Здравствуйте. Не подскажите как открыть HKEY_CLASSES_ROOT через ZwOpenKey? В kmdkit нет инфы на сей счёт. Вот как пытаюсь: Код (Text): .386 .model flat, stdcall option casemap:none include \masm32\include\user32.inc includelib \masm32\lib\user32.lib include \masm32\include\kernel32.inc includelib \masm32\lib\kernel32.lib include \masm32\include\w2k\ntdll.inc includelib \masm32\lib\w2k\ntdll.lib include \masm32\include\w2k\ntddk.inc include \masm32\macros\strings.mac .code OpenKey proc local oa:OBJECT_ATTRIBUTES local hKey:HANDLE CCOUNTED_UNICODE_STRING "\\Registry\\Root\\CLSID",KeyPath,4 ; CCOUNTED_UNICODE_STRING "\\Registry\\Machine\\Software",KeyPath,4 InitializeObjectAttributes addr oa,addr KeyPath,OBJ_CASE_INSENSITIVE + OBJ_KERNEL_HANDLE,0,0 invoke ZwOpenKey,addr hKey,KEY_ENUMERATE_SUB_KEYS,addr oa .if eax == 0 invoke MessageBox,0,$CTA0("STATUS_SUCCESS"),$CTA0("open"),0 .elseif eax == 0C0000022h invoke MessageBox,0,$CTA0("STATUS_ACCESS_DENIED"),0,0 .elseif eax == 0C0000008h invoke MessageBox,0,$CTA0("STATUS_INVALID_HANDLE"),0,0 .elseif eax == 0C0000024h invoke MessageBox,0,$CTA0("STATUS_OBJECT_TYPE_MISMATCH"),0,0 .elseif eax == 0C0000034h invoke MessageBox,0,$CTA0("STATUS_OBJECT_NAME_NOT_FOUND"),0,0 .elseif eax == 0C000017Ch invoke MessageBox,0,$CTA0("STATUS_KEY_DELETED"),0,0 .endif invoke ZwClose,hKey invoke ExitProcess,0 OpenKey endp end OpenKey Возврашает STATUS_OBJECT_NAME_NOT_FOUND. Спасибо.
The content of HKEY_CLASSES_ROOT comes from two sources: HKEY_LOCAL_MACHINE\SOFTWARE\Classes and HKEY_CURRENT_USER\SOFTWARE\Classes Видимо так: "\\Registry\\Machine\\Software\\Classes\\CLSID"
