Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Windows Driver Kit
Reference
ZwXxx Routines
 ZwQueryValueKey

  Switch on low bandwidth view
Windows Driver Kit: Kernel-Mode Driver Architecture
ZwQueryValueKey

The ZwQueryValueKey routine returns a value entry for a registry key.

NTSTATUS 
  ZwQueryValueKey(
    IN HANDLE  KeyHandle,
    IN PUNICODE_STRING  ValueName,
    IN KEY_VALUE_INFORMATION_CLASS  KeyValueInformationClass,
    OUT PVOID  KeyValueInformation,
    IN ULONG  Length,
    OUT PULONG  ResultLength
    );

Parameters

KeyHandle
Handle to the key to read value entries from. This handle is created by a successful call to ZwCreateKey or ZwOpenKey.
ValueName
Pointer to the name of the value entry to obtain data for.
KeyValueInformationClass
A KEY_VALUE_INFORMATION_CLASS value that determines the type of information returned in the KeyValueInformation buffer.
KeyValueInformation
Pointer to a caller-allocated buffer that receives the requested information.
Length
Specifies the size, in bytes, of the KeyValueInformation buffer.
ResultLength
Pointer to a variable that receives the size, in bytes, of the key information. If the ZwQueryValueKey routine returns STATUS_SUCCESS, callers can use the value of this variable to determine the amount of data returned. If the routine returns STATUS_BUFFER_OVERFLOW or STATUS_BUFFER_TOO_SMALL, callers can use the value of this variable to determine the size of buffer required to hold the key information.

Return Value

ZwQueryValueKey returns STATUS_SUCCESS on success, or the appropriate error code on failure. Possible error code values include:

STATUS_BUFFER_OVERFLOW
The buffer supplied is too small, and only partial data has been written to the buffer. *ResultLength is set to the minimum size required to hold the requested information.
STATUS_BUFFER_TOO_SMALL
The buffer supplied is too small, and no data has been written to the buffer. *ResultLength is set to the minimum size required to hold the requested information.
STATUS_INVALID_PARAMETER
The KeyInformationClass parameter is not a valid KEY_VALUE_INFORMATION_CLASS value.

Warning If you specify KeyValueBasicInformation for KeyValueInformationClass, Microsoft Windows 98 and Microsoft Windows Me return STATUS_SUCCESS even if the registry key or value name does not exist.

Comments

The KeyHandle passed to ZwQueryValueKey must have been opened with KEY_QUERY_VALUE access. This is accomplished by passing KEY_QUERY_VALUE, KEY_READ, or KEY_ALL_ACCESS as the DesiredAccess parameter to ZwCreateKey or ZwOpenKey.

For more information about working with registry keys, see Using the Registry in a Driver.

Note  If the call to this function occurs in user mode, you should use the name "NtQueryValueKey" instead of "ZwQueryValueKey".

Requirements

IRQL: PASSIVE_LEVEL

Headers: Declared in wdm.h. Include wdm.h, ntddk.h, or ntifs.h.

See Also

KEY_VALUE_BASIC_INFORMATION, KEY_VALUE_FULL_INFORMATION, KEY_VALUE_INFORMATION_CLASS, KEY_VALUE_PARTIAL_INFORMATION, ZwCreateKey, ZwEnumerateValueKey, ZwOpenKey


Send feedback on this topic
Built on May 20, 2009
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker