NtLoadKey2 - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTREGAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
NtLoadKey2(
    _In_ POBJECT_ATTRIBUTES TargetKey,
    _In_ POBJECT_ATTRIBUTES SourceFile,
    _In_ ULONG Flags
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwLoadKey2(
    _In_ POBJECT_ATTRIBUTES TargetKey,
    _In_ POBJECT_ATTRIBUTES SourceFile,
    _In_ ULONG Flags
    );

#endif
View code on GitHub

Function NtLoadKey2 loads Hive file into registry structure.

DestinationKeyName

Pointer to OBJECT_ATTRIBUTES structure contains name of loaded key and virtual parent key ("machine" or "user").

HiveFileName

Pointer to OBJECT_ATTRIBUTES structure specifying Hive file.

Flags

(?) Only values 0x0000 and 0x0004 are valid. If caller set Flags to 0x0000, function works as NtLoadKey.

Documented by

Tomasz Nowak

Requirements

Privilege: SE_RESTORE_PRIVILEGE

See also

Edit description on GitHub