SSDT注册表挂钩 [英] SSDT registry Hoooking

问题描述

我是内核编程和驱动程序概念的新开发人员.

I am a new developer in kernel programming and driver concept.

我需要钩住ssdt来保护注册表的某些键值，但是我找不到适合这些东西的任何有用的教程或简单的源代码.

I need to hook ssdt for protection of some keys value of registry, but I cant find any useful tutorial or simple source code for this stuff.

我发现zwopenkey和zwcreatkey应该被钩住，并且它们的权限更改为只读. 我正在寻找SSDT注册表挂钩的一些示例.

I found that zwopenkey and zwcreatkey should be hooked and permission of them changes to read only. I am looking for some examples of SSDT registry hooking.

推荐答案

您不需要钩住SSDT，也不要这样做.还有其他方法可以保护您的钥匙.例如，许多解决方案之一就是使用

You don't need to hook SSDT and You shouldn't do this. There are other possibilities to protect Your keys. One of many solutions is for example to use registry callbacks.

这篇关于SSDT注册表挂钩的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！