|
|
dd89bb |
#ifndef _NT_REGISTRY_H_
|
|
|
dd89bb |
#define _NT_REGISTRY_H_
|
|
|
dd89bb |
|
|
|
414ad3 |
#include "nt_abi.h"
|
|
|
dd89bb |
#include "nt_object.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_registry_types {
|
|
|
dd89bb |
NT_REG_NONE = 0x00,
|
|
|
dd89bb |
NT_REG_SZ = 0x01,
|
|
|
dd89bb |
NT_REG_EXPAND_SZ = 0x02,
|
|
|
dd89bb |
NT_REG_BINARY = 0x03,
|
|
|
dd89bb |
NT_REG_DWORD = 0x04,
|
|
|
dd89bb |
NT_REG_DWORD_LITTLE_ENDIAN = 0x04,
|
|
|
dd89bb |
NT_REG_DWORD_BIG_ENDIAN = 0x05,
|
|
|
dd89bb |
NT_REG_LINK = 0x06,
|
|
|
dd89bb |
NT_REG_MULTI_SZ = 0x07,
|
|
|
dd89bb |
NT_REG_RESOURCE_LIST = 0x08,
|
|
|
dd89bb |
NT_REG_FULL_RESOURCE_DESCRIPTOR = 0x09,
|
|
|
dd89bb |
NT_REG_RESOURCE_REQUIREMENTS_LIST = 0x0A,
|
|
|
dd89bb |
NT_REG_QWORD = 0x0B,
|
|
|
dd89bb |
NT_REG_QWORD_LITTLE_ENDIAN = 0x0B,
|
|
|
dd89bb |
} nt_registry_types;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_key_info_class {
|
|
|
dd89bb |
NT_KEY_BASIC_INFORMATION,
|
|
|
dd89bb |
NT_KEY_NODE_INFORMATION,
|
|
|
dd89bb |
NT_KEY_FULL_INFORMATION,
|
|
|
dd89bb |
NT_KEY_NAME_INFORMATION,
|
|
|
dd89bb |
} nt_key_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_key_value_info_class {
|
|
|
dd89bb |
NT_KEY_VALUE_BASIC_INFORMATION,
|
|
|
dd89bb |
NT_KEY_VALUE_FULL_INFORMATION,
|
|
|
dd89bb |
NT_KEY_VALUE_PARTIAL_INFORMATION,
|
|
|
dd89bb |
NT_KEY_VALUE_FULL_INFORMATION_ALIGN64,
|
|
|
dd89bb |
} nt_key_value_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_key_set_info_class {
|
|
|
dd89bb |
NT_KEY_LAST_WRITE_TIME_INFORMATION = 0
|
|
|
dd89bb |
} nt_key_set_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry key access bits */
|
|
|
dd89bb |
#define NT_KEY_QUERY_VALUE 0x00000001
|
|
|
dd89bb |
#define NT_KEY_SET_VALUE 0x00000002
|
|
|
dd89bb |
#define NT_KEY_CREATE_SUB_NT_KEY 0x00000004
|
|
|
dd89bb |
#define NT_KEY_ENUMERATE_SUB_NT_KEYS 0x00000008
|
|
|
dd89bb |
#define NT_KEY_NOTIFY 0x00000010
|
|
|
dd89bb |
#define NT_KEY_CREATE_LINK 0x00000020
|
|
|
dd89bb |
#define NT_KEY_WOW64_64NT_KEY 0x00000100
|
|
|
dd89bb |
#define NT_KEY_WOW64_32NT_KEY 0x00000200
|
|
|
dd89bb |
#define NT_KEY_WRITE 0x00020006
|
|
|
dd89bb |
#define NT_KEY_READ 0x00020019
|
|
|
dd89bb |
#define NT_KEY_EXECUTE 0x00020019
|
|
|
dd89bb |
#define NT_KEY_ALL_ACCESS 0x000F003F
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry option bits */
|
|
|
dd89bb |
#define NT_REG_OPTION_NON_VOLATILE 0x00000000L
|
|
|
dd89bb |
#define NT_REG_OPTION_VOLATILE 0x00000001L
|
|
|
dd89bb |
#define NT_REG_OPTION_CREATE_LINK 0x00000002L
|
|
|
dd89bb |
#define NT_REG_OPTION_BACKUP_RESTORE 0x00000004L
|
|
|
dd89bb |
#define NT_REG_OPTION_OPEN_LINK 0x00000008L
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry hive option bits */
|
|
|
dd89bb |
#define NT_REG_WHOLE_HIVE_VOLATILE 0x00000001L
|
|
|
dd89bb |
#define NT_REG_REFRESH_HIVE 0x00000002L
|
|
|
dd89bb |
#define NT_REG_NO_LAZY_FLUSH 0x00000004L
|
|
|
dd89bb |
#define NT_REG_FORCE_RESTORE 0x00000008L
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry disposition bits */
|
|
|
dd89bb |
#define NT_REG_CREATED_NEW_KEY 0x00000000L
|
|
|
dd89bb |
#define NT_REG_OPENED_EXISTING_KEY 0x00000001L
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry monitor bits */
|
|
|
dd89bb |
#define NT_REG_MONITOR_SINGLE_KEY 0x0000
|
|
|
dd89bb |
#define NT_REG_MONITOR_SECOND_KEY 0x0001
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* registry key notification bits */
|
|
|
dd89bb |
#define NT_REG_NOTIFY_CHANGE_NAME 0x00000001L
|
|
|
dd89bb |
#define NT_REG_NOTIFY_CHANGE_ATTRIBUTES 0x00000002L
|
|
|
dd89bb |
#define NT_REG_NOTIFY_CHANGE_LAST_SET 0x00000004L
|
|
|
dd89bb |
#define NT_REG_NOTIFY_CHANGE_SECURITY 0x00000008L
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_REG_LEGAL_CHANGE_FILTER NT_REG_NOTIFY_CHANGE_NAME \
|
|
|
dd89bb |
| NT_REG_NOTIFY_CHANGE_ATTRIBUTES \
|
|
|
dd89bb |
| NT_REG_NOTIFY_CHANGE_LAST_SET \
|
|
|
dd89bb |
| NT_REG_NOTIFY_CHANGE_SECURITY
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_basic_information {
|
|
|
