Export (0) Print
Expand All

ZwCreateKey routine

The ZwCreateKey routine creates a new registry key or opens an existing one.

Syntax


NTSTATUS ZwCreateKey(
  _Out_       PHANDLE KeyHandle,
  _In_        ACCESS_MASK DesiredAccess,
  _In_        POBJECT_ATTRIBUTES ObjectAttributes,
  _Reserved_  ULONG TitleIndex,
  _In_opt_    PUNICODE_STRING Class,
  _In_        ULONG CreateOptions,
  _Out_opt_   PULONG Disposition
);

Parameters

KeyHandle [out]

Pointer to a HANDLE variable that receives a handle to the key.

DesiredAccess [in]

Specifies an ACCESS_MASK value that determines the requested access to the object. In addition to the access rights that are defined for all types of objects (see ACCESS_MASK), the caller can specify one or more of the following access rights, which are specific to object directories:

DesiredAccess flagAllows caller to do this

KEY_QUERY_VALUE

Read key values.

KEY_SET_VALUE

Write key values.

KEY_CREATE_SUB_KEY

Create subkeys for the key.

KEY_ENUMERATE_SUB_KEYS

Read the key's subkeys.

KEY_CREATE_LINK

Create a symbolic link to the key. This flag is not used by device and intermediate drivers.

KEY_NOTIFY

Ask to receive notification when the name, value, or attributes of the key change. For more information, see ZwNotifyChangeKey.

 

The caller can also specify one of the following constants, which combines several ACCESS_MASK flags.

ConstantConsists of these ACCESS_MASK flags

KEY_READ

STANDARD_RIGHTS_READ, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY

KEY_WRITE

STANDARD_RIGHTS_WRITE, KEY_SET_VALUE, and KEY_CREATE_SUBKEY

KEY_EXECUTE

Same as KEY_READ.

KEY_ALL_ACCESS

STANDARD_RIGHTS_ALL, KEY_QUERY_VALUE, KEY_SET_VALUE, KEY_CREATE_SUB_KEY, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, and KEY_CREATE_LINK

 

ObjectAttributes [in]

Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes.

TitleIndex

Device and intermediate drivers set this parameter to zero.

Class [in, optional]

Pointer to a Unicode string that contains the key's object class. This information is used by the configuration manager.

CreateOptions [in]

Specifies the options to apply when creating or opening a key, specified as a compatible combination of the following flags.

CreateOptions flagDescription

REG_OPTION_VOLATILE

Key is not preserved when the system is rebooted.

REG_OPTION_NON_VOLATILE

Key is preserved when the system is rebooted.

REG_OPTION_CREATE_LINK

The newly created key is a symbolic link. This flag is not used by device and intermediate drivers.

REG_OPTION_BACKUP_RESTORE

Key should be created or opened with special privileges that allow backup and restore operations. This flag is not used by device and intermediate drivers.

 

Disposition [out, optional]

Pointer to a variable that receives a value indicating whether a new key was created or an existing one opened.

Disposition valueDescription

REG_CREATED_NEW_KEY

A new key was created.

REG_OPENED_EXISTING_KEY

An existing key was opened.

 

Return value

ZwCreateKey returns STATUS_SUCCESS on success, or the appropriate NTSTATUS error code on failure.

Remarks

ZwCreateKey supplies a handle that the caller can use to manipulate a registry key. For more information, see Using the Registry in a Driver.

Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.

There are two alternate ways to specify the name of the file to be created or opened with ZwCreateKey:

  1. As a fully qualified pathname, supplied in the ObjectName member of the input ObjectAttributes. The pathnames of registry keys begin with \Registry.

  2. As pathname relative to another registry key, represented by the handle in the RootDirectory member of the input ObjectAttributes.

If the key specified by ObjectAttributes does not exist, the routine attempts to create the key. For this attempt to succeed, the new key must be a direct subkey of the key that is referred to by RootDirectory, and the key that RootDirectory refers to must have been opened for KEY_CREATE_SUB_KEY access.

If the specified key already exists, it is opened and its value is not affected in any way.

The security attributes specified by ObjectAttributes when a key is created determine whether the specified DesiredAccess is granted on subsequent calls to ZwCreateKey and ZwOpenKey.

If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.

For more information about working with registry keys, see Using the Registry in a Driver.

Note  If the call to this function occurs in user mode, you should use the name "NtCreateKey" instead of "ZwCreateKey".

Requirements

Version

Available starting with Windows 2000.

Header

Wdm.h (include Wdm.h, Ntddk.h, or Ntifs.h)

Library

Ntoskrnl.lib

IRQL

PASSIVE_LEVEL

DDI compliance rules

IrqlZwPassive, PowerIrpDDis, ZwRegistryCreate, HwStorPortProhibitedDDIs, ZwRegistryCreate(storport)

See also

ACCESS_MASK
InitializeObjectAttributes
ZwClose
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushKey
ZwNotifyChangeKey
ZwOpenKey
ZwQueryValueKey
ZwSetValueKey

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft