void test1(void)
{
- HKEY hKey = NULL,hKey1;
+ HKEY hKey = NULL, hKey1;
OBJECT_ATTRIBUTES ObjectAttributes;
NTSTATUS Status;
UNICODE_STRING KeyName = UNICODE_STRING_INITIALIZER(L"\\Registry");
dprintf("\t\t\t\tStatus =%x\n",Status);
}
+void test9(void)
+{
+ HKEY hKey = NULL, hKey1;
+ OBJECT_ATTRIBUTES ObjectAttributes;
+ NTSTATUS Status;
+ UNICODE_STRING KeyName = UNICODE_STRING_INITIALIZER(L"\\Registry");
+ ULONG Index,Length,i;
+ KEY_BASIC_INFORMATION KeyInformation[5];
+ KEY_VALUE_FULL_INFORMATION KeyValueInformation[5];
+
+ dprintf("NtOpenKey \\Registry : ");
+ InitializeObjectAttributes(&ObjectAttributes,
+ &KeyName,
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+ Status=NtOpenKey( &hKey1, MAXIMUM_ALLOWED, &ObjectAttributes);
+ dprintf("\t\t\t\tStatus =%x\n",Status);
+ if (Status == 0) {
+ dprintf("NtQueryKey : ");
+ Status = NtQueryKey(hKey1, KeyBasicInformation, &KeyInformation[0], sizeof(KeyInformation), &Length);
+ dprintf("\t\t\t\t\tStatus =%x\n",Status);
+ if (Status == STATUS_SUCCESS) {
+ dprintf("\tKey Name = ");
+ for (i=0;i<KeyInformation[0].NameLength/2;i++)
+ dprintf("%C",KeyInformation[0].Name[i]);
+ dprintf("\n");
+ }
+ dprintf("NtEnumerateKey : \n");
+ Index = 0;
+ while (Status == STATUS_SUCCESS) {
+ Status = NtEnumerateKey(hKey1,Index++,KeyBasicInformation,&KeyInformation[0], sizeof(KeyInformation),&Length);
+ if (Status == STATUS_SUCCESS) {
+ dprintf("\tSubKey Name = ");
+ for (i = 0; i < KeyInformation[0].NameLength / 2; i++)
+ dprintf("%C",KeyInformation[0].Name[i]);
+ dprintf("\n");
+ }
+ }
+ dprintf("NtClose : ");
+ Status = NtClose( hKey1 );
+ dprintf("\t\t\t\t\tStatus =%x\n",Status);
+ }
+ NtClose(hKey); // RobD - hKey unused so-far, should this have been hKey1 ???
+
+ dprintf("NtOpenKey \\Registry\\Machine : ");
+ RtlInitUnicodeStringFromLiteral(&KeyName, L"\\Registry\\Machine");
+ InitializeObjectAttributes(&ObjectAttributes,
+ &KeyName,
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+ Status = NtOpenKey(&hKey1, MAXIMUM_ALLOWED, &ObjectAttributes);
+ dprintf("\t\t\tStatus =%x\n",Status);
+
+//Status of c0000001 opening \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Linkage
+
+// dprintf("NtOpenKey System\\CurrentControlSet\\Services\\Tcpip : ");
+// RtlInitUnicodeStringFromLiteral(&KeyName, L"System\\CurrentControlSet\\Services\\Tcpip");
+#if 1
+ dprintf("NtOpenKey System\\ControlSet001\\Services\\Tcpip\\Parameters : ");
+ RtlInitUnicodeStringFromLiteral(&KeyName, L"System\\ControlSet001\\Services\\Tcpip\\Parameters");
+#else
+ dprintf("NtOpenKey System\\CurrentControlSet\\Services\\Tcpip : ");
+ RtlInitUnicodeStringFromLiteral(&KeyName, L"System\\CurrentControlSet\\Services\\Tcpip");
+#endif
+ InitializeObjectAttributes(&ObjectAttributes, &KeyName, OBJ_CASE_INSENSITIVE, hKey1 , NULL);
+ Status = NtOpenKey(&hKey, KEY_READ , &ObjectAttributes);
+ dprintf("\t\t\tStatus =%x\n",Status);
+ if (Status == 0) {
+ dprintf("NtQueryValueKey : ");
+ RtlInitUnicodeStringFromLiteral(&KeyName, L"NameServer");
+ Status = NtQueryValueKey(hKey, &KeyName, KeyValueFullInformation, &KeyValueInformation[0], sizeof(KeyValueInformation), &Length);
+ dprintf("\t\t\t\tStatus =%x\n",Status);
+ if (Status == STATUS_SUCCESS) {
+ dprintf("\tValue:DO=%d, DL=%d, NL=%d, Name = "
+ ,KeyValueInformation[0].DataOffset
+ ,KeyValueInformation[0].DataLength
+ ,KeyValueInformation[0].NameLength);
+ for (i = 0; i < 10 && i < KeyValueInformation[0].NameLength / 2; i++)
+ dprintf("%C", KeyValueInformation[0].Name[i]);
+ dprintf("\n");
+ dprintf("\t\tType = %d\n", KeyValueInformation[0].Type);
+ if (KeyValueInformation[0].Type == REG_SZ)
+ //dprintf("\t\tValue = %S\n", KeyValueInformation[0].Name + 1 + KeyValueInformation[0].NameLength / 2);
+ dprintf("\t\tValue = %S\n", KeyValueInformation[0].Name + KeyValueInformation[0].NameLength / 2);
+ }
+ dprintf("NtEnumerateValueKey : \n");
+ Index = 0;
+ while (Status == STATUS_SUCCESS) {
+ Status = NtEnumerateValueKey(hKey, Index++, KeyValueFullInformation, &KeyValueInformation[0], sizeof(KeyValueInformation), &Length);
+ if (Status == STATUS_SUCCESS) {
+ dprintf("\tValue:DO=%d, DL=%d, NL=%d, Name = "
+ ,KeyValueInformation[0].DataOffset
+ ,KeyValueInformation[0].DataLength
+ ,KeyValueInformation[0].NameLength);
+ for (i = 0; i < KeyValueInformation[0].NameLength / 2; i++)
+ dprintf("%C", KeyValueInformation[0].Name[i]);
+ dprintf(", Type = %d\n", KeyValueInformation[0].Type);
+ if (KeyValueInformation[0].Type == REG_SZ)
+ dprintf("\t\tValue = %S\n", ((char*)&KeyValueInformation[0]+KeyValueInformation[0].DataOffset));
+ if (KeyValueInformation[0].Type == REG_DWORD)
+ dprintf("\t\tValue = %X\n", *((DWORD*)((char*)&KeyValueInformation[0]+KeyValueInformation[0].DataOffset)));
+ }
+ }
+ dprintf("NtClose : ");
+ Status = NtClose(hKey);
+ dprintf("\t\t\t\t\tStatus =%x\n", Status);
+ }
+ NtClose(hKey1);
+}
+
+
int main(int argc, char* argv[])
{
char Buffer[10];
dprintf(" 5=FlushKey \n");
dprintf(" 6=Registry link create test\n");
dprintf(" 7=Registry link delete test\n");
+ dprintf(" 8=Not available\n");
+ dprintf(" 9=Ntxx read tcp/ip key test\n");
ReadConsoleA(InputHandle, Buffer, 3, &Result, NULL) ;
switch (Buffer[0])
{
test8();
break;
#endif
+ case '9':
+ test9();
+ break;
}
}
return 0;