You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
136 lines
3.2 KiB
136 lines
3.2 KiB
//---------------------------------------------------------------------------
|
|
//
|
|
// Module: registry.c
|
|
//
|
|
// Description:
|
|
//
|
|
//
|
|
//@@BEGIN_MSINTERNAL
|
|
// Development Team:
|
|
// Mike McLaughlin
|
|
//
|
|
// History: Date Author Comment
|
|
//
|
|
// To Do: Date Author Comment
|
|
//
|
|
//@@END_MSINTERNAL
|
|
//
|
|
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
|
|
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
|
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
|
|
// PURPOSE.
|
|
//
|
|
// Copyright (c) 1996-1999 Microsoft Corporation. All Rights Reserved.
|
|
//
|
|
//---------------------------------------------------------------------------
|
|
|
|
#include "common.h"
|
|
|
|
//===========================================================================
|
|
//===========================================================================
|
|
|
|
|
|
//
|
|
// OpenRegistryKeyForRead
|
|
//
|
|
NTSTATUS
|
|
OpenRegistryKeyForRead(
|
|
PCWSTR pcwstr,
|
|
PHANDLE pHandle,
|
|
HANDLE hRootDir
|
|
)
|
|
{
|
|
UNICODE_STRING UnicodeDeviceString;
|
|
OBJECT_ATTRIBUTES ObjectAttributes;
|
|
|
|
RtlInitUnicodeString(&UnicodeDeviceString, pcwstr);
|
|
|
|
//
|
|
// SECURITY NOTE:
|
|
// This function is called from AddFilter notification function
|
|
// which runs under system process.
|
|
// Therefore OBJ_KERNEL_HANDLE is not necessary.
|
|
//
|
|
InitializeObjectAttributes(
|
|
&ObjectAttributes,
|
|
&UnicodeDeviceString,
|
|
OBJ_CASE_INSENSITIVE,
|
|
hRootDir,
|
|
NULL);
|
|
|
|
return(ZwOpenKey(
|
|
pHandle,
|
|
KEY_READ,
|
|
&ObjectAttributes));
|
|
} // OpenRegistryKeyForRead
|
|
|
|
NTSTATUS
|
|
QueryRegistryValue(
|
|
HANDLE hkey,
|
|
PCWSTR pcwstrValueName,
|
|
PKEY_VALUE_FULL_INFORMATION *ppkvfi
|
|
)
|
|
{
|
|
UNICODE_STRING ustrValueName;
|
|
NTSTATUS Status;
|
|
ULONG cbValue;
|
|
|
|
ASSERT(pcwstrValueName);
|
|
ASSERT(ppkvfi);
|
|
|
|
*ppkvfi = NULL;
|
|
RtlInitUnicodeString(&ustrValueName, pcwstrValueName);
|
|
|
|
//
|
|
// Get the size of buffer required to read the registry key.
|
|
//
|
|
Status = ZwQueryValueKey(
|
|
hkey,
|
|
&ustrValueName,
|
|
KeyValueFullInformation,
|
|
NULL,
|
|
0,
|
|
&cbValue);
|
|
|
|
//
|
|
// SECURITY NOTE:
|
|
// If the above ZwQueryValueKey function returns STATUS_SUCCESS, the callers
|
|
// will get pkvfi = NULL. And eventually crash.
|
|
// The good news is that ZwQueryValueKey will never return STATUS_SUCCESS
|
|
// with KeyValueFullInformation.
|
|
//
|
|
ASSERT(!(NT_SUCCESS(Status)));
|
|
|
|
if(Status != STATUS_BUFFER_OVERFLOW &&
|
|
Status != STATUS_BUFFER_TOO_SMALL) {
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// Allocate the data buffer.
|
|
//
|
|
*ppkvfi = (PKEY_VALUE_FULL_INFORMATION) new BYTE[cbValue];
|
|
if(*ppkvfi == NULL) {
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto exit;
|
|
}
|
|
|
|
//
|
|
// Read the actual data and associated type information.
|
|
//
|
|
Status = ZwQueryValueKey(
|
|
hkey,
|
|
&ustrValueName,
|
|
KeyValueFullInformation,
|
|
*ppkvfi,
|
|
cbValue,
|
|
&cbValue);
|
|
if(!NT_SUCCESS(Status)) {
|
|
delete *ppkvfi;
|
|
*ppkvfi = NULL;
|
|
goto exit;
|
|
}
|
|
|
|
exit:
|
|
return(Status);
|
|
}
|