C++ 使用NtCreateKey()NTAPI函数[NtOpenKey()函数返回的NTSTATUS错误值为-1073741772]
我编写了以下代码来在注册表中创建一个新的键,但是当试图获取基本键的句柄来创建一个新键时,C++ 使用NtCreateKey()NTAPI函数[NtOpenKey()函数返回的NTSTATUS错误值为-1073741772],c++,registry,ntdll,nt-native-api,C++,Registry,Ntdll,Nt Native Api,我编写了以下代码来在注册表中创建一个新的键,但是当试图获取基本键的句柄来创建一个新键时,NTSTATUS错误值-1073741772由NtOpenKey()函数返回 typedef NTSTATUS(*LPCREATEKEY) (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG, PUNICODE_STRING, ULONG, PULONG); typedef NTSTATUS(*LPOPENKEY) (PHANDLE, ACCESS_MASK, P
NTSTATUS
错误值-1073741772
由NtOpenKey()
函数返回
typedef NTSTATUS(*LPCREATEKEY) (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG, PUNICODE_STRING, ULONG, PULONG);
typedef NTSTATUS(*LPOPENKEY) (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
HINSTANCE dllHandle = nullptr;
LPCREATEKEY createKey = nullptr;
LPOPENKEY openKey = nullptr;
NTSTATUS opStatus = NULL;
HANDLE key = nullptr, baseKey = nullptr;
OBJECT_ATTRIBUTES keyAttributes;
WCHAR keyStr[] = L"XYZ", baseKeyStr[] = L"\\REGISTRY\\MACHINE\\SOFTWARE";
UNICODE_STRING keyName, baseKeyName;
ULONG keyDispositionValue = NULL;
dllHandle = LoadLibrary(L"Ntdll.dll");
if (nullptr != dllHandle) {
// Fetch the function to create a new registry key
createKey = (LPCREATEKEY)GetProcAddress(dllHandle, "NtCreateKey");
openKey = (LPOPENKEY)GetProcAddress(dllHandle, "NtOpenKey");
if (nullptr != createKey && nullptr != openKey) {
baseKeyName.Buffer = baseKeyStr;
baseKeyName.Length = wcslen(baseKeyStr);
baseKeyName.MaximumLength = wcslen(baseKeyStr);
InitializeObjectAttributes(&keyAttributes,
&baseKeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
opStatus = openKey(&baseKey, KEY_ALL_ACCESS, &keyAttributes);
if (NT_SUCCESS(opStatus)) {
keyName.Buffer = keyStr;
keyName.Length = wcslen(keyStr);
keyName.MaximumLength = wcslen(keyStr);
InitializeObjectAttributes(&keyAttributes,
&keyName,
OBJ_CASE_INSENSITIVE,
&baseKey,
NULL);
opStatus = createKey(
&key,
KEY_ALL_ACCESS,
&keyAttributes,
NULL,
NULL,
REG_OPTION_NON_VOLATILE,
&keyDispositionValue);
if (NT_SUCCESS(opStatus)) {
cout << "Key successfully created!\n";
//NtClose()
if (!NT_SUCCESS(CloseHandle(key)))
cout << "Error closing created key handle\n";
}
if (!NT_SUCCESS(CloseHandle(baseKey)))
cout << "Error closing base key handle\n";
}
else {
if (NT_ERROR(opStatus))
cout << "Error opening the base key (" << opStatus << ")\n";
}
}
else {
cout << "Could not fetch the functions from the DLL\n";
}
FreeLibrary(dllHandle);
}
else {
cout << "Could not access Ntdll.dll\n";
}
typedef NTSTATUS(*LPCREATEKEY)(幻像、访问掩码、对象属性、ULONG、PUNICODE\u字符串、ULONG、PULONG);
typedef NTSTATUS(*LPOPENKEY)(幻像、访问掩码、对象属性);
HINSTANCE dllHandle=nullptr;
LPCREATEKEY createKey=nullptr;
LPOPENKEY-openKey=nullptr;
NTSTATUS opStatus=NULL;
HANDLE key=nullptr,baseKey=nullptr;
对象属性;
WCHAR keyStr[]=L“XYZ”,baseKeyStr[]=L“\\REGISTRY\\MACHINE\\SOFTWARE”;
UNICODE_字符串keyName,baseKeyName;
ULONG keyDispositionValue=NULL;
