1 ////////////////////////////////////////////////////////////////////
2 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
3 // All rights reserved
4 // This file was released under the GPLv2 on June 2015.
5 ////////////////////////////////////////////////////////////////////
6 
7 #include "regtools.h"
8 
9 #ifndef WIN_32_MODE
10 
11 NTSTATUS
RegTGetKeyHandle(IN HKEY hRootKey,IN PCWSTR KeyName,OUT HKEY * hKey)12 RegTGetKeyHandle(
13     IN HKEY hRootKey,
14     IN PCWSTR KeyName,
15     OUT HKEY* hKey
16     )
17 {
18     OBJECT_ATTRIBUTES ObjectAttributes;
19     UNICODE_STRING NameString;
20     NTSTATUS status;
21 
22     //UDFPrint(("RegTGetKeyHandle: h=%x, %S\n", hRootKey, KeyName));
23 
24     RtlInitUnicodeString(&NameString, KeyName);
25 
26     InitializeObjectAttributes(
27         &ObjectAttributes,
28         &NameString,
29         OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
30         hRootKey,
31         NULL
32         );
33 
34     status = ZwOpenKey(
35                 hKey,
36                 KEY_WRITE | KEY_READ,
37                 &ObjectAttributes
38                 );
39 
40     if(!NT_SUCCESS(status)) {
41         //UDFPrint(("    status %x\n", status));
42         *hKey = NULL;
43     }
44 
45     return status;
46 } // end RegTGetKeyHandle()
47 
48 VOID
RegTCloseKeyHandle(IN HKEY hKey)49 RegTCloseKeyHandle(
50     IN HKEY hKey
51 )
52 {
53     ZwClose(hKey);
54 } // end RegTCloseKeyHandle()
55 
56 #else //WIN_32_MODE
57 
58 NTSTATUS
RegTGetKeyHandle(IN HKEY hRootKey,IN PWCHAR KeyName,OUT HKEY * hKey)59 RegTGetKeyHandle(
60     IN HKEY hRootKey,
61     IN PWCHAR KeyName,
62     OUT HKEY* hKey
63     )
64 {
65     LONG status;
66 
67     if(!hRootKey)
68         hRootKey = HKEY_LOCAL_MACHINE;
69 
70     status = RegOpenKeyExW(
71                 hRootKey,
72                 KeyName,
73                 0,
74                 KEY_WRITE | KEY_READ,
75                 hKey
76                 );
77 
78     if(status != ERROR_SUCCESS) {
79         *hKey = NULL;
80     }
81 
82     return status;
83 } // end RegTGetKeyHandle()
84 
85 VOID
RegTCloseKeyHandle(IN HKEY hKey)86 RegTCloseKeyHandle(
87     IN HKEY hKey
88 )
89 {
90     if(!hKey) {
91         return;
92     }
93     RegCloseKey(hKey);
94 } // end RegTCloseKeyHandle()
95 
96 #endif //WIN_32_MODE
97 
98 BOOLEAN
RegTGetDwordValue(IN HKEY hRootKey,IN PCWSTR RegistryPath,IN PCWSTR Name,IN PULONG pUlong)99 RegTGetDwordValue(
100     IN HKEY hRootKey,
101     IN PCWSTR RegistryPath,
102     IN PCWSTR Name,
103     IN PULONG pUlong
104     )
105 {
106 #ifndef WIN_32_MODE
107     UNICODE_STRING NameString;
108     PKEY_VALUE_PARTIAL_INFORMATION ValInfo;
109 #endif //WIN_32_MODE
110     ULONG len;
111     NTSTATUS status;
112     HKEY hKey;
113     BOOLEAN retval = FALSE;
114     BOOLEAN free_h = FALSE;
115 
116 #ifdef WIN_32_MODE
117     if(!hRootKey)
118         hRootKey = HKEY_LOCAL_MACHINE;
119 #endif //WIN_32_MODE
120 
121     if(RegistryPath && RegistryPath[0]) {
122         status = RegTGetKeyHandle(hRootKey, RegistryPath, &hKey);
123 #ifdef WIN_32_MODE
124         if(status != ERROR_SUCCESS)
125 #else //WIN_32_MODE
126         if(!NT_SUCCESS(status))
127 #endif //WIN_32_MODE
128             return FALSE;
129         free_h = TRUE;
130     } else {
131         hKey = hRootKey;
132     }
133     if(!hKey)
134         return FALSE;
135 
136 #ifndef WIN_32_MODE
137 /*
138     UDFPrint(("h=%x|%S, %S (%x)\n",
139         hRootKey, RegistryPath, Name, *pUlong));
140 */
141     len = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(ULONG) + 0x20;
142     ValInfo = (PKEY_VALUE_PARTIAL_INFORMATION)
143         MyAllocatePool__(NonPagedPool, len);
144     if(!ValInfo) {
145         if(free_h) {
146             RegTCloseKeyHandle(hKey);
147         }
148         return FALSE;
149     }
150 
151     RtlInitUnicodeString(&NameString, Name);
152 
153     status = ZwQueryValueKey(hKey,
154                              &NameString,
155                              KeyValuePartialInformation,
