SSDT 注册表挂钩 [英] SSDT registry Hoooking

问题描述

我是内核编程和驱动程序概念方面的新开发人员.

I am a new developer in kernel programming and driver concept.

我需要挂钩 ssdt 以保护注册表的某些键值，但我找不到任何有用的教程或简单的源代码.

I need to hook ssdt for protection of some keys value of registry, but I cant find any useful tutorial or simple source code for this stuff.

我发现 zwopenkey 和 zwcreatkey 应该被挂钩，并且它们的权限更改为只读.我正在寻找一些 SSDT 注册表挂钩的示例.

I found that zwopenkey and zwcreatkey should be hooked and permission of them changes to read only. I am looking for some examples of SSDT registry hooking.

推荐答案

您不需要挂钩 SSDT，也不应该这样做.还有其他可能来保护您的密钥.许多解决方案之一是例如使用 注册表回调.

You don't need to hook SSDT and You shouldn't do this. There are other possibilities to protect Your keys. One of many solutions is for example to use registry callbacks.

这篇关于SSDT 注册表挂钩的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！