dd89bb |
nt_large_integer last_write_time;
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t name_length;
|
|
|
dd89bb |
wchar16_t name[];
|
|
|
dd89bb |
} nt_key_basic_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_node_information {
|
|
|
dd89bb |
nt_large_integer last_write_time;
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t class_offset;
|
|
|
dd89bb |
uint32_t class_length;
|
|
|
dd89bb |
uint32_t name_length;
|
|
|
dd89bb |
wchar16_t name[];
|
|
|
dd89bb |
} nt_key_node_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_full_information {
|
|
|
dd89bb |
nt_large_integer last_write_time;
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t class_offset;
|
|
|
dd89bb |
uint32_t class_length;
|
|
|
dd89bb |
uint32_t sub_keys;
|
|
|
dd89bb |
uint32_t max_name_len;
|
|
|
dd89bb |
uint32_t max_class_len;
|
|
|
dd89bb |
uint32_t values;
|
|
|
dd89bb |
uint32_t max_value_name_len;
|
|
|
dd89bb |
uint32_t max_value_data_len;
|
|
|
dd89bb |
wchar16_t kclass[];
|
|
|
dd89bb |
} nt_key_full_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_name_information {
|
|
|
dd89bb |
uint32_t name_length;
|
|
|
dd89bb |
wchar16_t name[];
|
|
|
dd89bb |
} nt_key_name_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_value_basic_information {
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t type;
|
|
|
dd89bb |
uint32_t name_length;
|
|
|
dd89bb |
wchar16_t name[];
|
|
|
3bbdf0 |
} nt_key_value_basic_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_value_full_information {
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t type;
|
|
|
dd89bb |
uint32_t data_offset;
|
|
|
dd89bb |
uint32_t data_length;
|
|
|
dd89bb |
uint32_t name_length;
|
|
|
dd89bb |
wchar16_t name[];
|
|
|
dd89bb |
} nt_key_value_full_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_value_partial_information {
|
|
|
dd89bb |
uint32_t title_index;
|
|
|
dd89bb |
uint32_t type;
|
|
|
dd89bb |
uint32_t data_length;
|
|
|
dd89bb |
unsigned char data[];
|
|
|
dd89bb |
} nt_key_value_partial_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_value_entry {
|
|
|
dd89bb |
nt_unicode_string * value_name;
|
|
|
dd89bb |
uint32_t data_length;
|
|
|
dd89bb |
uint32_t data_offset;
|
|
|
dd89bb |
uint32_t type;
|
|
|
dd89bb |
} nt_key_value_entry;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_key_last_write_time_information {
|
|
|
dd89bb |
nt_large_integer last_write_time;
|
|
|
dd89bb |
} nt_key_last_write_time_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_create_key(
|
|
|
dd89bb |
__out void ** hkey,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr,
|
|
|
dd89bb |
__in uint32_t title_index,
|
|
|
dd89bb |
__in nt_unicode_string * reg_class __optional,
|
|
|
dd89bb |
__in uint32_t create_options,
|
|
|
dd89bb |
__out uint32_t * disposition __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_open_key(
|
|
|
dd89bb |
__out void ** hkey,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_delete_key(
|
|
|
dd89bb |
__in void * hkey);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_flush_key(
|
|
|
dd89bb |
__in void * hkey);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_save_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in void * hfile);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_save_merged_keys(
|
|
|
dd89bb |
__in void * hkey_1st,
|
|
|
dd89bb |
__in void * hkey_2nd,
|
|
|
dd89bb |
__in void * hfile);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_restore_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in void * hfile,
|
|
|
dd89bb |
__in uint32_t flags);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_load_key(
|
|
|
dd89bb |
__in nt_object_attributes key_obj_attr,
|
|
|
dd89bb |
__in nt_object_attributes file_obj_attr);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_load_key2(
|
|
|
dd89bb |
__in nt_object_attributes key_obj_attr,
|
|
|
dd89bb |
__in nt_object_attributes file_obj_attr,
|
|
|
dd89bb |
__in uint32_t flags);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_unload_key(
|
