KEY_NODE_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTREGAPI_H

/**
 * The KEY_NODE_INFORMATION structure defines the basic information available for a registry (sub)key.
 * \sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_key_node_information
 */
typedef struct _KEY_NODE_INFORMATION
{
    LARGE_INTEGER LastWriteTime;                    // Number of 100-nanosecond intervals since this key or any of its values changed.
    ULONG TitleIndex;                               // Reserved // A legacy field originally intended for use with localization such as an index of a resource table.
    ULONG ClassOffset;                              // The byte offset from the start of this structure to the class name string. This string is not null-terminated.
    ULONG ClassLength;                              // The size, in bytes, in the class name string.
    ULONG NameLength;                               // The size, in bytes, of the key name string contained in the Name array.
    _Field_size_bytes_(NameLength) WCHAR Name[1];   // The name of the registry key. This string is not null-terminated.
    // ...
    // WCHAR Class[1];
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;

#endif

View code on GitHub
// wdm.h

typedef struct _KEY_NODE_INFORMATION {
  LARGE_INTEGER LastWriteTime;
  ULONG         TitleIndex;
  ULONG         ClassOffset;
  ULONG         ClassLength;
  ULONG         NameLength;
  WCHAR         Name[1];
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
View the official Windows Driver Kit DDI reference

NtDoc

This structure is documented in Windows Driver Kit.

Edit description on GitHub

Windows Driver Kit DDI reference (ns-wdm-_key_node_information)

_KEY_NODE_INFORMATION structure

Description

The KEY_NODE_INFORMATION structure defines the basic information available for a registry (sub)key.

Members

LastWriteTime

The last time this key or any of its values changed. This time value is expressed in absolute system time format. Absolute system time is the number of 100-nanosecond intervals since the start of the year 1601 in the Gregorian calendar.

TitleIndex

Device and intermediate drivers should ignore this member.

ClassOffset

The byte offset from the start of this structure to the class name string, which is located in the Name array immediately following the key name string. Like the key name string, the class name string is not null-terminated.

ClassLength

The size, in bytes, in the class name string.

NameLength

The size, in bytes, of the key name string contained in the Name array.

Name

An array of wide characters that contains the name of the registry key. This character string is not null-terminated. Only the first element in this array is included in the KEY_NODE_INFORMATION structure definition. The storage for the remaining elements in the array immediately follows this element.

Remarks

The ZwEnumerateKey and ZwQueryKey routines use the KEY_NODE_INFORMATION structure to contain the registry key name and key class name. When the KeyInformationClass parameter of either routine is KeyNodeInformation, the KeyInformation buffer is treated as a KEY_NODE_INFORMATION structure. For more information about the KeyNodeInformation enumeration value, see KEY_INFORMATION_CLASS.

See also

KEY_BASIC_INFORMATION

KEY_CACHED_INFORMATION

KEY_FULL_INFORMATION

KEY_INFORMATION_CLASS

KEY_NAME_INFORMATION

KEY_VIRTUALIZATION_INFORMATION

ZwEnumerateKey

ZwQueryKey

View the official Windows Driver Kit DDI reference

Edit description on GitHub