Open mingkuang-Chuyu opened 4 months ago
刚好看到这个 issue 提到了NtOpenKeyEx
函数,按照自己的思路实现了一个版本:
NTSTATUS NTAPI NtOpenKeyEx(HANDLE *KeyHandle, ACCESS_MASK DesiredAccess, OBJECT_ATTRIBUTES *ObjectAttributes, ULONG OpenOptions)
{
NTSTATUS Status;
__try
{
OBJECT_ATTRIBUTES KeyObject;
HANDLE Handle;
if (OpenOptions & REG_OPTION_OPEN_LINK)
{
KeyObject.Length = ObjectAttributes->Length;
KeyObject.RootDirectory = ObjectAttributes->RootDirectory;
KeyObject.ObjectName = ObjectAttributes->ObjectName;
KeyObject.Attributes = ObjectAttributes->Attributes | OBJ_OPENLINK;
KeyObject.SecurityDescriptor = ObjectAttributes->SecurityDescriptor;
KeyObject.SecurityQualityOfService = ObjectAttributes->SecurityQualityOfService;
ObjectAttributes = &KeyObject;
}
Status = NtOpenKey(&Handle, DesiredAccess, ObjectAttributes);
if (NT_SUCCESS(Status))
{
if (OpenOptions & REG_OPTION_BACKUP_RESTORE)
{
Status = NtCreateKey(KeyHandle, DesiredAccess, ObjectAttributes, 0, NULL, REG_OPTION_BACKUP_RESTORE, NULL);
NtClose(Handle);
}
else
{
memcpy(KeyHandle, &Handle, sizeof(Handle));
}
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}
return Status;
}
贾可
@KohChia 感谢你的帮助。虽然我这边已经实现了,但是你确实也为了提供了一种优化方案。之前代码未考虑到OBJ_OPENLINK也能打开符号链接,我尝试优化一下。
特殊功能类
Report By YY.Depends.Analyzer (Target:5.2.3790-x64)
advapi32.dll
api-ms-win-core-handle-l1-1-0.dll
api-ms-win-power-setting-l1-1-0.dll
cfgmgr32.dll
credui.dll
d3d12.dll
kernel32.dll
mf.dll
mfplat.dll
mfreadwrite.dll
ncrypt.dll
ndfapi.dll
ntdll.dll
propsys.dll
rpcrt4.dll
uiautomationcore.dll
user32.dll
winusb.dll