Merge pull request #16 from jlallas384/main

add registry functions in kernelx
2024-11-26 20:50:35 +00:00 · 2024-09-05 21:00:22 -05:00 · 2024-09-05 21:00:22 -05:00 · 9dda5c65e5
commit 9dda5c65e5
parent bcf188ee54 89130ad2af
3 changed files with 116 additions and 1 deletions
--- a/dlls/kernelx/Exports.def
+++ b/dlls/kernelx/Exports.def
@ -116,6 +116,20 @@ EXPORTS
    QueryPerformanceFrequency														= NTDLL.RtlQueryPerformanceFrequency						@334
 	RaiseException																	= RaiseException_X											@339
 	ReadFile																		= ReadFile_X												@344
+  RegCloseKey				                          = RegCloseKey_X					@348
+	RegCreateKeyExW			                        = RegCreateKeyExW_X				@349
+	RegCreateKeyW			                          = RegCreateKeyW_X				@350
+	RegDeleteKeyExW			                        = RegDeleteKeyExW_X				@351
+	RegDeleteKeyW			                          = RegDeleteKeyW_X				@352
+	RegDeleteValueW			                        = RegDeleteValueW_X				@353
+	RegEnumKeyExW			                          = RegEnumKeyExW_X				@354
+	RegEnumKeyW				                          = RegEnumKeyW_X					@355
+	RegEnumValueW			                          = RegEnumValueW_X				@356
+	RegOpenKeyExW			                          = RegOpenKeyExW_X				@357
+	RegOpenKeyW				                          = RegOpenKeyW_X					@358
+	RegQueryInfoKeyW		                        = RegQueryInfoKeyW_X			@359
+	RegQueryValueExW		                        = RegQueryValueExW_X			@360
+	RegSetValueExW			                        = RegSetValueExW_X				@361
 	RegisterTraceGuidsW																= NTDLL.EtwRegisterTraceGuidsW								@362
 	ReleaseMutexWhenCallbackReturns													= NTDLL.TpCallbackReleaseMutexOnCompletion					@365
 	ReleaseSRWLockExclusive															= NTDLL.RtlReleaseSRWLockExclusive							@366 
--- a/dlls/kernelx/kernelx.cpp
+++ b/dlls/kernelx/kernelx.cpp
@ -537,6 +537,7 @@ __int64 GetConsoleType_X()
 }


+
 // !!!!!
 /*/ Should be in ntdll.dll reimplementation, right now i'm just testing things with DLLMain entryPoint
 PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter)
@ -545,9 +546,81 @@ PVOID RtlSetUnhandledExceptionFilter(PVOID ExceptionFilter)
 }*/


+LSTATUS RegCloseKey_X(HKEY hKey)
+{
+    return RegCloseKey(hKey);
+}

+LSTATUS RegCreateKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, DWORD Reserved, LPWSTR lpClass, DWORD dwOptions,
+    REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)
+{
+    return RegCreateKeyExW(hKey, lpSubKey, Reserved, lpClass, dwOptions, samDesired, lpSecurityAttributes, phkResult, lpdwDisposition);
+}

+LSTATUS RegCreateKeyW_X(HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult)
+{
+    return RegCreateKeyW(hKey, lpSubKey, phkResult);
+}

