驱动基础之注册表操作
一切从基础开始,一切从0开始。
注册表的相关操作函数及实例:
DriverReg.h 文件
#include <ntddk.h> #define dprintf if (DBG) DbgPrint #define PAGEDCODE code_seg("PAGE") #define LOCKEDCODE code_seg() #define INITCODE codeseg("INIT") #define PAGEDDATA data_seg("PAGE") #define LOCKEDDATA data_seg() #define INITDATA data_seg("INIT") #define LLARRAYSIZE(p) (sizeof(p)/sizeof((p)[0])) //arraysize #define DEVICE_NAME L"\\Device\\DriverReg" // Driver Name #define LINK_NAME L"\\DosDevices\\DriverReg" // Link Name #define MY_REG_PATH L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\" //Run #define MY_REG_RUNPATH L"\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\Run" //Run typedef struct _DEVICE_EXTENSION { PDEVICE_OBJECT pDeviceObject; UNICODE_STRING ustrDeviceName; //设备名 UNICODE_STRING ustrSymLinkName; //符号连接名 }DEVICE_EXTENSION, *PDEVICE_EXTENSION; // //函数声明 // VOID DriverRegUnload (IN PDRIVER_OBJECT pDriverObject); NTSTATUS DriverRegDispatchRoutine(IN PDEVICE_OBJECT pDeviceObject ,IN PIRP pIrp); NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject); VOID CreateOpenReg(); VOID DROpenKey(); VOID DRSetValueKey(); VOID DRQueryKey(); VOID DRQueryValueKey(); VOID DREnumerateValueKey(); VOID GetValueKeyFormInput(HANDLE hRegister, UNICODE_STRING ustrValueKey);
DriverReg.c
#pragma once #include "DriverReg.h" #pragma INITCODE NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject ,IN PUNICODE_STRING pRegistryPath) { NTSTATUS ntStatus; dprintf("[DriverReg]Driver entry!!!\n"); // //注册其它驱动调用函数入口 // pDriverObject->MajorFunction[IRP_MJ_CREATE] = pDriverObject->MajorFunction[IRP_MJ_CLOSE] = pDriverObject->MajorFunction[IRP_MJ_WRITE] = pDriverObject->MajorFunction[IRP_MJ_READ] = DriverRegDispatchRoutine; pDriverObject->DriverUnload = DriverRegUnload; // //创建驱动设备对象 // ntStatus = CreateDevice(pDriverObject); dprintf("[DriverReg]Driver Entry end!!!!\n"); return ntStatus; } #pragma PAGEDCODE NTSTATUS CreateDevice(PDRIVER_OBJECT pDriverObject) { NTSTATUS ntStatus; UNICODE_STRING ustrSymLinkName; //符号连接名 UNICODE_STRING ustrDeviceName; //设备名 PDEVICE_OBJECT pDeviceObject; dprintf("[DriverReg]Enter CreateDevice!!!\n"); // //创建设备名称及设备 // RtlInitUnicodeString(&ustrDeviceName, DEVICE_NAME); ntStatus = IoCreateDevice(pDriverObject ,0 ,&ustrDeviceName ,FILE_DEVICE_UNKNOWN ,0 ,FALSE ,&pDeviceObject); if (!NT_SUCCESS(ntStatus)) { dprintf("[DriverReg]FileName:%s, Line:%d,IoCreateDevice = 0x%X\n", __FILE__, __LINE__, ntStatus); return ntStatus; } // //创建符号连接 // RtlInitUnicodeString(&ustrSymLinkName, LINK_NAME); ntStatus = IoCreateSymbolicLink(&ustrSymLinkName, &ustrDeviceName); if(!NT_SUCCESS(ntStatus)) { dprintf("[DriverReg]FileName:%s, Line:%d,IoCreateSymbolicLink = 0x%X\n",__FILE__, __LINE__, ntStatus); IoDeleteDevice(pDeviceObject); return ntStatus; } // //添加执行代码 // CreateOpenReg(); DROpenKey(); DRSetValueKey(); DRQueryKey(); DRQueryValueKey(); DREnumerateValueKey(); return STATUS_SUCCESS; } #pragma PAGEDCODE VOID DriverRegUnload (IN PDRIVER_OBJECT pDriverObject) { UNICODE_STRING strSymLinkName; dprintf("[DriverReg]Enter Unload!!!