ZwQueryValueKey

NTSTATUS
    ZwQueryValueKey(
        IN HANDLE  KeyHandle,
        IN PUNICODE_STRING  ValueName,
        IN KEY_VALUE_INFORMATION_CLASS  KeyValueInformationClass,
        OUT PVOID  KeyValueInformation,
        IN ULONG  Length,
        OUT PULONG  ResultLength
        );

ZwQueryValueKey returns the value entries for an open registry key.

Parameters

KeyHandle

Is the handle, returned by a successful call to ZwCreateKey or ZwOpenKey, of key for which value entries are to be read.

ValueName

Points to the name of the value entry for which the data is requested.

KeyValueInformationClass

Specifies the type of information requested as one of the following:

KeyValueBasicInformation
KeyValueFullInformation
KeyValuePartialInformation

KeyValueInformation

Points to a caller-allocated buffer to receive the requested data.

Length

Is the size in bytes of the KeyValueInformation buffer, which the caller should set according to the given KeyValueInformationClass.

ResultLength

Points to number of bytes actually returned to KeyValueInformation or, if the input Length is too small, points to the number of bytes required for the available information.

Return Value

ZwQueryValueKey returns STATUS_SUCCESS if it returned the requested information in the KeyValueInformation buffer. Otherwise, ZwQueryValueKey can return one of the following values:

STATUS_BUFFER_OVERFLOW
STATUS_INVALID_PARAMETER
STATUS_OBJ_NAME_NOT_FOUND

Comments

The KeyHandle passed to ZwQueryValueKey must have been opened with the KEY_QUERY_VALUE DesiredAccess flag set for this call to succeed. See ZwCreateKey for a description of possible values for DesiredAccess.

Callers of ZwQueryValueKey must be running at IRQL PASSIVE_LEVEL.

See Also

KEY_VALUE_BASIC_INFORMATION, KEY_VALUE_FULL_INFORMATION, KEY_VALUE_PARTIAL_INFORMATION, ZwCreateKey, ZwEnumerateValueKey, ZwOpenKey