NTSTATUS RtlReadRegistry( IN PWCHAR RegistryPath , IN PWCHAR Name)
{
HANDLE reg;
OBJECT_ATTRIBUTES oa;
NTSTATUS ntStatus = STATUS_SUCCESS;
PVOID BufImagPathName = NULL;
UNICODE_STRING uImagPathNameString = {0,};
UNICODE_STRING A,uRegistryPath;
PKEY_VALUE_PARTIAL_INFORMATION bufA;
ULONG ActualSize;
RtlInitUnicodeString(&uRegistryPath, RegistryPath);
InitializeObjectAttributes(&oa,uRegistryPath,OBJ_KERNEL_HANDLE ,NULL,NULL);
ntStatus=ZwOpenKey(®,KEY_QUERY_VALUE,&oa);
if( ntStatus == STATUS_SUCCESS )
{
RtlInitUnicodeString(&A, Name);
ntStatus=ZwQueryValueKey(reg,&A,KeyValuePartialInformation , NULL ,0,&ActualSize);
if (ntStatus == STATUS_BUFFER_OVERFLOW || ntStatus == STATUS_BUFFER_TOO_SMALL )
{
BufImagPathNam=ExAllocatePoolWithTag(PagedPool,sizeof(KEY_VALUE_PARTIAL_INFORMATION) +ActualSize+1 , 'TEST' );
if( !BufImagPathName )
{
ZwClose(reg);
return STATUS_UNSUCCESSFUL;
}
bufA=BufImagPathName;
ntStatus=ZwQueryValueKey(reg,&A,KeyValuePartialInformation , bufA ,sizeof(KEY_VALUE_PARTIAL_INFORMATION)+ActualSize+1,&ActualSize);
if (ntStatus == STATUS_SUCCESS)
{
ExFreePoolWithTag( BufImagPathName , 'TEST' );
ZwClose(reg);
return ntStatus;
}
else
{
ExFreePoolWithTag( BufImagPathName , 'TEST' );
ZwClose(reg);
return ntStatus;
}
}
else
{
ZwClose(reg);
return ntStatus;
}
}
return ntStatus;
}
디폴트 스트링 값을 읽을 시 -> L'"
User Mode
BOOL ReadRegistry( PCHAR RegistryPath , PCHAR Value )
{
HKEY hKey;
char szProductType[512];
DWORD dwBufLen=512;
LONG lRet;
if( lRet != ERROR_SUCCESS )
return FALSE;
if( (lRet != ERROR_SUCCESS) || (dwBufLen > 512) )
return FALSE;
}