[Dev] Windows Kernel - REGISTRY

Open nixawk opened this issue 8 years ago • 0 comments

HANDLE reg_key = NULL;
NTSTATUS status;

UNICODE_STRING key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion");
OBJECT_ATTRIBUTE object_attribute = {0};

InitializeObjectAttributes(
    &object_attribute,
    &key_path,
    OBJ_CASE_INSENSITIVE,
    NULL,
    NULL
);
status = ZwOpenKey(&reg_key, KEY_READ, &object_attribute);
if (!NT_SUCCESS(status))
{
    ....
}

References

ZwOpenKey
ZwQueryValueKey
ZwSetValueKey

Sep 10 '17 02:09 nixawk