REAP Posted October 3, 2016 Posted October 3, 2016 Hello, I'm trying to write some code to emulate an application that is using ZwCreateKey and ZwQueryValueKey My environment is: Windows 7 DDK 7.1 Visual Studio 2010 When I specify #include <Wdm.h> I get the following error ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ MVL_0.1.cpp c:\winddk\7600.16385.1\inc\ddk\wdm.h(54): fatal error C1083: Cannot open include file: 'ntdef.h': No such file or directory ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== I am starting Visual Studio from within the: 'Win7 x86 Checked Build Environment' The Include Directories are: $(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;C:\WinDDK\7600.16385.1\inc\ddk;$(IncludePath) Appreciate some suggestions on what to try/check next Cheers
Insid3Code Posted October 4, 2016 Posted October 4, 2016 (edited) ntdef.h path (C:\WinDDK\7600.16385.1\inc\api) you need to add it in your include directories configuration... Edited October 4, 2016 by Insid3Code 1
REAP Posted October 8, 2016 Author Posted October 8, 2016 @Insid3Code You were right about that, thanks! Unfortunately I have encountered another error that I have been unable to resolve This is the error ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ MVL_0.1.cpp c:\winddk\7600.16385.1\inc\ddk\wdm.h(14197): fatal error C1189: #error : "No target architecture defined" ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== After a bit of research I found this post http://stackoverflow.com/questions/4104228/change-target-cpu-settings-in-visual-studio-2010-express However when I reach this step Quote Once you've opened the Configuration Manager dialog, go to the "Active solution platform" drop-down box and choose "New". From the "New Solution Platform" dialog that appears, you should be able to choose "x86" from the first drop-down box. There were no entries in the drop-down box So instead I tried entering: x86 which was accepted. So on the main page of Visual Studio the drop-down box states x86 rather than Win32 But when I try to build the error is unchanged. Does anyone have experience with this or might I be best to locate a full version of Visual Studio?
Insid3Code Posted October 8, 2016 Posted October 8, 2016 (edited) You can fix it by: #define _X86_ // 32-bit application build // #define _AMD64_ // 64-bit application build #include <wdm.h> Add your definition BEFORE: #include <wdm.h> Not AFTER. Edited October 8, 2016 by Insid3Code 1
REAP Posted October 9, 2016 Author Posted October 9, 2016 @Insid3Code Thanks again I've encountered another error which I can't figure out, hopefully you have some ideas. ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ MVL_0.1.cpp Generating Code... Skipping... (no relevant changes detected) stdafx.cpp RC : fatal error RC1106: invalid option: -ologo ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== I've stripped out all my code, so the error above seems to be an issue with my environment. // #include <stdio.h> #define _X86_ // 32-bit application build #include <Wdm.h> int winmain() { // HANDLE hKey; return 0; }
Insid3Code Posted October 9, 2016 Posted October 9, 2016 It's about Resource Compiler options (/nologo suppress startup logo). Check your project configuration and fix the missed "n" in "nologo" if your rc compiler support this option. 1
REAP Posted October 10, 2016 Author Posted October 10, 2016 (edited) @Insid3Code Thanks for responding ... I really appreciate your help! I've updated this post because I've since done some further testing. This error with the RC1106 (and a bunch of other errors that I've had since as I try different configurations) all seem to revolve around how I launch Visual Studio from within the DDK Build Environment. So at the moment I am starting VS2010 from within the Win7 x86 Checked Build Environment, but the include paths are being set within VS2010 The behaviour seems more predictable this way, albeit at the moment once I include "Wdm.h" the build still fails. 1st sample #include "stdafx.h" #include "stdio.h" /* #define _X86_ // 32-bit application build #include "Wdm.h" */ int _tmain(int argc, _TCHAR* argv[]) { wprintf(L"ZwCreateKey is OK! Registry key is HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Environment...\n"); return 0; } Works 2nd sample #include "stdafx.h" #include "stdio.h" #define _X86_ // 32-bit application build #include "Wdm.h" int _tmain(int argc, _TCHAR* argv[]) { wprintf(L"ZwCreateKey is OK! Registry key is HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Environment...\n"); return 0; } Fails ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ MVL_0.1.cpp c:\users\zen\documents\visual studio 2010\projects\mvl_0.1\mvl_0.1\mvl_0.1.cpp(9): fatal error C1083: Cannot open include file: 'Wdm.h': No such file or directory Generating Code... Skipping... (no relevant changes detected) stdafx.cpp ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== So I add: C:\WinDDK\7600.16385.1\inc\ddk into the Include path Try again This also fails as we would expect from previous experience ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ stdafx.cpp MVL_0.1.cpp c:\winddk\7600.16385.1\inc\ddk\wdm.h(54): fatal error C1083: Cannot open include file: 'ntdef.h': No such file or directory Generating Code... ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== So I add: C:\WinDDK\7600.16385.1\inc\api into the Include path Then I get all these errors (so it is still broken), but hopefully the resolution to these errors is more straight-forward than the RC1106. My (admittedly limited) understanding is that Resource Files is to do with cursors, icons, bitmaps and essentially graphical "resources". At the present time my program is a console app. I don't understand why I was getting errors related to resources - and in any event I could not find any reference to that cmd "-ologo". ------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------ stdafx.cpp MVL_0.1.cpp c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2144: syntax error : 'int' should be preceded by ';' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2143: syntax error : missing ';' before '__stdcall' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2377: 'LARGE_INTEGER' : redefinition; typedef cannot be overloaded with any other symbol c:\winddk\7600.16385.1\inc\api\ntdef.h(944) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8845): error C2146: syntax error : missing ';' before identifier 'Result' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8845): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8847): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8847): error C2228: left of '.QuadPart' must have class/struct/union type is ''unknown-type'' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8848): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2144: syntax error : 'int' should be preceded by ';' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2143: syntax error : missing ';' before '__stdcall' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2086: 'int LARGE_INTEGER' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8862): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8863): error C2146: syntax error : missing ';' before identifier 'Result' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8863): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8865): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8865): error C2228: left of '.QuadPart' must have class/struct/union type is ''unknown-type'' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8866): error C2065: 'Result' : undeclared identifier c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2144: syntax error : 'int' should be preceded by ';' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2143: syntax error : missing ';' before '__stdcall' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2086: 'int LARGE_INTEGER' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): error C2146: syntax error : missing ')' before identifier 'LargeInteger' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): warning C4229: anachronism used : modifiers on data are ignored c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8881): error C2059: syntax error : ')' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8882): error C2143: syntax error : missing ';' before '{' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8882): error C2447: '{' : missing function header (old-style formal list?) c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2144: syntax error : 'int' should be preceded by ';' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2143: syntax error : missing ';' before '__stdcall' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2086: 'int LARGE_INTEGER' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): error C2146: syntax error : missing ')' before identifier 'LargeInteger' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): warning C4229: anachronism used : modifiers on data are ignored c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8897): error C2059: syntax error : ')' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8898): error C2143: syntax error : missing ';' before '{' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8898): error C2447: '{' : missing function header (old-style formal list?) c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2144: syntax error : 'int' should be preceded by ';' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2143: syntax error : missing ';' before '__stdcall' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2086: 'int LARGE_INTEGER' : redefinition c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): error C2146: syntax error : missing ')' before identifier 'LargeInteger' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): warning C4229: anachronism used : modifiers on data are ignored c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(8913): error C2059: syntax error : ')' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8914): error C2143: syntax error : missing ';' before '{' c:\winddk\7600.16385.1\inc\ddk\wdm.h(8914): error C2447: '{' : missing function header (old-style formal list?) c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C2146: syntax error : missing ';' before identifier 'TmVirtualClock' c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C2146: syntax error : missing ';' before identifier 'VirtualClock' c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C2146: syntax error : missing ';' before identifier 'Timeout' c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(14959): error C2061: syntax error : identifier 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(14970): error C2061: syntax error : identifier 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(14982): error