我很想知道如何将KeyInformationparameter passing给NtEnumerateKey() 。 当我运行下面的代码时, NtEnumerateKey()返回NTSTATUS = 0xC000000D错误消息“一个无效的parameter passing给服务或函数”。
我正在使用Windows 7.尽pipe下面的代码使用了Delphi语言,但您也可以用C语言来回答我的问题。 我的问题不是特定于编程语言。
type KEY_NAME_INFORMATION = record NameLength: ULONG; Name: array[0..254] of WCHAR; end; PKEY_NAME_INFORMATION = ^KEY_NAME_INFORMATION; var iNtStatus: LONG; hKeyResult: THandle; KeyNameInfo: KEY_NAME_INFORMATION; iResultLen: ULONG; iNtStatus := NtOpenKey(@hKeyResult, (KEY_ENUMERATE_SUB_KEYS) and not SYNCHRONIZE, @rObjAttrs); if hKeyResult = 0 then Exit; iNtStatus := NtEnumerateKey(hKeyResult, 0, KeyNameInformation, @KeyNameInfo, // I'm asking about this parameter, SizeOf(KEY_NAME_INFORMATION), // and also this parameter @iResultLen);
如果我传递KeyBasicInformation而不是KeyNameInformation ,则NtEnumerateKey()将返回STATUS_SUCCESS 。 不是NtEnumerateKey()是否支持KeyNameInformation ?
type KEY_BASIC_INFORMATION = record LastWriteTime: LARGE_INTEGER; TitleIndex: ULONG; NameLength: ULONG; Name: array[0..254] of WCHAR; end; PKEY_BASIC_INFORMATION = ^KEY_BASIC_INFORMATION; var KeyBasicInfo: KEY_BASIC_INFORMATION; iNtStatus := NtEnumerateKey(hKeyResult, 0, KeyBasicInformation, // Note this! @KeyBasicInfo, // Note this! SizeOf(KEY_BASIC_INFORMATION), // Note this! @iResultLen);
如果你看看Zw(Nt for usermode)EnumerateKey的文档,你会看到
NTSTATUS ZwEnumerateKey( _In_ HANDLE KeyHandle, _In_ ULONG Index, _In_ KEY_INFORMATION_CLASS KeyInformationClass, _Out_opt_ PVOID KeyInformation, _In_ ULONG Length, _Out_ PULONG ResultLength );
然后,如果你低头看看KeyInformationClass,你会看到
KeyInformationClass [in] Specifies a KEY_INFORMATION_CLASS enumeration value that determines the type of information to be received by the KeyInformation buffer. Set KeyInformationClass to one of the following values: KeyBasicInformation KeyFullInformation KeyNodeInformation If any value not in this list is specified, the routine returns error code STATUS_INVALID_PARAMETER.
你需要使用其中的3个