ZwOpenKey

ZwOpenKey

The ZwOpenKey routine opens an existing registry key.

NTSTATUS
ZwOpenKey(
OUT PHANDLE KeyHandle ,
IN ACCESS_MASK DesiredAccess ,
IN POBJECT_ATTRIBUTES ObjectAttributes
);

Parameters

KeyHandle

Pointer to the HANDLE variable that receives the handle to the key.

DesiredAccess

Specifies an ACCESS_MASK value that determines the requested access to the object. For more information, see the DesiredAccess parameter of ZwCreateKey .

ObjectAttributes

Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes .

Return Value

ZwOpenKey returns STATUS_SUCCESS if the given key was opened. Otherwise, it can return an error status, including the following:

STATUS_INVALID_HANDLE

STATUS_ACCESS_DENIED

Comments

ZwOpenKey supplies a handle that the caller can use to manipulate a registry key. The routine provides a subset of the functionality of ZwCreateKey . For more information, see Using the Registry in a Driver.

If the specified key does not exist, ZwOpenKey returns an error status and does not return a key handle.

Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.

ZwOpenKey ignores the security information in the structure that the ObjectAttributes parameter points to.

If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.

For more information about working with registry keys, see Using the Registry in a Driver.

Note   If the call to this function occurs in user mode, you should use the name "NtOpenKey " instead of "ZwOpenKey ".

Requirements

IRQL: PASSIVE_LEVEL

Headers: Declared in Wdm.h . Include Wdm.h , Ntddk.h , or Ntifs.h .