|
|
dd89bb |
__in nt_object_attributes key_obj_attr);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_open_sub_keys(
|
|
|
dd89bb |
__in nt_object_attributes key_obj_attr,
|
|
|
dd89bb |
__out uint32_t * number_of_keys);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_replace_key(
|
|
|
dd89bb |
__in nt_object_attributes new_file_obj_attr,
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_object_attributes old_file_obj_attr);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_information_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_key_set_info_class key_info_class,
|
|
|
dd89bb |
__in void * key_info,
|
|
|
dd89bb |
__in uint32_t key_info_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_key_info_class key_info_class,
|
|
|
dd89bb |
__out void * key_info,
|
|
|
dd89bb |
__in uint32_t key_info_length,
|
|
|
dd89bb |
__out uint32_t * result_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_enumerate_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in uint32_t index,
|
|
|
dd89bb |
__in nt_key_info_class key_info_class,
|
|
|
dd89bb |
__out void * key_info,
|
|
|
dd89bb |
__in uint32_t key_info_length,
|
|
|
dd89bb |
__out uint32_t * result_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_notify_change_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in void * hevent __optional,
|
|
|
dd89bb |
__in nt_io_apc_routine * apc_routine __optional,
|
|
|
dd89bb |
__in void * apc_context __optional,
|
|
|
dd89bb |
__out nt_io_status_block * io_status_block,
|
|
|
dd89bb |
__in uint32_t notify_filter,
|
|
|
dd89bb |
__in unsigned char watch_subtree,
|
|
|
dd89bb |
__in void * buffer,
|
|
|
dd89bb |
__in uint32_t buffer_length,
|
|
|
dd89bb |
__in unsigned char asynchronous);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_notify_change_multiple_keys(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in uint32_t flags,
|
|
|
dd89bb |
__in nt_object_attributes * key_obj_attr,
|
|
|
dd89bb |
__in void * hevent __optional,
|
|
|
dd89bb |
__in nt_io_apc_routine * apc_routine __optional,
|
|
|
dd89bb |
__in void * apc_context __optional,
|
|
|
dd89bb |
__out nt_io_status_block * io_status_block,
|
|
|
dd89bb |
__in uint32_t notify_filter,
|
|
|
dd89bb |
__in unsigned char watch_subtree,
|
|
|
dd89bb |
__in void * buffer,
|
|
|
dd89bb |
__in uint32_t buffer_length,
|
|
|
dd89bb |
__in unsigned char asynchronous);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_delete_value_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_unicode_string * value_name);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_value_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_unicode_string * value_name,
|
|
|
dd89bb |
__in uint32_t title_index,
|
|
|
dd89bb |
__in uint32_t type,
|
|
|
dd89bb |
__in void * data,
|
|
|
dd89bb |
__in uint32_t data_size);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_value_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in nt_unicode_string * value_name,
|
|
|
dd89bb |
__in nt_key_value_info_class key_value_info_class,
|
|
|
dd89bb |
__out void * key_value_info,
|
|
|
dd89bb |
__in uint32_t key_value_info_length,
|
|
|
dd89bb |
__out uint32_t * result_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_enumerate_value_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in uint32_t index,
|
|
|
dd89bb |
__in nt_key_value_info_class key_value_info_class,
|
|
|
dd89bb |
__out void * key_value_info,
|
|
|
dd89bb |
__in uint32_t key_value_info_length,
|
|
|
dd89bb |
__out uint32_t * result_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_multiple_value_key(
|
|
|
dd89bb |
__in void * hkey,
|
|
|
dd89bb |
__in_out nt_key_value_entry * value_list,
|
|
|
dd89bb |
__in uint32_t number_of_values,
|
|
|
dd89bb |
__out void * buffer,
|
|
|
dd89bb |
__in_out uint32_t * buffer_length,
|
|
|
dd89bb |
__out uint32_t * buffer_nedded);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_initialize_registry(
|
|
|
dd89bb |
__in unsigned char setup);
|
|
|
dd89bb |
|
|
|
dd89bb |
#endif
|