Opening a Handle to a Registry-Key Object
To open a handle to a registry-key object, carry out the following two-step process:
Create an OBJECT_ATTRIBUTES structure, and initialize it by calling InitializeObjectAttributes. You specify the name of the key to manipulate as the ObjectName parameter to InitializeObjectAttributes.
If you pass NULL as the RootDirectory parameter to InitializeObjectAttributes, ObjectName must be the full path of the registry key, beginning with \Registry. Otherwise, RootDirectory must be an open handle to a key, and ObjectName is the path that is relative to that key.
Open a handle to the key object by calling ZwCreateKey or ZwOpenKey, and pass the OBJECT_ATTRIBUTES structure to it. If the key does not already exist, ZwCreateKey will create the key, whereas ZwOpenKey will return STATUS_OBJECT_NAME_NOT_FOUND.
You pass a DesiredAccess parameter to ZwCreateKey or ZwOpenKey that contains the access rights you are requesting. You must specify the access rights that permit the operations your driver will perform. The following table lists the operations you can perform and the corresponding access rights to request.
| Operation | Required access right |
|---|---|
Get a registry-key value. |
KEY_QUERY_VALUE or KEY_READ |
Set a registry-key value. |
KEY_SET_VALUE or KEY_WRITE |
Loop through all of the subkeys of a key. |
KEY_ENUMERATE_SUB_KEYS or KEY_READ |
Create a subkey. |
KEY_CREATE_SUB_KEY or KEY_WRITE |
Delete a key. |
DELETE |
For more information about the available values for the DesiredAccess parameter, see ZwCreateKey.
You can also call IoOpenDeviceRegistryKey and IoOpenDeviceInterfaceRegistryKey to open handles to those registry keys that are device specific and device-interface specific, respectively. For more information, see Plug and Play Registry Routines.
Note For calls to ZwCreateKey, ZwOpenKey, IoOpenDeviceRegistryKey, and IoOpenDeviceInterfaceRegistryKey, the generic access rights, GENERIC_READ and GENERIC_WRITE, are equivalent in meaning to the key-specific access rights, KEY_READ and KEY_WRITE, respectively, and can be used as substitutes for these key-specific access rights.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for