ZwOpenKey
The ZwOpenKey routine opens an existing registry key.
NTSTATUS
ZwOpenKey(
OUT PHANDLE
KeyHandle
,
IN
ACCESS_MASK
DesiredAccess
,
IN POBJECT_ATTRIBUTES
ObjectAttributes
);
Parameters
KeyHandle Pointer to the HANDLE variable that receives the handle to the key. DesiredAccess Specifies an ACCESS_MASK value that determines the requested access to the object. For more information, see the DesiredAccess parameter of ZwCreateKey . ObjectAttributes Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes .Return Value
ZwOpenKey returns STATUS_SUCCESS if the given key was opened. Otherwise, it can return an error status, including the following:
STATUS_INVALID_HANDLE
STATUS_ACCESS_DENIED
Comments
ZwOpenKey supplies a handle that the caller can use to manipulate a registry key. The routine provides a subset of the functionality of ZwCreateKey . For more information, see Using the Registry in a Driver.
If the specified key does not exist, ZwOpenKey returns an error status and does not return a key handle.
Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.
ZwOpenKey ignores the security information in the structure that the ObjectAttributes parameter points to.
If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.
For more information about working with registry keys, see Using the Registry in a Driver.
Note If the call to this function occurs in user mode, you should use the name "NtOpenKey " instead of "ZwOpenKey ".
Requirements
IRQL: PASSIVE_LEVEL
Headers: Declared in Wdm.h . Include Wdm.h , Ntddk.h , or Ntifs.h .