NTSTATUS RegistryCallback(PVOID CallbackContext, PVOID Argument1, PVOID Argument2) { PDEVICE_CONTEXT pContext = (PDEVICE_CONTEXT) CallbackContext; REG_NOTIFY_CLASS Action = (REG_NOTIFY_CLASS) Argument1; UNICODE_STRING regKeyNameValueToHide = {0}; try { switch (Action) { case RegNtEnumerateValueKey: { PREG_ENUMERATE_VALUE_KEY_INFORMATION pInfo = (PREG_ENUMERATE_VALUE_KEY_INFORMATION) Argument2; //DbgPrint(pInfo->ValueName->Buffer); RtlInitUnicodeString(®KeyNameValueToHide,L"alex-56328943333"); if(pInfo->KeyValueInformationClass == KeyValueBasicInformation) { PKEY_VALUE_BASIC_INFORMATION pKeyValueBasicInfirmation = (PKEY_VALUE_BASIC_INFORMATION) pInfo->KeyValueInformation; UNICODE_STRING regKeyNameValue = {0}; RtlInitUnicodeString(®KeyNameValue,pKeyValueBasicInfirmation->Name); if (RtlEqualUnicodeString(®KeyNameValue, ®KeyNameValueToHide, 1)) { return STATUS_CALLBACK_BYPASS; } } else if(pInfo->KeyValueInformationClass == KeyValueFullInformation) { PKEY_VALUE_FULL_INFORMATION pKeyValueFullInfirmation = (PKEY_VALUE_FULL_INFORMATION) pInfo->KeyValueInformation; UNICODE_STRING regKeyNameValue = {0}; RtlInitUnicodeString(®KeyNameValue,pKeyValueFullInfirmation->Name); if (RtlEqualUnicodeString(®KeyNameValue, ®KeyNameValueToHide, 1)) { return STATUS_CALLBACK_BYPASS; } } break; } default: { return STATUS_SUCCESS break; } } } except (EXCEPTION_EXECUTE_HANDLER) { DbgPrint("Exception in RegistryCallback!!!"); } return STATUS_SUCCESS; }
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
Submit an article or tip
Post your Blog