Jump to content
Tuts 4 You

Cannot open include file: ntdef.h


REAP

Recommended Posts

Hello,

I'm trying to write some code to emulate an application that is using ZwCreateKey and ZwQueryValueKey

My environment is:

  • Windows 7 DDK 7.1
  • Visual Studio 2010

When I specify

#include <Wdm.h>

I get the following error

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  MVL_0.1.cpp
c:\winddk\7600.16385.1\inc\ddk\wdm.h(54): fatal error C1083: Cannot open include file: 'ntdef.h': No such file or directory
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

I am starting Visual Studio from within the: 'Win7 x86 Checked Build Environment'

The Include Directories are: 

$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;C:\WinDDK\7600.16385.1\inc\ddk;$(IncludePath)

Appreciate some suggestions on what to try/check next

Cheers

Link to comment

ntdef.h path (C:\WinDDK\7600.16385.1\inc\api) you need to add it in your include directories configuration...

Edited by Insid3Code
  • Like 1
Link to comment

@Insid3Code

You were right about that, thanks!

Unfortunately I have encountered another error that I have been unable to resolve

This is the error

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  MVL_0.1.cpp
c:\winddk\7600.16385.1\inc\ddk\wdm.h(14197): fatal error C1189: #error :  "No target architecture defined"
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

After a bit of research I found this post

http://stackoverflow.com/questions/4104228/change-target-cpu-settings-in-visual-studio-2010-express

However when I reach this step

Quote

Once you've opened the Configuration Manager dialog, go to the "Active solution platform" drop-down box and choose "New". From the "New Solution Platform" dialog that appears, you should be able to choose "x86" from the first drop-down box.

There were no entries in the drop-down box

So instead I tried entering: x86

which was accepted. So on the main page of Visual Studio the drop-down box states x86 rather than Win32

But when I try to build the error is unchanged.

Does anyone have experience with this or might I be best to locate a full version of Visual Studio?

Link to comment

You can fix it by:

#define _X86_  // 32-bit application build
// #define _AMD64_  // 64-bit application build
#include <wdm.h>

Add your definition BEFORE:

#include <wdm.h>

Not AFTER.

Edited by Insid3Code
  • Like 1
Link to comment

@Insid3Code

Thanks again

I've encountered another error which I can't figure out, hopefully you have some ideas.

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  MVL_0.1.cpp
  Generating Code...
  Skipping... (no relevant changes detected)
  stdafx.cpp
RC : fatal error RC1106: invalid option: -ologo
  
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

I've stripped out all my code, so the error above seems to be an issue with my environment.

// #include <stdio.h>

#define _X86_  // 32-bit application build
#include <Wdm.h>


int winmain()
{
	//	HANDLE hKey;
		return 0; 
}

 

 

Link to comment

It's about Resource Compiler options (/nologo suppress startup logo).
Check your project configuration and fix the missed  "n" in "nologo" if your rc compiler support this option.

  • Like 1
Link to comment

@Insid3Code

Thanks for responding ... I really appreciate your help!

I've updated this post because I've since done some further testing.

This error with the RC1106 (and a bunch of other errors that I've had since as I try different configurations) all seem to revolve around how I launch Visual Studio from within the DDK Build Environment. 

So at the moment I am starting VS2010 from within the Win7 x86 Checked Build Environment, but the include paths are being set within VS2010

The behaviour seems more predictable this way, albeit at the moment once I include "Wdm.h" the build still fails.

1st sample

#include "stdafx.h"
#include "stdio.h"

/*
#define _X86_  // 32-bit application build
#include "Wdm.h"
*/

int _tmain(int argc, _TCHAR* argv[])
{
	wprintf(L"ZwCreateKey is OK! Registry key is HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Environment...\n");
	return 0;
}

Works

2nd sample

#include "stdafx.h"
#include "stdio.h"


#define _X86_  // 32-bit application build
#include "Wdm.h"


int _tmain(int argc, _TCHAR* argv[])
{
	wprintf(L"ZwCreateKey is OK! Registry key is HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Environment...\n");
	return 0;
}

Fails

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  MVL_0.1.cpp
c:\users\zen\documents\visual studio 2010\projects\mvl_0.1\mvl_0.1\mvl_0.1.cpp(9): fatal error C1083: Cannot open include file: 'Wdm.h': No such file or directory
  Generating Code...
  Skipping... (no relevant changes detected)
  stdafx.cpp
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

So I add: C:\WinDDK\7600.16385.1\inc\ddk

into the Include path

Try again

This also fails as we would expect from previous experience

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  stdafx.cpp
  MVL_0.1.cpp
c:\winddk\7600.16385.1\inc\ddk\wdm.h(54): fatal error C1083: Cannot open include file: 'ntdef.h': No such file or directory
  Generating Code...
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

So I add: C:\WinDDK\7600.16385.1\inc\api

into the Include path

Then I get all these errors (so it is still broken), but hopefully the resolution to these errors is more straight-forward than the RC1106.