+LSTATUS RegDeleteKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, REGSAM samDesired, DWORD Reserved)
+{
+    return RegDeleteKeyExW(hKey, lpSubKey, samDesired, Reserved);
+}
+
+LSTATUS RegDeleteKeyW_X(HKEY hKey, LPCWSTR lpSubKey)
+{
+    return RegDeleteKeyW(hKey, lpSubKey);
+}
+
+LSTATUS RegDeleteValueW_X(HKEY hKey, LPCWSTR lpValueName)
+{
+    return RegDeleteValueW(hKey, lpValueName);
+}
+
+LSTATUS RegEnumKeyExW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpName, LPDWORD lpcchName, LPDWORD lpReserved, LPWSTR lpClass,
+    LPDWORD lpcchClass, PFILETIME lpftLastWriteTime)
+{
+    return RegEnumKeyExW(hKey, dwIndex, lpName, lpcchName, lpReserved, lpClass, lpcchClass, lpftLastWriteTime);
+}
+
+LSTATUS RegEnumKeyW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpName, DWORD cchName)
+{
+    return RegEnumKeyW(hKey, dwIndex, lpName, cchName);
+}
+
+LSTATUS RegEnumValueW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved,
+    LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
+{
+    return RegEnumValueW(hKey, dwIndex, lpValueName, lpcchValueName, lpReserved, lpType, lpData, lpcbData);
+}
+
+LSTATUS RegOpenKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
+{
+    return RegOpenKeyExW(hKey, lpSubKey, ulOptions, samDesired, phkResult);
+}
+
+LSTATUS RegOpenKeyW_X(HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult)
+{
+    return RegOpenKeyW(hKey, lpSubKey, phkResult);
+}
+
+LSTATUS RegQueryInfoKeyW_X(HKEY hKey, LPWSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys,
+    LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen,
+    LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
+{
+    return RegQueryInfoKeyW(hKey, lpClass, lpcchClass, lpReserved, lpcSubKeys, lpcbMaxSubKeyLen, lpcbMaxClassLen, lpcValues, lpcbMaxValueNameLen, lpcbMaxValueLen, lpcbSecurityDescriptor, lpftLastWriteTime);
+}
+
+LSTATUS RegQueryValueExW_X(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData,
+    LPDWORD lpcbData)
+{
+    return RegQueryValueExW(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
+}
+
+LSTATUS RegSetValueExW_X(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE* lpData, DWORD cbData)
+{
+    return RegSetValueExW(hKey, lpValueName, Reserved, dwType, lpData, cbData);
+}


 // TODO
@ -780,4 +853,5 @@ NTSTATUS sub_18001BCA0(HINSTANCE hInstance, DWORD forwardReason, LPVOID lpvReser
    }
    dword_18002B84C = 0;
    return result;
-}
+}
+
--- a/dlls/kernelx/kernelx.h
+++ b/dlls/kernelx/kernelx.h
@ -185,6 +185,33 @@ extern "C"

  	__int64 GetConsoleType_X();

+	LSTATUS RegCloseKey_X(HKEY hKey);
+
+	LSTATUS RegCreateKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, DWORD Reserved, LPWSTR lpClass, DWORD dwOptions, REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition);
+
+	LSTATUS RegCreateKeyW_X(HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult);
+
+	LSTATUS RegDeleteKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, REGSAM samDesired, DWORD Reserved);
+
+	LSTATUS RegDeleteKeyW_X(HKEY hKey, LPCWSTR lpSubKey);
+
+	LSTATUS RegDeleteValueW_X(HKEY hKey, LPCWSTR lpValueName);
+
+	LSTATUS RegEnumKeyExW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpName, LPDWORD lpcchName, LPDWORD lpReserved, LPWSTR lpClass, LPDWORD lpcchClass, PFILETIME lpftLastWriteTime);
+
+	LSTATUS RegEnumKeyW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpName, DWORD cchName);
+
+	LSTATUS RegEnumValueW_X(HKEY hKey, DWORD dwIndex, LPWSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
+
+	LSTATUS RegOpenKeyExW_X(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult);
+
+	LSTATUS RegOpenKeyW_X(HKEY hKey, LPCWSTR lpSubKey, PHKEY phkResult);
+
+	LSTATUS RegQueryInfoKeyW_X(HKEY hKey, LPWSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime);
+
+	LSTATUS RegQueryValueExW_X(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
+
+	LSTATUS RegSetValueExW_X(HKEY hKey, LPCWSTR lpValueName, DWORD Reserved, DWORD dwType, const BYTE* lpData, DWORD cbData);
 	//BOOL TerminateProcess(HANDLE hProcess, UINT uExitCode);
 }
 // EXE EXPORTS END