HANDLE __stdcall sub_102C0 (PCSZ SourceString, int nFrom) {KIRQL curIrql = KeGetCurrentIrql (); if (curIrql == 0) return; if (SourceString!) Return; ANSI_STRING ansi_str; RtlInitAnsiString (& ansi_str, SourceString); PVOID p; p = ExAllocatePoolWithTag (NonPagedPool, 0x400, "Ddk"); UNICODE_STRING uni_str; NTSTATUS status = RtlAnsiStringToUnicodeString (& uni_str, & ansi_str, 0); if (status == 0) {ExFreePool (p); return;} int nTemp = nFrom; OBJECT_ATTRIBUTES Object_attribute; InitializeObjectAttributes (& Object_Attribute, & UNI_STR, OBJ_CASE_INSENSITIVE, 0, 0);
Handle HKey; Int ndesiredAccess; _ASM {Mov Eax, NFromneg EaxSbb Eax, Eaxand Eax, 0xD0026Add Eax, 0x20019mov NdesiredAccess, EAX}
ZwcreateKey (& HKEY, NDESIREDACCESS, & Object_attribute, null, null, // classnull, // createOptionsnull // DISPOSITION);
}