My (admittedly limited) understanding is that Resource Files is to do with cursors, icons, bitmaps and essentially graphical "resources". At the present time my program is a console app. I don't understand why I was getting errors related to resources - and in any event I could not find any reference to that cmd "-ologo".  

------ Build started: Project: MVL_0.1, Configuration: Debug Win32 ------
  stdafx.cpp
  MVL_0.1.cpp
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2144: syntax error : 'int' should be preceded by ';'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2143: syntax error : missing ';' before '__stdcall'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840): error C2377: 'LARGE_INTEGER' : redefinition; typedef cannot be overloaded with any other symbol
          c:\winddk\7600.16385.1\inc\api\ntdef.h(944) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8844): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8845): error C2146: syntax error : missing ';' before identifier 'Result'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8845): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8847): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8847): error C2228: left of '.QuadPart' must have class/struct/union
          type is ''unknown-type''
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8848): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2144: syntax error : 'int' should be preceded by ';'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2143: syntax error : missing ';' before '__stdcall'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8858): error C2086: 'int LARGE_INTEGER' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8862): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8863): error C2146: syntax error : missing ';' before identifier 'Result'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8863): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8865): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8865): error C2228: left of '.QuadPart' must have class/struct/union
          type is ''unknown-type''
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8866): error C2065: 'Result' : undeclared identifier
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2144: syntax error : 'int' should be preceded by ';'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2143: syntax error : missing ';' before '__stdcall'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8877): error C2086: 'int LARGE_INTEGER' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): error C2146: syntax error : missing ')' before identifier 'LargeInteger'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): warning C4229: anachronism used : modifiers on data are ignored
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8879): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8881): error C2059: syntax error : ')'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8882): error C2143: syntax error : missing ';' before '{'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8882): error C2447: '{' : missing function header (old-style formal list?)
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2144: syntax error : 'int' should be preceded by ';'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2143: syntax error : missing ';' before '__stdcall'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8893): error C2086: 'int LARGE_INTEGER' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): error C2146: syntax error : missing ')' before identifier 'LargeInteger'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): warning C4229: anachronism used : modifiers on data are ignored
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8895): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8897): error C2059: syntax error : ')'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8898): error C2143: syntax error : missing ';' before '{'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8898): error C2447: '{' : missing function header (old-style formal list?)
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2144: syntax error : 'int' should be preceded by ';'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2086: 'int DECLSPEC_DEPRECATED_DDK_WINXP' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8838) : see declaration of 'DECLSPEC_DEPRECATED_DDK_WINXP'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2143: syntax error : missing ';' before '__stdcall'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2433: 'LARGE_INTEGER' : 'inline' not permitted on data declarations
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8909): error C2086: 'int LARGE_INTEGER' : redefinition
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): error C2146: syntax error : missing ')' before identifier 'LargeInteger'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): warning C4229: anachronism used : modifiers on data are ignored
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8911): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8913): error C2059: syntax error : ')'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8914): error C2143: syntax error : missing ';' before '{'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(8914): error C2447: '{' : missing function header (old-style formal list?)
c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C2146: syntax error : missing ';' before identifier 'TmVirtualClock'
c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\program files\microsoft sdks\windows\v7.0a\include\ktmtypes.h(136): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C2146: syntax error : missing ';' before identifier 'VirtualClock'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10199): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C2146: syntax error : missing ';' before identifier 'Timeout'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(10222): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(14959): error C2061: syntax error : identifier 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(14970): error C2061: syntax error : identifier 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(14982): error C2061: syntax error : identifier 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C2146: syntax error : missing ';' before identifier 'ExInterlockedAddLargeInteger'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(16524): error C2370: 'LARGE_INTEGER' : redefinition; different storage class
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(16526): error C2061: syntax error : identifier 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(16528): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2146: syntax error : missing ')' before identifier 'Cookie'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2491: 'CmUnRegisterCallback' : definition of dllimport data not allowed
c:\winddk\7600.16385.1\inc\ddk\wdm.h(18658): error C2059: syntax error : ')'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C2146: syntax error : missing ';' before identifier 'CurrentByteOffset'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21233): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C2146: syntax error : missing ';' before identifier 'AllocationSize'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21395): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C2146: syntax error : missing ';' before identifier 'ByteOffset'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21794): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C2146: syntax error : missing ';' before identifier 'ByteOffset'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21804): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C2146: syntax error : missing ';' before identifier 'ByteOffset'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(21917): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(26157): error C2061: syntax error : identifier 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C2146: syntax error : missing ';' before identifier 'KeQueryPerformanceCounter'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
c:\winddk\7600.16385.1\inc\ddk\wdm.h(26299): error C2370: 'LARGE_INTEGER' : redefinition; different storage class
          c:\winddk\7600.16385.1\inc\ddk\wdm.h(8840) : see declaration of 'LARGE_INTEGER'
c:\winddk\7600.16385.1\inc\ddk\wdm.h(26301): error C4430: missing type specifier - int assumed. Note: C++ does not support default-int
  Generating Code...
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

 

Edited by REAP
Link to comment

I'm just curious! what build are you expected ? System kernel driver or Win32 or Native application ?

I see some mixed code! (ddk headers and win32 main entry)

Link to comment

My plan is to start out with a console app and try and get the driver code worked out. I always knew that there were going to be hurdles with that, although I wasn't anticipating these problems with the includes. 

The Win32 main entry was a test, at one stage when I was trying to troubleshoot the errors that I was having with the build, I tried creating a Win32 project just to see if I could access different settings in the VS project settings.

Eventually if I can get the registry read and update code to work then I will try to integrate that code into a Win32 app so I have a GUI front-end. At this stage that looks to be some way off :)

Any thoughts on why when I add:  C:\WinDDK\7600.16385.1\inc\api

to the include path that I then get all those other build errors?

 

 

Link to comment

The compiler errors related to "wdm.h" are not really errors, its just a conflict caused by using it out side kernel driver development context.

If you plan to use some functions from "wdm.h" (dedicated to kernel driver development) in your Win32 Application you need to use "ntdll.h" header instead, and thinking in Native context.

Mixing ddk headers and Win32 headers leads to a lot of conflicts (by design these headers are separated to avoid this kind of conflict)

Native example using ntdll.h header:

#include <windows.h>
#include <ntdll.h>
#include <stdio.h>

int main() {

    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ObjectHandle = NULL;
    ULONG_PTR dwDisposition;
    NTSTATUS NtStatus;

    RtlInitUnicodeString(&ObjectName,
                         L"\\Registry\\Machine\\Software\\TargetKey");

    InitializeObjectAttributes(&ObjectAttributes,
                               &ObjectName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               0,
                               NULL);

    NtStatus = NtCreateKey(&ObjectHandle,
                           KEY_ALL_ACCESS,
                           &ObjectAttributes,
                           0,
                           NULL,
                           REG_OPTION_VOLATILE,
                           &dwDisposition);

    if (NtStatus == STATUS_SUCCESS) {
        if (dwDisposition == REG_CREATED_NEW_KEY)
            printf("Registry key Created.");

        if (dwDisposition == REG_OPENED_EXISTING_KEY)
            printf("Registry key Opened.");
    }


    if (ObjectHandle != NULL) {
        NtDeleteKey(ObjectHandle);
        NtClose(ObjectHandle);
    }

    getchar();
    return 0;
}

Kernel driver example (The same snippet) using wdm.h header:

#include <wdm.h>

NTSTATUS DriverEntry(PDRIVER_OBJECT  pDriverObject, PUNICODE_STRING  pRegistryPath) {

    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ObjectHandle = NULL;
    ULONG_PTR dwDisposition;
    NTSTATUS NtStatus;

    RtlInitUnicodeString(&ObjectName,
                         L"\\Registry\\Machine\\Software\\TargetKey");

    InitializeObjectAttributes(&ObjectAttributes,
                               &ObjectName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               0,
                               NULL);

    NtStatus = ZwCreateKey(&ObjectHandle,
                           KEY_ALL_ACCESS,
                           &ObjectAttributes,
                           0,
                           NULL,
                           REG_OPTION_VOLATILE,
                           &dwDisposition);

    if (NtStatus == STATUS_SUCCESS) {
        if (dwDisposition == REG_CREATED_NEW_KEY)
            DbgPrint("Registry key Created.");

        if (dwDisposition == REG_OPENED_EXISTING_KEY)
            DbgPrint("Registry key Opened.");
    }


    if (ObjectHandle != NULL) {
        ZwDeleteKey(ObjectHandle);
        ZwClose(ObjectHandle);
    }

    return STATUS_SUCCESS;
}

 

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...