\n"); RtlInitUnicodeString(&strSymLinkName, LINK_NAME); // //添加卸载代码 // IoDeleteSymbolicLink(&strSymLinkName); IoDeleteDevice(pDriverObject->DeviceObject); } #pragma PAGEDCODE NTSTATUS DriverRegDispatchRoutine(IN PDEVICE_OBJECT pDeviceObject ,IN PIRP pIrp) { NTSTATUS ntStatus = STATUS_SUCCESS; dprintf("[DriverReg]Enter DispatchRoutine!!!\n"); // //完成IRP // pIrp->IoStatus.Status = ntStatus; pIrp->IoStatus.Information = 0; IoCompleteRequest(pIrp, IO_NO_INCREMENT); dprintf("[DriverReg]DispatchRoutine end!!!\n"); return ntStatus; } #pragma PAGEDCODE VOID CreateOpenReg() { NTSTATUS ntStatus; IO_STATUS_BLOCK ioStatus; HANDLE hRegistry; OBJECT_ATTRIBUTES objectAttributes; UNICODE_STRING ustrMyRegPath; ULONG ulResult; //子项 UNICODE_STRING ustrSubItem; HANDLE hRegSubItem; OBJECT_ATTRIBUTES objSubAttributes; // // 创建注册表项目 // RtlInitUnicodeString(&ustrMyRegPath, MY_REG_PATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwCreateKey(&hRegistry ,KEY_ALL_ACCESS ,&objectAttributes ,0 ,NULL ,REG_OPTION_NON_VOLATILE ,&ulResult); // // 执行成功 // if (NT_SUCCESS(ntStatus)) { // // 创建的主项 // if (ulResult == REG_CREATED_NEW_KEY) { dprintf("[DriverReg]Create new main key successfully!!!\n"); } else if(ulResult == REG_OPENED_EXISTING_KEY) //主项已存在 { dprintf("[DriverReg]main key are really created!!\n"); } else { dprintf("@FILE:%s,LINE:%d@ZwCreateKey success Create error!\n", __FILE__, __LINE__); } } else { dprintf("@FILE:%s,LINE:%d@ZwCreateKey Run error!\n", __FILE__, __LINE__); } // // 创建某个注册表项目的子项 // RtlInitUnicodeString(&ustrSubItem, L"MSubItem"); InitializeObjectAttributes(&objSubAttributes ,&ustrSubItem ,OBJ_CASE_INSENSITIVE ,hRegistry //注意此处参数与创建主项目的区别 ,NULL); // // 创建或打开注册表项目 // ntStatus = ZwCreateKey(&hRegSubItem ,KEY_ALL_ACCESS ,&objSubAttributes ,0 ,NULL ,REG_OPTION_NON_VOLATILE ,&ulResult); // // 执行成功 // if (NT_SUCCESS(ntStatus)) { if (ulResult == REG_CREATED_NEW_KEY) { dprintf("[DriverReg]Create new Subitem successfully!!!\n"); } else if (ulResult == REG_OPENED_EXISTING_KEY) { dprintf("[DriverReg]subitem are really create!!!\n"); } else { dprintf("@FILE:%s,LINE:%d@ZwCreateKey Subitem success Create error!\n", __FILE__, __LINE__); } } else { dprintf("@FILE:%s,LINE:%d@ZwCreateKey Subitem Run error!\n", __FILE__, __LINE__); } ZwClose(hRegistry); ZwClose(hRegSubItem); } #pragma PAGEDCODE VOID DROpenKey() { UNICODE_STRING ustrMyRegPath; OBJECT_ATTRIBUTES objectAttributes; NTSTATUS ntStatus; HANDLE hRegister; //返回被打开的句柄 RtlInitUnicodeString(&ustrMyRegPath, MY_REG_PATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwOpenKey(&hRegister ,KEY_ALL_ACCESS ,&objectAttributes); if (NT_SUCCESS(ntStatus)) { dprintf("[DriverReg]Open Register successfully!!!