search

nixawk / Awesome-Windows-Debug

Debug Windows Application / Kernel
78 stars 34 forks source link

[Dev] Windows Kernel - REGISTRY #14

Open nixawk opened 7 years ago

nixawk commented 7 years ago 
HANDLE reg_key = NULL;
NTSTATUS status;

UNICODE_STRING key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion");
OBJECT_ATTRIBUTE object_attribute = {0};

InitializeObjectAttributes(
    &object_attribute,
    &key_path,
    OBJ_CASE_INSENSITIVE,
    NULL,
    NULL
);
status = ZwOpenKey(&reg_key, KEY_READ, &object_attribute);
if (!NT_SUCCESS(status))
{
    ....
}

References