C2061: syntax error : identifier 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C2146: syntax error : missing ';' before identifier 'ExInterlockedAddLargeInteger' c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C2370: 'LARGE_INTEGER' : redefinition; different storage class c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(16526): error C2061: syntax error : identifier 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(16528): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2146: syntax error : missing ')' before identifier 'Cookie' c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2491: 'CmUnRegisterCallback' : definition of dllimport data not allowed c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2059: syntax error : ')' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C2146: syntax error : missing ';' before identifier 'CurrentByteOffset' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C2146: syntax error : missing ';' before identifier 'AllocationSize' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C2146: syntax error : missing ';' before identifier 'ByteOffset' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C2146: syntax error : missing ';' before identifier 'ByteOffset' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C2146: syntax error : missing ';' before identifier 'ByteOffset' c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(26157): error C2061: syntax error : identifier 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C2146: syntax error : missing ';' before identifier 'KeQueryPerformanceCounter' c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C2370: 'LARGE_INTEGER' : redefinition; different storage class c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER' c:\winddk\7600.16385.1\inc\ddk\wdm.h(26301): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int Generating Code... ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== Edited October 10, 2016 by REAP
Insid3Code Posted October 10, 2016 Posted October 10, 2016 I'm just curious! what build are you expected ? System kernel driver or Win32 or Native application ? I see some mixed code! (ddk headers and win32 main entry)
REAP Posted October 10, 2016 Author Posted October 10, 2016 My plan is to start out with a console app and try and get the driver code worked out. I always knew that there were going to be hurdles with that, although I wasn't anticipating these problems with the includes. The Win32 main entry was a test, at one stage when I was trying to troubleshoot the errors that I was having with the build, I tried creating a Win32 project just to see if I could access different settings in the VS project settings. Eventually if I can get the registry read and update code to work then I will try to integrate that code into a Win32 app so I have a GUI front-end. At this stage that looks to be some way off Any thoughts on why when I add: C:\WinDDK\7600.16385.1\inc\api to the include path that I then get all those other build errors?
Insid3Code Posted October 11, 2016 Posted October 11, 2016 The compiler errors related to "wdm.h" are not really errors, its just a conflict caused by using it out side kernel driver development context. If you plan to use some functions from "wdm.h" (dedicated to kernel driver development) in your Win32 Application you need to use "ntdll.h" header instead, and thinking in Native context. Mixing ddk headers and Win32 headers leads to a lot of conflicts (by design these headers are separated to avoid this kind of conflict) Native example using ntdll.h header: #include <windows.h> #include <ntdll.h> #include <stdio.h> int main() { UNICODE_STRING ObjectName; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE ObjectHandle = NULL; ULONG_PTR dwDisposition; NTSTATUS NtStatus; RtlInitUnicodeString(&ObjectName, L"\\Registry\\Machine\\Software\\TargetKey"); InitializeObjectAttributes(&ObjectAttributes, &ObjectName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 0, NULL); NtStatus = NtCreateKey(&ObjectHandle, KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, REG_OPTION_VOLATILE, &dwDisposition); if (NtStatus == STATUS_SUCCESS) { if (dwDisposition == REG_CREATED_NEW_KEY) printf("Registry key Created."); if (dwDisposition == REG_OPENED_EXISTING_KEY) printf("Registry key Opened."); } if (ObjectHandle != NULL) { NtDeleteKey(ObjectHandle); NtClose(ObjectHandle); } getchar(); return 0; } Kernel driver example (The same snippet) using wdm.h header: #include <wdm.h> NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) { UNICODE_STRING ObjectName; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE ObjectHandle = NULL; ULONG_PTR dwDisposition; NTSTATUS NtStatus; RtlInitUnicodeString(&ObjectName, L"\\Registry\\Machine\\Software\\TargetKey"); InitializeObjectAttributes(&ObjectAttributes, &ObjectName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 0, NULL); NtStatus = ZwCreateKey(&ObjectHandle, KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, REG_OPTION_VOLATILE, &dwDisposition); if (NtStatus == STATUS_SUCCESS) { if (dwDisposition == REG_CREATED_NEW_KEY) DbgPrint("Registry key Created."); if (dwDisposition == REG_OPENED_EXISTING_KEY) DbgPrint("Registry key Opened."); } if (ObjectHandle != NULL) { ZwDeleteKey(ObjectHandle); ZwClose(ObjectHandle); } return STATUS_SUCCESS; } 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now