\n"); } ZwClose(hRegister); } #pragma PAGEDCODE VOID DRSetValueKey() { UNICODE_STRING ustrMyRegPath; OBJECT_ATTRIBUTES objectAttributes; NTSTATUS ntStatus; HANDLE hRegister; // // 键值 // UNICODE_STRING ustrValueName; ULONG ulValue = 1000; WCHAR *wcValue = L"Mark robin"; UCHAR ucBuffer[10]; RtlInitUnicodeString(&ustrMyRegPath, MY_REG_PATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwOpenKey(&hRegister ,KEY_ALL_ACCESS ,&objectAttributes); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@OpenKey error\n", __FILE__, __LINE__); return; } // // 设置REG_DWORD值 // RtlInitUnicodeString(&ustrValueName, L"REG_DWORD value"); ntStatus = ZwSetValueKey(hRegister ,&ustrValueName ,0 ,REG_DWORD ,&ulValue ,sizeof(ulValue)); //长度为4 if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Set REG_DWORD error!!!\n", __FILE__, __LINE__); ZwClose(hRegister); return; } // // 设置REG_SZ值 // RtlInitUnicodeString(&ustrValueName, L"REG_SZ value"); ntStatus = ZwSetValueKey(hRegister ,&ustrValueName ,0 ,REG_SZ ,wcValue ,wcslen(wcValue)*2+2);//长度为字符串的长度*2+2 if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Set REG_SZ value error!!!\n", __FILE__, __LINE__); ZwClose(hRegister); return; } // // 设置REG_BINARY // RtlInitUnicodeString(&ustrValueName, L"REG_BINARY value"); RtlFillMemory(ucBuffer, sizeof(ucBuffer), 0xAA); ntStatus = ZwSetValueKey(hRegister ,&ustrValueName ,0 ,REG_BINARY ,ucBuffer ,sizeof(ucBuffer)); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Set REG_BINARY error!!!\n", __FILE__, __LINE__); ZwClose(hRegister); return; } dprintf("[DriverReg]REG_SZ,REG_BINARY,REG_DWORD set completing!!!\n"); ZwClose(hRegister); } #pragma PAGEDCODE VOID DRQueryKey() { UNICODE_STRING ustrMyRegPath; OBJECT_ATTRIBUTES objectAttributes; HANDLE hRegister; NTSTATUS ntStatus; ULONG ulSize = 0; PKEY_FULL_INFORMATION pfi; PKEY_BASIC_INFORMATION pbi; ULONG i; UNICODE_STRING ustrKeyName; RtlInitUnicodeString(&ustrMyRegPath, MY_REG_PATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwOpenKey(&hRegister ,KEY_ALL_ACCESS ,&objectAttributes); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Open key failed\n",__FILE__, __LINE__); return; } // // 获取长度 // ntStatus = ZwQueryKey(hRegister ,KeyFullInformation ,NULL ,0 ,&ulSize); if (!ulSize) { dprintf("@FILE:%s,LINE:%d@Size = %d failed\n",__FILE__, __LINE__, ulSize); return; } pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool, ulSize); // // 获取FULL Information 数据 // ntStatus = ZwQueryKey(hRegister ,KeyFullInformation ,pfi ,ulSize ,&ulSize); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Query key failed\n",__FILE__, __LINE__); return; } for (i=0; i<pfi->SubKeys; i++) { // // 得到结构大小 // ulSize = 0; ntStatus = ZwEnumerateKey(hRegister ,i ,KeyBasicInformation ,NULL ,0 ,&ulSize); pbi = (PKEY_BASIC_INFORMATION)ExAllocatePool(PagedPool, ulSize); // // 得到BaseicInformation数据 // ntStatus = ZwEnumerateKey(hRegister ,i ,KeyBasicInformation ,pbi ,ulSize ,&ulSize); if (pbi->Name != NULL) { ANSI_STRING astrKeyName; ustrKeyName.Length = ustrKeyName.MaximumLength = (USHORT)pbi->NameLength; ustrKeyName.Buffer = pbi->Name; RtlUnicodeStringToAnsiString(&astrKeyName, &ustrKeyName, TRUE); dprintf("[DriverReg] the %d item name:%Z\n", i, &astrKeyName); //可打印中文 /* DebugView Print [DriverReg] the 0 item name:MSubItem [DriverReg] the 1 item name:ok [DriverReg] the 2 item name:新建的项 [DriverReg] the 3 item name:新项 #1 */ } ExFreePool(pbi); } ExFreePool(pfi); ZwClose(hRegister); return; } #pragma PAGEDCODE VOID DRQueryValueKey() { NTSTATUS ntStatus; UNICODE_STRING ustrMyRegRunPath; UNICODE_STRING ustrValueName; OBJECT_ATTRIBUTES objectAttributes; ULONG ulSize; HANDLE hRegister; PKEY_VALUE_PARTIAL_INFORMATION pvpi; RtlInitUnicodeString(&ustrMyRegRunPath, MY_REG_RUNPATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegRunPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwOpenKey(&hRegister ,KEY_ALL_ACCESS ,&objectAttributes); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Open key failed\n",__FILE__, __LINE__); return; } RtlInitUnicodeString(&ustrValueName, L"binge"); // // 读取REG_DWORD子键 // ntStatus = ZwQueryValueKey(hRegister ,&ustrValueName ,KeyValuePartialInformation ,NULL ,0 ,&ulSize); if (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND || ulSize == 0) { ZwClose(hRegister); dprintf("@FILE:%s,LINE:%d@Value Key Not found\n",__FILE__, __LINE__); return; } pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool, ulSize); ntStatus = ZwQueryValueKey(hRegister ,&ustrValueName ,KeyValuePartialInformation ,pvpi ,ulSize ,&ulSize); if (!NT_SUCCESS(ntStatus)) { ZwClose(hRegister); dprintf("@FILE:%s,LINE:%d@Read Reg error\n",__FILE__, __LINE__); return; } // //需要查询字符串信息,Type应该为REG_SZ // pvpi->Type == REG_SZ // if (pvpi->Type == REG_DWORD && pvpi->DataLength == sizeof(ULONG)) { PULONG pulValue = (PULONG)pvpi->Data; dprintf("[DriverReg]The value:%d\n", *pulValue); /*DebugView print pvpi->Type= 4 ,pvpi->DataLength=4, pvpi->TitleIndex == 0 The value:123456 ps:打印的是值 */ } ExFreePool(pvpi); } #pragma PAGEDCODE VOID DREnumerateValueKey() { UNICODE_STRING ustrMyRegPath; OBJECT_ATTRIBUTES objectAttributes; HANDLE hRegister; NTSTATUS ntStatus; ULONG ulSize = 0; PKEY_FULL_INFORMATION pfi; PKEY_VALUE_BASIC_INFORMATION pvbi; ULONG i; UNICODE_STRING ustrKeyName; RtlInitUnicodeString(&ustrMyRegPath, MY_REG_RUNPATH); InitializeObjectAttributes(&objectAttributes ,&ustrMyRegPath ,OBJ_CASE_INSENSITIVE ,NULL ,NULL); ntStatus = ZwOpenKey(&hRegister ,KEY_ALL_ACCESS ,&objectAttributes); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Open key failed\n",__FILE__, __LINE__); return; } // // 获取长度 // ntStatus = ZwQueryKey(hRegister ,KeyFullInformation ,NULL ,0 ,&ulSize); if (!ulSize) { dprintf("@FILE:%s,LINE:%d@Size = %d failed\n",__FILE__, __LINE__, ulSize); return; } pfi = (PKEY_FULL_INFORMATION)ExAllocatePool(PagedPool, ulSize); // // 获取FULL Information 数据 // ntStatus = ZwQueryKey(hRegister ,KeyFullInformation ,pfi ,ulSize ,&ulSize); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Query