dllHandle=LoadLibrary(L“Ntdll.dll”);
if(nullptr!=dllHandle){
//获取创建新注册表项的函数
createKey=(LPCREATEKEY)GetProcAddress(dllHandle,“NtCreateKey”);
openKey=(LPOPENKEY)GetProcAddress(dllHandle,“NtOpenKey”);
if(nullptr!=createKey&&nullptr!=openKey){
Buffer=baseKeyStr;
baseKeyName.Length=wcslen(baseKeyStr);
baseKeyName.MaximumLength=wcslen(baseKeyStr);
InitializeObjectAttributes(&keyAttributes),
&baseKeyName,
不区分大小写,
无效的
无效);
opStatus=openKey(&baseKey,KEY\u ALL\u ACCESS,&keyAttributes);
如果(NT_成功(操作状态)){
Buffer=keyStr;
keyName.Length=wcslen(keyStr);
keyName.MaximumLength=wcslen(keyStr);
InitializeObjectAttributes(&keyAttributes),
&关键字名称,
不区分大小写,
&baseKey,
无效);
opStatus=createKey(
&钥匙,
钥匙(所有)进入,,
&关键属性,
无效的
无效的
REG\u选项\u非易失性,
&键配置值);
如果(NT_成功(操作状态)){
cout这是如何使用NTAPI函数在注册表中创建新键的
#include <winternl.h>
typedef NTSTATUS(*LPCREATEKEY) (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG, PUNICODE_STRING, ULONG, PULONG);
HINSTANCE dll = nullptr;
LPCREATEKEY ntCreateKey = nullptr;
HANDLE createdKey = nullptr;
UNICODE_STRING newKeyName;
OBJECT_ATTRIBUTES attributes;
WCHAR name[] = L"\\REGISTRY\\MACHINE\\SOFTWARE\\NewKeyName";
NTSTATUS opStatus = NULL;
ULONG keyDispositionValue = NULL;
dll = LoadLibrary(L"Ntdll.dll");
if (nullptr != dll) {
ntCreateKey = (LPCREATEKEY) GetProcAddress(dll, "NtCreateKey");
if (nullptr != ntCreateKey) {
newKeyName.Buffer = name;
newKeyName.Length = sizeof(name) - sizeof(WCHAR);
newKeyName.MaximumLength = wcslen(name);
InitializeObjectAttributes(&attributes, &newKeyName, OBJ_CASE_INSENSITIVE, NULL, NULL);
opStatus = ntCreateKey(&createdKey, KEY_ALL_ACCESS, &attributes, 0, NULL, REG_OPTION_NON_VOLATILE, &keyDispositionValue);
if (NT_SUCCESS(opStatus)) {
if (keyDispositionValue == REG_CREATED_NEW_KEY)
cout << "New key created!\n";
else if (keyDispositionValue == REG_OPENED_EXISTING_KEY)
cout << "Key already exists!\n";
if (!CloseHandle(createdKey))
cout << "Error closing handle!";
}
else {
printf("%X", opStatus);
}
}
else {
cout << "Could not fetch NtCreateKey() from Ntdll.dll\n";
}
FreeLibrary(dll);
}
else {
cout << "Could not access Ntdll.dll\n";
}
#包括
typedef NTSTATUS(*LPCREATEKEY)(幻像、访问掩码、对象属性、ULONG、PUNICODE\u字符串、ULONG、PULONG);
HINSTANCE dll=nullptr;
LPCREATEKEY ntCreateKey=nullptr;
句柄createdKey=nullptr;
UNICODE_字符串newKeyName;
对象属性;
WCHAR name[]=L“\\REGISTRY\\MACHINE\\SOFTWARE\\NewKeyName”;
NTSTATUS opStatus=NULL;
ULONG keyDispositionValue=NULL;
dll=加载库(L“Ntdll.dll”);
if(nullptr!=dll){
ntCreateKey=(LPCREATEKEY)GetProcAddress(dll,“ntCreateKey”);
if(nullptr!=ntCreateKey){
Buffer=name;
newKeyName.Length=sizeof(name)-sizeof(WCHAR);
newKeyName.MaximumLength=wcslen(名称);
InitializeObjectAttributes(&attributes,&newKeyName,不区分大小写,NULL,NULL);
opStatus=ntCreateKey(&createdKey,KEY\u ALL\u ACCESS,&attributes,0,NULL,REG\u OPTION\u NON\u VOLATILE,&keyddispositionvalue);
如果(NT_成功(操作状态)){
if(keyDispositionValue==REG_CREATED_NEW_KEY)
该代码是否为0xC0000034状态\对象\名称\未找到