Microsoft/Windows2003-3790
Microsoft/Windows2003-3790
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Windows2003-3790/base/ntos/se/adtutil.c
Microsoft 50969b0ea2 First commit
2020-09-30 16:53:55 +02:00

198 lines
4.2 KiB
C
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
adtutil.c - Security Auditing - Utility Routines
Abstract:
This Module contains miscellaneous utility routines private to the
Security Auditing Component.
Author:
Robert Reichel (robertre) September 10, 1991
Environment:
Kernel Mode
Revision History:
--*/
#include "pch.h"
#pragma hdrstop
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE,SepRegQueryDwordValue)
#endif
NTSTATUS
SepRegQueryHelper(
IN PCWSTR KeyName,
IN PCWSTR ValueName,
IN ULONG ValueType,
IN ULONG ValueLength,
OUT PVOID ValueBuffer,
OUT PULONG LengthRequired
)
/*++
Routine Description:
Open regkey KeyName, read the value specified by ValueName
and return the value.
Arguments:
KeyName - name of key to open
ValueName - name of value to read
ValueType - type of value to read (REG_DWORD etc.)
ValueLength - size in bytes of the value to read
ValueBuffer - pointer to returned value
LengthRequired - if the passed buffer is not sufficient to hold
the value, this param will return the actual size
in bytes required.
Return Value:
NTSTATUS - Standard Nt Result Code
Notes:
--*/
{
UNICODE_STRING usKey, usValue;
OBJECT_ATTRIBUTES ObjectAttributes = { 0 };
//
// we will read-in data upto 64 bytes in stack buffer
//
CHAR KeyInfo[sizeof(KEY_VALUE_PARTIAL_INFORMATION) + 64];
PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo;
HANDLE hKey = NULL;
NTSTATUS Status = STATUS_SUCCESS;
NTSTATUS CloseStatus;
ULONG ResultLength;
PAGED_CODE();
RtlInitUnicodeString( &usKey, KeyName );
InitializeObjectAttributes(
&ObjectAttributes,
&usKey,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL
);
Status = ZwOpenKey(
&hKey,
KEY_QUERY_VALUE | OBJ_KERNEL_HANDLE,
&ObjectAttributes
);
if (NT_SUCCESS( Status ))
{
RtlInitUnicodeString( &usValue, ValueName );
Status = ZwQueryValueKey(
hKey,
&usValue,
KeyValuePartialInformation,
KeyInfo,
sizeof(KeyInfo),
&ResultLength
);
if (NT_SUCCESS( Status ))
{
pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)KeyInfo;
if (( pKeyInfo->Type == ValueType) &&
( pKeyInfo->DataLength == ValueLength ))
{
switch (ValueType)
{
case REG_DWORD:
*((PULONG)ValueBuffer) = *((PULONG) (pKeyInfo->Data));
break;
case REG_BINARY:
RtlCopyMemory( ValueBuffer, pKeyInfo->Data, ValueLength );
break;
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
}
else
{
Status = STATUS_OBJECT_TYPE_MISMATCH;
}
}
CloseStatus = ZwClose(hKey);
ASSERT( NT_SUCCESS( CloseStatus ));
}
return Status;
}
NTSTATUS
SepRegQueryDwordValue(
IN PCWSTR KeyName,
IN PCWSTR ValueName,
OUT PULONG Value
)
/*++
Routine Description:
Open regkey KeyName, read a REG_DWORD value specified by ValueName
and return the value.
Arguments:
KeyName - name of key to open
ValueName - name of value to read
Value - pointer to returned value
Return Value:
NTSTATUS - Standard Nt Result Code
Notes:
--*/
{
return SepRegQueryHelper(
KeyName,
ValueName,
REG_DWORD,
sizeof(ULONG),
Value,
NULL
);
}
Reference in New Issue View Git Blame Copy Permalink