NtLoadKey2 - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
#ifndef _NTREGAPI_H

/**
 * Loads a registry key from a file with additional options.
 * 
 * @param[in] TargetKey A pointer to an OBJECT_ATTRIBUTES structure that specifies the target key.
 * @param[in] SourceFile A pointer to an OBJECT_ATTRIBUTES structure that specifies the source file.
 * @param[in] Flags The options to use when loading the key.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtLoadKey2(
    _In_ POBJECT_ATTRIBUTES TargetKey,
    _In_ POBJECT_ATTRIBUTES SourceFile,
    _In_ ULONG Flags
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwLoadKey2(
    _In_ POBJECT_ATTRIBUTES TargetKey,
    _In_ POBJECT_ATTRIBUTES SourceFile,
    _In_ ULONG Flags
    );

#endif

View code on GitHub

Function NtLoadKey2 loads Hive file into registry structure.

DestinationKeyName

Pointer to OBJECT_ATTRIBUTES structure contains name of loaded key and virtual parent key ("machine" or "user").

HiveFileName

Pointer to OBJECT_ATTRIBUTES structure specifying Hive file.

Flags

(?) Only values 0x0000 and 0x0004 are valid. If caller set Flags to 0x0000, function works as NtLoadKey.

Documented by

Requirements

Privilege: SE_RESTORE_PRIVILEGE

See also