key failed\n",__FILE__, __LINE__); return; } for (i=0; i<pfi->Values; i++) { ulSize = 0; //枚举注册表 ZwEnumerateValueKey(hRegister ,i ,KeyValueBasicInformation ,NULL ,0 ,&ulSize); pvbi = (PKEY_VALUE_BASIC_INFORMATION)ExAllocatePool(PagedPool, ulSize); ZwEnumerateValueKey(hRegister ,i ,KeyValueBasicInformation ,pvbi ,ulSize ,&ulSize); if (pvbi->Name != NULL) { ANSI_STRING astrValueKey; ustrKeyName.Length = ustrKeyName.MaximumLength = (USHORT)pvbi->NameLength; ustrKeyName.Buffer = pvbi->Name; RtlUnicodeStringToAnsiString(&astrValueKey, &ustrKeyName, TRUE); dprintf("[DriverReg]%Z", &astrValueKey); GetValueKeyFormInput(hRegister, ustrKeyName); /*DebugView print [DriverReg]The 0 Value is IMJPMIG8.1 [DriverReg]The 1 Value is PHIME2002ASync [DriverReg]The 2 Value is PHIME2002A [DriverReg]The 3 Value is VMware Tools [DriverReg]The 4 Value is VMware User Process [DriverReg]The 5 Value is binge */ } ExFreePool(pvbi); } ExFreePool(pfi); ZwClose(hRegister); } //************************************ // Method: GetValueKeyFormInput // Access: public // Returns: VOID // Parameter: HANDLE hRegister //注册表句柄 // Parameter: UNICODE_STRING wcValueKey //要查询的子项 // // Description: 获取指定注册表中某子项的值,比如获取Run项的值 // // Modify time: 2012/11/11 1:13 // Author: markro // // 调用示例:GetValueKeyFormInput(hRegister, ustrKeyName); // //************************************ VOID GetValueKeyFormInput(HANDLE hRegister, UNICODE_STRING ustrValueKey) { NTSTATUS ntStatus; UNICODE_STRING ustrValueName; ULONG ulSize = 0; PKEY_VALUE_PARTIAL_INFORMATION pvpi; ntStatus = ZwQueryValueKey(hRegister ,&ustrValueKey ,KeyValuePartialInformation ,NULL ,0 ,&ulSize); if (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND || ulSize == 0) { dprintf("@FILE:%s,LINE:%d@Value Key Not found\n",__FILE__, __LINE__); return; } pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool, ulSize); ntStatus = ZwQueryValueKey(hRegister ,&ustrValueKey ,KeyValuePartialInformation ,pvpi ,ulSize ,&ulSize); if (!NT_SUCCESS(ntStatus)) { dprintf("@FILE:%s,LINE:%d@Read Reg error\n",__FILE__, __LINE__); return; } // //需要查询字符串信息,Type应该为REG_SZ // pvpi->Type == REG_SZ // if (pvpi->Type == REG_DWORD) { PULONG pulValue = (PULONG)pvpi->Data; dprintf("The value:%d\n", *pulValue); /*DebugView print pvpi->Type= 4 ,pvpi->DataLength=4, pvpi->TitleIndex == 0 The value:123456 ps:打印的是值 */ } else if (pvpi->Type == REG_SZ) { dprintf(" [Path]=> %S\n", pvpi->Data); /*DebugView Print [DriverReg]IMJPMIG8.1 [Path]=> "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [DriverReg]PHIME2002ASync [Path]=> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [DriverReg]PHIME2002A [Path]=> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [DriverReg]VMware Tools [Path]=> "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [DriverReg]VMware User Process [Path]=> "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" */ } else if (pvpi->Type = REG_BINARY) { dprintf("REG_BINARY\n"); } else if (pvpi->Type = REG_MULTI_SZ) { dprintf("REG_MULTI_SZ\n"); } ExFreePool(pvpi); }
