The ZwCreateKey routine creates a new registry key or opens an existing one.
NTSTATUS ZwCreateKey( _Out_ PHANDLE KeyHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _Reserved_ ULONG TitleIndex, _In_opt_ PUNICODE_STRING Class, _In_ ULONG CreateOptions, _Out_opt_ PULONG Disposition );
- KeyHandle [out]
Pointer to a HANDLE variable that receives a handle to the key.
- DesiredAccess [in]
Specifies an ACCESS_MASK value that determines the requested access to the object. In addition to the access rights that are defined for all types of objects (see ACCESS_MASK), the caller can specify one or more of the following access rights, which are specific to object directories:
DesiredAccess flag Allows caller to do this
Read key values.
Write key values.
Create subkeys for the key.
Read the key's subkeys.
Create a symbolic link to the key. This flag is not used by device and intermediate drivers.
Ask to receive notification when the name, value, or attributes of the key change. For more information, see ZwNotifyChangeKey.
The caller can also specify one of the following constants, which combines several ACCESS_MASK flags.
Constant Consists of these ACCESS_MASK flags
STANDARD_RIGHTS_READ, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY
STANDARD_RIGHTS_WRITE, KEY_SET_VALUE, and KEY_CREATE_SUBKEY
Same as KEY_READ.
STANDARD_RIGHTS_ALL, KEY_QUERY_VALUE, KEY_SET_VALUE, KEY_CREATE_SUB_KEY, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, and KEY_CREATE_LINK
- ObjectAttributes [in]
Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes.
Device and intermediate drivers set this parameter to zero.
- Class [in, optional]
Pointer to a Unicode string that contains the key's object class. This information is used by the configuration manager.
- CreateOptions [in]
Specifies the options to apply when creating or opening a key, specified as a compatible combination of the following flags.
CreateOptions flag Description
Key is not preserved when the system is rebooted.
Key is preserved when the system is rebooted.
The newly created key is a symbolic link. This flag is not used by device and intermediate drivers.
Key should be created or opened with special privileges that allow backup and restore operations. This flag is not used by device and intermediate drivers.
- Disposition [out, optional]
Pointer to a variable that receives a value indicating whether a new key was created or an existing one opened.
Disposition value Description
A new key was created.
An existing key was opened.
ZwCreateKey returns STATUS_SUCCESS on success, or the appropriate NTSTATUS error code on failure.
ZwCreateKey supplies a handle that the caller can use to manipulate a registry key. For more information, see Using the Registry in a Driver.
Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.
There are two alternate ways to specify the name of the file to be created or opened with ZwCreateKey:
As a fully qualified pathname, supplied in the ObjectName member of the input ObjectAttributes. The pathnames of registry keys begin with \Registry.
As pathname relative to another registry key, represented by the handle in the RootDirectory member of the input ObjectAttributes.
If the key specified by ObjectAttributes does not exist, the routine attempts to create the key. For this attempt to succeed, the new key must be a direct subkey of the key that is referred to by RootDirectory, and the key that RootDirectory refers to must have been opened for KEY_CREATE_SUB_KEY access.
If the specified key already exists, it is opened and its value is not affected in any way.
The security attributes specified by ObjectAttributes when a key is created determine whether the specified DesiredAccess is granted on subsequent calls to ZwCreateKey and ZwOpenKey.
If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.
For more information about working with registry keys, see Using the Registry in a Driver.
Note If the call to this function occurs in user mode, you should use the name "NtCreateKey" instead of "ZwCreateKey".
|Available starting with Windows 2000.|
DDI compliance rules
|IrqlZwPassive, PowerIrpDDis, ZwRegistryCreate, HwStorPortProhibitedDDIs, ZwRegistryCreate(storport)|