ZwCreateKey(
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
OUT PULONG Disposition OPTIONAL
);
ZwQueryKey(
IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
ZwQueryValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
ZwSetValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);以上函数都在ddk的ntddk.h里面的
希望有好心人相助
OUT PHANDLE KeyHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN ULONG TitleIndex,
IN PUNICODE_STRING Class OPTIONAL,
IN ULONG CreateOptions,
OUT PULONG Disposition OPTIONAL
);
ZwQueryKey(
IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
ZwQueryValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
ZwSetValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN ULONG TitleIndex OPTIONAL,
IN ULONG Type,
IN PVOID Data,
IN ULONG DataSize
);以上函数都在ddk的ntddk.h里面的
希望有好心人相助
HANDLE的都应该声明为long,使用的时候就直接用变量就可以了
type之类的都应该声明为long,使用的时候应该用varptr(变量)
PVOID的本身就是个指针,应该声明成long,使用的时候应该用byte数组的第一个元素随便说说而已。
uLength As Integer
uMaximumLength As Integer
pBuffer(3) As Byte
End TypePrivate Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
其他你不认识的都可以用long代替
ByRef hKey As Long, _
ByVal ACCESS_MASK As Long, _
ByRef ObjectAttributes As OBJECT_ATTRIBUTES, _
ByVal TitleIndex As Long, _
ByRef ClassOption As UNICODE_STRING, _
ByVal CreateOptions As Long, _
ByRef Disposition As Long)
你们看看这样哪出问题了以下是调用
Dim oa As OBJECT_ATTRIBUTES, hKey As Long, RegPath As UNICODE_STRING, Tmp As Long
Dim ust As UNICODE_STRING
Call RtlInitUnicodeString(RegPath, StrPtr("\Registry\Machine\Software\"))
Call RtlInitUnicodeString(ust, StrPtr(""))
InitializeObjectAttributes oa, RegPath, OBJ_CASE_INSENSITIVE, 0, 0
MsgBox ZwCreateKey(hKey, KEY_WRITE, oa, 0, ust, REG_OPTION_VOLATILE, Tmp)
指针类型全部Byref或者显示声明(字符串除外),使用的时候只需要传参数名
我简化和通用了声明,传入结构体的时候 ByVal VarPtr(结构变量) 传入即可Private Declare Function ZwCreateKey Lib "NTDLL.DLL" ( _
hKey As Long, _
ByVal ACCESS_MASK As Long, _
ObjectAttributes As Long, _
ByVal TitleIndex As Long, _
ClassOption As Long, _
ByVal CreateOptions As Long, _
Disposition As Long)