我很好奇如何将KeyInformation参数传递给NtEnumerateKey()。当我运行以下代码时,NtEnumerateKey()返回NTSTATUS = 0xC000000D并显示错误消息“无效参数已传递给服务或函数。”
我正在使用Windows7。尽管以下代码使用了Delphi语言,但是您也可以使用C语言来回答我的问题。我的问题不是特定于编程语言的。
type
KEY_NAME_INFORMATION = record
NameLength: ULONG;
Name: array[0..254] of WCHAR;
end;
PKEY_NAME_INFORMATION = ^KEY_NAME_INFORMATION;
var
iNtStatus: LONG;
hKeyResult: THandle;
KeyNameInfo: KEY_NAME_INFORMATION;
iResultLen: ULONG;
iNtStatus := NtOpenKey(@hKeyResult, (KEY_ENUMERATE_SUB_KEYS) and not
SYNCHRONIZE, @rObjAttrs);
if hKeyResult = 0 then Exit;
iNtStatus := NtEnumerateKey(hKeyResult,
0,
KeyNameInformation,
@KeyNameInfo, // I'm asking about this parameter,
SizeOf(KEY_NAME_INFORMATION), // and also this parameter
@iResultLen);
更新:奇怪的事情
如果我通过
KeyBasicInformation而不是KeyNameInformation,则NtEnumerateKey()返回STATUS_SUCCESS。 NtEnumerateKey()不支持KeyNameInformation吗?type
KEY_BASIC_INFORMATION = record
LastWriteTime: LARGE_INTEGER;
TitleIndex: ULONG;
NameLength: ULONG;
Name: array[0..254] of WCHAR;
end;
PKEY_BASIC_INFORMATION = ^KEY_BASIC_INFORMATION;
var
KeyBasicInfo: KEY_BASIC_INFORMATION;
iNtStatus := NtEnumerateKey(hKeyResult,
0,
KeyBasicInformation, // Note this!
@KeyBasicInfo, // Note this!
SizeOf(KEY_BASIC_INFORMATION), // Note this!
@iResultLen);
最佳答案
如果您查看Zw(用户模式为Nt)EnumerateKey的文档,则会看到
NTSTATUS ZwEnumerateKey(
_In_ HANDLE KeyHandle,
_In_ ULONG Index,
_In_ KEY_INFORMATION_CLASS KeyInformationClass,
_Out_opt_ PVOID KeyInformation,
_In_ ULONG Length,
_Out_ PULONG ResultLength
);
然后,如果您查看KeyInformationClass,您将看到
KeyInformationClass [in]
Specifies a KEY_INFORMATION_CLASS enumeration value that determines the type of information to be received by the KeyInformation buffer. Set KeyInformationClass to one of the following values:
KeyBasicInformation
KeyFullInformation
KeyNodeInformation
If any value not in this list is specified, the routine returns error code STATUS_INVALID_PARAMETER.
您需要使用这3种之一
关于c++ - NtEnumerateKey()的KeyInformation参数,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/12756751/