156                              ValInfo,
157                              len,
158                              &len);
159     if(NT_SUCCESS(status) &&
160        ValInfo->DataLength == sizeof(ULONG)) {
161         RtlCopyMemory(pUlong, ValInfo->Data, sizeof(ULONG));
162         retval = TRUE;
163         //UDFPrint(("  -> %x\n",*pUlong));
164     } else {
165         //UDFPrint(("  err %x\n",status));
166     }
167 
168     MyFreePool__(ValInfo);
169 #else //WIN_32_MODE
170     len = sizeof(ULONG);
171     if (ERROR_SUCCESS == RegQueryValueExW(
172         hKey,               // handle of key to query
173         Name,            // address of name of value to query
174         0,                  // reserved
175         NULL,            // address of buffer for value type
176         (BYTE *)pUlong,    // address of data buffer
177         &len          // address of data buffer size
178         ) && len == sizeof(ULONG)) {
179         retval = TRUE;
180     }
181 #endif //WIN_32_MODE
182     if(free_h) {
183         RegTCloseKeyHandle(hKey);
184     }
185     return retval;
186 } // end RegTGetDwordValue()
187 
188 BOOLEAN
RegTGetStringValue(IN HKEY hRootKey,IN PCWSTR RegistryPath,IN PCWSTR Name,IN PWCHAR pStr,IN ULONG MaxLen)189 RegTGetStringValue(
190     IN HKEY hRootKey,
191     IN PCWSTR RegistryPath,
192     IN PCWSTR Name,
193     IN PWCHAR pStr,
194     IN ULONG MaxLen
195     )
196 {
197 #ifndef WIN_32_MODE
198     UNICODE_STRING NameString;
199     PKEY_VALUE_PARTIAL_INFORMATION ValInfo;
200 #endif //USER_MODE
201     ULONG len;
202     NTSTATUS status;
203     HKEY hKey;
204     BOOLEAN retval = FALSE;
205     BOOLEAN free_h = FALSE;
206 
207 #ifdef WIN_32_MODE
208     if(!hRootKey)
209         hRootKey = HKEY_LOCAL_MACHINE;
210 #endif //WIN_32_MODE
211 
212     if(RegistryPath && RegistryPath[0]) {
213         status = RegTGetKeyHandle(hRootKey, RegistryPath, &hKey);
214 #ifdef WIN_32_MODE
215         if(status != ERROR_SUCCESS)
216 #else //WIN_32_MODE
217         if(!NT_SUCCESS(status))
218 #endif //WIN_32_MODE
219             return FALSE;
220         free_h = TRUE;
221     } else {
222         hKey = hRootKey;
223     }
224     if(!hKey)
225         return FALSE;
226 
227     pStr[0] = 0;
228 #ifndef WIN_32_MODE
229     len = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + MaxLen + 0x20;
230     ValInfo = (PKEY_VALUE_PARTIAL_INFORMATION)
231         MyAllocatePool__(NonPagedPool, len);
232     if(!ValInfo) {
233         if(free_h) {
234             RegTCloseKeyHandle(hKey);
235         }
236         return FALSE;
237     }
238 
239     RtlInitUnicodeString(&NameString, Name);
240 
241     status = ZwQueryValueKey(hKey,
242                              &NameString,
243                              KeyValuePartialInformation,
244                              ValInfo,
245                              len,
246                              &len);
247     if(NT_SUCCESS(status) &&
248        ValInfo->DataLength) {
249         RtlCopyMemory(pStr, ValInfo->Data, min(ValInfo->DataLength, MaxLen) );
250         if(pStr[(ValInfo->DataLength)/sizeof(WCHAR)-1]) {
251             pStr[(ValInfo->DataLength)/sizeof(WCHAR)-1] = 0;
252         }
253         retval = TRUE;
254     }
255 
256     MyFreePool__(ValInfo);
257 #else //WIN_32_MODE
258     len = MaxLen;
259     if (ERROR_SUCCESS == RegQueryValueExW(
260         hKey,               // handle of key to query
261         Name,            // address of name of value to query
262         0,                  // reserved
263         NULL,            // address of buffer for value type
264         (BYTE *)pStr,    // address of data buffer
265         &len             // address of data buffer size
266         ) && len) {
267         if(pStr[len-1]) {
268             pStr[len-1] = 0;
269         }
270         retval = TRUE;
271     }
272 #endif //WIN_32_MODE
273 
274     if(free_h) {
275         RegTCloseKeyHandle(hKey);
276     }
277     return retval;
278 } // end RegTGetStringValue()
279