Export (0) Print
Expand All
IRP
MDL
Expand Minimize

REG_OPEN_KEY_INFORMATION_V1 structure

The REG_OPEN_KEY_INFORMATION_V1 structure contains information that a filter driver's RegistryCallback routine can use when a registry key is being opened.

Syntax


typedef struct _REG_CREATE_KEY_INFORMATION_V1 {
  PUNICODE_STRING CompleteName;
  PVOID           RootObject;
  PVOID           ObjectType;
  ULONG           Options;
  PUNICODE_STRING Class;
  PVOID           SecurityDescriptor;
  PVOID           SecurityQualityOfService;
  ACCESS_MASK     DesiredAccess;
  ACCESS_MASK     GrantedAccess;
  PULONG          Disposition;
  PVOID           *ResultObject;
  PVOID           CallContext;
  PVOID           RootObjectContext;
  PVOID           Transaction;
  ULONG_PTR       Version;
  PUNICODE_STRING RemainingName;
  ULONG           Wow64Flags;
  ULONG           Attributes;
  KPROCESSOR_MODE CheckAccessMode;
} REG_CREATE_KEY_INFORMATION_V1, REG_OPEN_KEY_INFORMATION_V1, *PREG_CREATE_KEY_INFORMATION_V1, *PREG_OPEN_KEY_INFORMATION_V1;

Members

CompleteName

A pointer to a UNICODE_STRING structure that contains the path of the new registry key. The path can be absolute or relative. If the path is absolute, this structure contains a fully qualified path that starts with the "\" character. For an absolute path, the RootObject member specifies the \REGISTRY key, which is the root directory of the registry tree. If the path is relative, the path starts with a character other than "\", and is relative to the key that is specified by the RootObject member.

RootObject

A pointer to a registry key object that represents the root registry key for the path that is specified by the CompleteName member.

ObjectType

This member is reserved for use by the operating system. Drivers must not access this member.

Options

Specifies the options for the key-open routine to use to create or open the new key. For more information, see the description of the CreateOptions parameter of the ZwCreateKey routine and the description of the OpenOptions parameter of the ZwOpenKeyEx routine.

Class

This member is not used.

SecurityDescriptor

This member is not used.

SecurityQualityOfService

This member is not used.

DesiredAccess

The access mask that was specified by the thread that is trying to open the registry key. For more information about this access mask, see the description of the DesiredAccess parameter of the ZwCreateKey routine.

GrantedAccess

An access mask that indicates the access rights that were granted to the thread that is trying to open the registry key. For more information about this member, see the following Remarks section.

Disposition

This member is not used.

ResultObject

A pointer to a location that receives the address of the key object that represents the opened registry key.

CallContext

A pointer to driver-defined context information that the driver has associated with a registry object by calling the CmSetCallbackObjectContext routine.

RootObjectContext

A pointer to driver-defined context information that the driver has associated with the root of the path of the registry object by calling the CmSetCallbackObjectContext routine.

Transaction

A pointer to a transaction object for the registry operation. You can supply this pointer to the ObOpenObjectByPointer routine to obtain the corresponding transaction handle. If this member is NULL, the operation is being performed in non-transactional context.

Version

The structure version number. This member distinguishes the REG_OPEN_KEY_INFORMATION structure in Windows Vista from the REG_OPEN_KEY_INFORMATION_V1 structure in Windows 7 and later versions of Windows. The following version numbers are currently defined.

Version numberVersion of structure

0

REG_OPEN_KEY_INFORMATION

1

REG_OPEN_KEY_INFORMATION_V1

 

Future versions of this structure might add new members but will not change the members that are already defined in existing versions of the structure. This member is defined in the REG_OPEN_KEY_INFORMATION_KEY_INFORMATION_V1 structure that is supported in Windows 7 and later versions of the Windows operating systems. In the REG_OPEN_KEY_INFORMATION structure that Windows Vista supports, this member is named Reserved and is set to zero. Filter drivers should rely on the version number and not the operating system version to determine which version of the structure they are using.

RemainingName

A pointer to a UNICODE_STRING structure that contains the relative path of the new registry key. This member always expresses the path of the new key relative to the path of the key that is specified by the RootObject member. In contrast, the CompleteName member can contain an absolute path if the RootObject member specifies the \REGISTRY key.

Wow64Flags

Contains the Wow64 flags from the access mask that was passed as an input parameter in the call to open the new registry key. This member indicates whether a 32-bit client program that is running on a 64-bit version of Windows is trying to open a registry key. This member is set to zero or to one of the following flag bits:

  • KEY_WOW64_32KEY

  • KEY_WOW64_64KEY

These flag bits are defined in the Wdm.h and Winnt.h header files. For more information about these flags, see Registry Key Security and Access Rights.

Attributes

Contains the object-attribute flags from the Attributes member of the OBJECT_ATTRIBUTES structure that was passed as an input parameter in the call to open the new registry key. This member might contain one or more of the following flag bits:

  • OBJ_KERNEL_HANDLE

  • OBJ_FORCE_ACCESS_CHECK

  • OBJ_OPENLINK

For more information about these flags, see OBJECT_ATTRIBUTES.

CheckAccessMode

Indicates how the configuration manager performs the security access check for the call to create the new key. This member contains one of the following MODE enumeration values from the Wdm.h header file:

  • KernelMode

  • UserMode

This security access check is similar to that performed by the SeAccessCheck routine, which has an AccessMode parameter that can be set to either KernelMode or UserMode. If CheckAccessMode is set to UserMode, the configuration manager performs a full security access check regardless of whether the call originated in user mode or kernel mode. For more information about how to force user-mode security access checks on a call that originates in kernel mode, see the description of the OBJ_FORCE_ACCESS_CHECK flag in the Attributes member of the OBJECT_ATTRIBUTES structure.

Remarks

The configuration manager passes this structure to the RegistryCallback routine every time that a thread tries to open a key—for example, when a user-mode thread calls RegOpenKey or RegOpenKeyEx, or when a kernel-mode driver calls ZwOpenKey.

This structure is an extended version of the REG_OPEN_KEY_INFORMATION structure that Windows Vista supports. The first 14 members, CompleteName through Transaction, are identical in the two structures. The last five members of the REG_OPEN_KEY_INFORMATION_V1 structure, Version through CheckAccessMode, are not part of the REG_OPEN_KEY_INFORMATION structure.

If the driver's RegistryCallback routine returns STATUS_CALLBACK_BYPASS for a RegNtPreOpenKeyEx notification, the driver must supply the values for the GrantedAccess and ResultObject members.

The REG_OPEN_KEY_INFORMATION_V1 structure is one of a number of structures that a filter driver can receive through its RegistryCallback routine. For more information about filter drivers, see Filtering Registry Calls.

For more information about registry filtering operations, see Filtering Registry Calls.

Requirements

Version

Available on Windows 7 and later versions of the Windows operating systems.

Header

Wdm.h (include Wdm.h, Ntddk.h, or Ntifs.h)

See also

CmSetCallbackObjectContext
OBJECT_ATTRIBUTES
ObOpenObjectByPointer
RegistryCallback
RegOpenKey
REG_OPEN_KEY_INFORMATION
RegOpenKeyEx
UNICODE_STRING
ZwCreateKey
ZwOpenKeyEx

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft