NtOpenKey - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
#ifndef _NTREGAPI_H

/**
 * Opens an existing registry key.
 *
 * \param[out] KeyHandle A pointer to a handle that receives the key handle.
 * \param[in] DesiredAccess The access mask that specifies the desired access rights.
 * \param[in] ObjectAttributes A pointer to an OBJECT_ATTRIBUTES structure that specifies the object attributes.
 * \return NTSTATUS Successful or errant status.
 * \remarks NtOpenKey ignores the security information in the ObjectAttributes structure.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenKey(
    _Out_ PHANDLE KeyHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ POBJECT_ATTRIBUTES ObjectAttributes
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenKey(
    _Out_ PHANDLE KeyHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ POBJECT_ATTRIBUTES ObjectAttributes
    );

#endif

View code on GitHub
// wdm.h

NTSYSAPI NTSTATUS ZwOpenKey(
  [out] PHANDLE            KeyHandle,
  [in]  ACCESS_MASK        DesiredAccess,
  [in]  POBJECT_ATTRIBUTES ObjectAttributes
);

View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Windows Driver Kit DDI reference (nf-wdm-zwopenkey)

Description

The ZwOpenKey routine opens an existing registry key.

Parameters

KeyHandle [out]

Pointer to the HANDLE variable that receives the handle to the key.

DesiredAccess [in]

Specifies an ACCESS_MASK value that determines the requested access to the object. For more information, see the DesiredAccess parameter of ZwCreateKey.

ObjectAttributes [in]

Pointer to an OBJECT_ATTRIBUTES structure that specifies the object name and other attributes. Use InitializeObjectAttributes to initialize this structure. If the caller is not running in a system thread context, it must set the OBJ_KERNEL_HANDLE attribute when it calls InitializeObjectAttributes.

Return value

ZwOpenKey returns STATUS_SUCCESS if the given key was opened. Otherwise, it can return an error status, including the following:

Remarks

ZwOpenKey supplies a handle that the caller can use to manipulate a registry key. The routine provides a subset of the functionality of ZwCreateKey. For more information, see Using the Registry in a Driver.

If the specified key does not exist, ZwOpenKey returns an error status and does not return a key handle.

Once the handle pointed to by KeyHandle is no longer in use, the driver must call ZwClose to close it.

ZwOpenKey ignores the security information in the structure that the ObjectAttributes parameter points to.

If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.

For more information about working with registry keys, see Using the Registry in a Driver.

If the call to this function occurs in user mode, you should use the name "NtOpenKey" instead of "ZwOpenKey".

See also

ACCESS_MASK

InitializeObjectAttributes

ZwCreateKey

ZwDeleteKey

ZwEnumerateKey

ZwEnumerateValueKey

ZwFlushKey

ZwQueryKey

ZwQueryValueKey

ZwSetValueKey


NTinternals.net (undocumented.ntinternals.net)

This function is documented in Windows Driver Kit.


See ZwOpenKey in NT DDK or 2000 DDK for detailed description.

See also