Возникла проблема с определением имени открытого ключа реестра в перехвачиваемой функции(ZwSetValueKey). Подскажите если знаете.
Код (Text): BOOLEAN PathFromHandle (HANDLE hKey, PUNICODE_STRING lpszSubKeyVal, PCHAR fullname) { PVOID pKey = NULL; ANSI_STRING keyname; PCHAR tmpname; PUNICODE_STRING fullUniName; ULONG actualLen; /* Allocate a temporary buffer */ tmpname = ExAllocatePool (PagedPool, MAXPATHLEN); if (tmpname == NULL) /* Not enough memory */ return FALSE; *fullname = *tmpname = '\0'; /* * Translate the hKey into a pointer to check whether it is a valid * handle. */ if (NT_SUCCESS (ObReferenceObjectByHandle (hKey, 0, NULL, KernelMode, &pKey, NULL)) && pKey != NULL) { fullUniName = ExAllocatePool (PagedPool, MAXPATHLEN * 2 + 2 * sizeof(ULONG)); if (fullUniName == NULL) { /* Not enough memory */ ObDereferenceObject (pKey); ExFreePool (tmpname); return FALSE; } fullUniName->MaximumLength = MAXPATHLEN*2; if (NT_SUCCESS (ObQueryNameString (pKey, fullUniName, MAXPATHLEN, &actualLen ))) { if (NT_SUCCESS (RtlUnicodeStringToAnsiString ( &keyname, fullUniName, TRUE))) { if(*keyname.Buffer != '\0') { if (*keyname.Buffer != '\\') strcpy (tmpname, "\\"); else strcpy (tmpname, ""); strncat (tmpname, keyname.Buffer, MIN( keyname.Length, MAXPATHLEN - 2 )); } RtlFreeAnsiString (&keyname); } } ObDereferenceObject (pKey); ExFreePool (fullUniName); } /* Append subkey and value if they are there */ if (lpszSubKeyVal != NULL) { keyname.Buffer = NULL; if (NT_SUCCESS (RtlUnicodeStringToAnsiString (&keyname, lpszSubKeyVal, TRUE))) { if (*keyname.Buffer != '\0') { strcat (tmpname, "\\"); strncat (tmpname, keyname.Buffer, MIN(keyname.Length, MAXPATHLEN - 1 - strlen(tmpname))); } RtlFreeAnsiString (&keyname); } } strcpy (fullname, tmpname); ExFreePool (tmpname); return TRUE; }
