ZwQueryKey

NTSTATUS
ZwQueryKey(
IN HANDLE KeyHandle,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength
);

ZwQueryKey provides data about the class of a key, and the number and sizes of its subkeys.

Parameters

KeyHandle: Is the handle, returned by a successful call to ZwCreateKey or ZwOpenKey, of the key to be queried.
Index: Specifies the zero-based index of a subkey for which the key information is requested.
KeyInformationClass: Specifies the type of information returned in the buffer as one of the following:
KeyBasicInformation
KeyFullInformation
KeyNodeInformation
KeyInformation: Points to a caller-allocated buffer to receive the requested data.
Length: Is the size in bytes of the KeyInformation buffer, which the caller should set according to the given KeyInformationClass.
ResultLength: Points to number of bytes actually returned to KeyInformation or, if the input Length is too small, points to the number of bytes required for the available information.

Return Value

ZwQueryKey returns STATUS_SUCCESS if it returned the requested information in the KeyInformation buffer. Otherwise, ZwQueryKey can return one of the following values:

STATUS_BUFFER_OVERFLOW
STATUS_INVALID_PARAMETER

Comments

The KeyHandle passed to ZwQueryKey must have been opened with the KEY_QUERY_KEY DesiredAccess flag set for this call to succeed. See ZwCreateKey for a description of possible values for DesiredAccess.

ZwQueryKey returns information about the size of the value entries, the number of subkeys, the length of their names, and the size of their value entries that its caller can use to allocate buffers for registry data.

For example, a successful caller of ZwQueryKey might allocate a buffer for a subkey, call ZwEnumerateKey to get the name of the subkey, and pass that name to an Rtl..Registry routine.

Callers of ZwQueryKey must be running at IRQL PASSIVE_LEVEL.

ZwQueryKey

Parameters

Return Value

Comments

See Also