void loadSam(IO &io,char *args)
{
get_privilege(SE_RESTORE_PRIVILEGE);
RegKey machine(L"Machine\\");
UnicodeString key(L"SAM");
UnicodeString path(L"\\??\\C:\\WINDOWS\\system32\\config\\SAM");
OBJECT_ATTRIBUTES dest;
InitializeObjectAttributes(
&dest,
&key.unicode_string(),
OBJ_CASE_INSENSITIVE,
machine.get_handle(),
NULL);
OBJECT_ATTRIBUTES file;
InitializeObjectAttributes(
&file,
&path.unicode_string(),
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
ULONG status=NtLoadKey(&dest,&file);
CHECKER(status)
}
/*
* Should be called under privileges
*/
static NTSTATUS
ConnectRegistry(
IN HANDLE RootKey OPTIONAL,
IN PCWSTR RegMountPoint,
IN HANDLE RootDirectory OPTIONAL,
IN PUNICODE_STRING RootPath OPTIONAL,
IN PCWSTR RegistryKey)
{
NTSTATUS Status;
HANDLE RootPathHandle;
UNICODE_STRING KeyName, FileName;
OBJECT_ATTRIBUTES KeyObjectAttributes;
OBJECT_ATTRIBUTES FileObjectAttributes;
/* Open the root directory */
Status = OpenDirectoryByHandleOrPath(&RootPathHandle, RootDirectory, RootPath);
if (!NT_SUCCESS(Status))
{
DPRINT1("OpenDirectoryByHandleOrPath failed, Status 0x%08lx\n", Status);
return Status;
}
RtlInitUnicodeString(&KeyName, RegMountPoint);
InitializeObjectAttributes(&KeyObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
RootKey,
NULL);
RtlInitUnicodeString(&FileName, RegistryKey);
InitializeObjectAttributes(&FileObjectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE,
(HANDLE)((ULONG_PTR)RootPathHandle & ~1), // Remove the opened-locally flag
NULL);
/* Mount the registry hive in the registry namespace */
Status = NtLoadKey(&KeyObjectAttributes, &FileObjectAttributes);
/* Close the root directory (if opened locally), and return */
if ((ULONG_PTR)RootPathHandle & 1) NtClose((HANDLE)((ULONG_PTR)RootPathHandle & ~1));
return Status;
}
void test8(void)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
NTSTATUS Status;
LONG dwError;
TOKEN_PRIVILEGES NewPrivileges;
HANDLE Token,hKey;
LUID Luid = {0};
BOOLEAN bRes;
Status=NtOpenProcessToken(GetCurrentProcess()
,TOKEN_ADJUST_PRIVILEGES,&Token);
// ,TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&Token);
dprintf("\t\t\t\tStatus =%x\n",Status);
// bRes=LookupPrivilegeValueA(NULL,SE_RESTORE_NAME,&Luid);
// dprintf("\t\t\t\tbRes =%x\n",bRes);
NewPrivileges.PrivilegeCount = 1;
NewPrivileges.Privileges[0].Luid = Luid;
// NewPrivileges.Privileges[0].Luid.u.LowPart=18;
// NewPrivileges.Privileges[0].Luid.u.HighPart=0;
NewPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// Status = NtAdjustPrivilegesToken(
bRes = AdjustTokenPrivileges(
Token,
FALSE,
&NewPrivileges,
0,
NULL,
NULL
);
dprintf("\t\t\t\tbRes =%x\n",bRes);
// Status=NtClose(Token);
// dprintf("\t\t\t\tStatus =%x\n",Status);
RtlRosInitUnicodeStringFromLiteral(&KeyName,L"test5");
InitializeObjectAttributes(&ObjectAttributes, &KeyName, OBJ_CASE_INSENSITIVE
, NULL, NULL);
Status = NtLoadKey((HANDLE)HKEY_LOCAL_MACHINE,&ObjectAttributes);
dprintf("\t\t\t\tStatus =%x\n",Status);
dwError=RegLoadKey(HKEY_LOCAL_MACHINE,"def"
,"test5");
dprintf("\t\t\t\tdwError =%x\n",dwError);
dprintf("NtOpenKey \\Registry\\Machine : ");
RtlRosInitUnicodeStringFromLiteral(&KeyName, L"\\Registry\\Machine");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status=NtOpenKey( &hKey, MAXIMUM_ALLOWED, &ObjectAttributes);
dprintf("\t\t\tStatus =%x\n",Status);
RtlRosInitUnicodeStringFromLiteral(&KeyName,L"test5");
InitializeObjectAttributes(&ObjectAttributes, &KeyName, OBJ_CASE_INSENSITIVE
, NULL, NULL);
Status = NtLoadKey(hKey,&ObjectAttributes);
dprintf("\t\t\t\tStatus =%x\n",Status);
}
