内核操作注册表例子
void GetComputerName()
{
NTSTATUS status;
HANDLE hRegKey;
UNICODE_STRING RegPath;
OBJECT_ATTRIBUTES attributes;
PKEY_VALUE_PARTIAL_INFORMATION pValInfo;
RtlInitUnicodeString(&RegPath, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ComputerName\\ComputerName" );
InitializeObjectAttributes(&attributes, &RegPath, OBJ_CASE_INSENSITIVE,NULL,NULL);
status = ZwOpenKey( &hRegKey,KEY_READ,&attributes);
if(NT_SUCCESS(status))
{
ULONG dataSize = 0;
UNICODE_STRING valueName;
RtlInitUnicodeString(&valueName, L"ComputerName");
status = ZwQueryValueKey(hRegKey,&valueName,KeyValuePartialInformation,NULL,0,&dataSize);
if(status==STATUS_BUFFER_TOO_SMALL)
{
pValInfo = ExAllocatePool( NonPagedPool, dataSize );
if(pValInfo!=NULL)
{
status = ZwQueryValueKey(hRegKey,&valueName,KeyValuePartialInformation,pValInfo,dataSize,&dataSize);
if(NT_SUCCESS(status) && pValInfo->Type==REG_SZ)
{
ANSI_STRING sComputerName;
UNICODE_STRING szComputerName;
RtlInitUnicodeString(&szComputerName, (WCHAR*)pValInfo->Data);
if(STATUS_SUCCESS==RtlUnicodeStringToAnsiString(&sComputerName,&szComputerName,TRUE))
{
RtlStringCchCopyA(gHostName,16,sComputerName.Buffer);
RtlFreeAnsiString(&sComputerName);
}
}
ExFreePool( pValInfo );
}
}
ZwClose(hRegKey);
}
}