NTSTATUS
ZwQueryValueKey(
IN HANDLE KeyHandle,
IN PUNICODE_STRING ValueName,
IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
OUT PVOID KeyValueInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
ZwQueryValueKey returns the value entries for an open registry key.
Parameters
KeyHandle
Is the handle, returned by a successful call to ZwCreateKey or ZwOpenKey, of key for which value entries are to be read.
ValueName
Points to the name of the value entry for which the data is requested.
KeyValueInformationClass
Specifies the type of information requested as one of the following:
KeyValueBasicInformation
KeyValueFullInformation
KeyValuePartialInformation
KeyValueInformation
Points to a caller-allocated buffer to receive the requested data.
Length
Is the size in bytes of the KeyValueInformation buffer, which the caller should set according to the given KeyValueInformationClass.
ResultLength
Points to number of bytes actually returned to KeyValueInformation or, if the input Length is too small, points to the number of bytes required for the available information.
Return Value
ZwQueryValueKey returns STATUS_SUCCESS if it returned the requested information in the KeyValueInformation buffer. Otherwise, ZwQueryValueKey can return one of the following values:
STATUS_BUFFER_OVERFLOW
STATUS_INVALID_PARAMETER
STATUS_OBJ_NAME_NOT_FOUND
Comments
The KeyHandle passed to ZwQueryValueKey must have been opened with the KEY_QUERY_VALUE DesiredAccess flag set for this call to succeed. See ZwCreateKey for a description of possible values for DesiredAccess.
Callers of ZwQueryValueKey must be running at IRQL PASSIVE_LEVEL.
See Also
KEY_VALUE_BASIC_INFORMATION, KEY_VALUE_FULL_INFORMATION, KEY_VALUE_PARTIAL_INFORMATION, ZwCreateKey, ZwEnumerateValueKey, ZwOpenKey