DebugView:
[DriverReg]Driver entry!!! [DriverReg]Enter CreateDevice!!! [DriverReg]main key are really created!! [DriverReg]subitem are really create!!! [DriverReg]Open Register successfully!!! [DriverReg]REG_SZ,REG_BINARY,REG_DWORD set completing!!! [DriverReg] the 0 item name:App Management [DriverReg] the 1 item name:App Paths [DriverReg] the 2 item name:Applets [DriverReg] the 3 item name:Control Panel [DriverReg] the 4 item name:Controls Folder [DriverReg] the 5 item name:CSCSettings [DriverReg] the 6 item name:DateTime [DriverReg] the 7 item name:Dynamic Directory [DriverReg] the 8 item name:Explorer [DriverReg] the 9 item name:Ext [DriverReg] the 10 item name:Extensions [DriverReg] the 11 item name:Group Policy [DriverReg] the 12 item name:H323TSP [DriverReg] the 13 item name:Hints [DriverReg] the 14 item name:IME [DriverReg] the 15 item name:Installer [DriverReg] the 16 item name:Internet Settings [DriverReg] the 17 item name:IntlRun [DriverReg] the 18 item name:IntlRun.OC [DriverReg] the 19 item name:IPConfTSP [DriverReg] the 20 item name:MS-DOS Emulation [DriverReg] the 21 item name:MSSHA [DriverReg] the 22 item name:MSubItem [DriverReg] the 23 item name:Nls [DriverReg] the 24 item name:OptimalLayout [DriverReg] the 25 item name:PhotoPropertyHandler [DriverReg] the 26 item name:policies [DriverReg] the 27 item name:PreviewHandlers [DriverReg] the 28 item name:PropertySystem [DriverReg] the 29 item name:Reinstall [DriverReg] the 30 item name:Reliability [DriverReg] the 31 item name:Run [DriverReg] the 32 item name:RunOnce [DriverReg] the 33 item name:RunOnceEx [DriverReg] the 34 item name:Setup [DriverReg] the 35 item name:SharedDlls [DriverReg] the 36 item name:Shell Extensions [DriverReg] the 37 item name:ShellCompatibility [DriverReg] the 38 item name:ShellScrap [DriverReg] the 39 item name:ShellServiceObjectDelayLoad [DriverReg] the 40 item name:SideBySide [DriverReg] the 41 item name:SMDEn [DriverReg] the 42 item name:Syncmgr [DriverReg] the 43 item name:Telephony [DriverReg] the 44 item name:ThemeManager [DriverReg] the 45 item name:Themes [DriverReg] the 46 item name:Uninstall [DriverReg] the 47 item name:URL [DriverReg] the 48 item name:WebCheck [DriverReg] the 49 item name:WindowsUpdate [DriverReg]The value:534534 [DriverReg]IMJPMIG8.1 [Path]=> "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [DriverReg]PHIME2002ASync [Path]=> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [DriverReg]PHIME2002A [Path]=> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [DriverReg]VMware Tools [Path]=> "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [DriverReg]VMware User Process [Path]=> "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [DriverReg]bingeThe value:534534 [DriverReg]Driver Entry end!!!! [DriverReg]Enter Unload!!!
2012-11-11
浙公网安备 33010602011771号