja, RegPath, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); NTSTATUS status = ZwOpenKey(KeyHandle, KEY_READ|KEY_WRITE, &obja); if (!NT_SUCCESS(status)){ DbgPrint("Failed to open registry key %wZ with error code:%X\n", RegPath,status ); *KeyHandle=NULL; } return status; } ``` 此C++片段展示了如何定义一个辅助方法来简化注册表键的打开流程,并包含了必要的异常处理逻辑以确保稳健性。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值