Blob Blame History Raw
#ifndef _NT_REGISTRY_H_
#define _NT_REGISTRY_H_

#include "nt_abi.h"
#include "nt_object.h"

typedef enum _nt_registry_types {
	NT_REG_NONE				= 0x00,
	NT_REG_SZ				= 0x01,
	NT_REG_EXPAND_SZ			= 0x02,
	NT_REG_BINARY				= 0x03,
	NT_REG_DWORD				= 0x04,
	NT_REG_DWORD_LITTLE_ENDIAN		= 0x04,
	NT_REG_DWORD_BIG_ENDIAN			= 0x05,
	NT_REG_LINK				= 0x06,
	NT_REG_MULTI_SZ				= 0x07,
	NT_REG_RESOURCE_LIST			= 0x08,
	NT_REG_FULL_RESOURCE_DESCRIPTOR		= 0x09,
	NT_REG_RESOURCE_REQUIREMENTS_LIST	= 0x0A,
	NT_REG_QWORD				= 0x0B,
	NT_REG_QWORD_LITTLE_ENDIAN		= 0x0B,
} nt_registry_types;


typedef enum _nt_key_info_class {
	NT_KEY_BASIC_INFORMATION,
	NT_KEY_NODE_INFORMATION,
	NT_KEY_FULL_INFORMATION,
	NT_KEY_NAME_INFORMATION,
} nt_key_info_class;


typedef enum _nt_key_value_info_class {
	NT_KEY_VALUE_BASIC_INFORMATION,
	NT_KEY_VALUE_FULL_INFORMATION,
	NT_KEY_VALUE_PARTIAL_INFORMATION,
	NT_KEY_VALUE_FULL_INFORMATION_ALIGN64,
} nt_key_value_info_class;


typedef enum _nt_key_set_info_class {
	NT_KEY_LAST_WRITE_TIME_INFORMATION	= 0
} nt_key_set_info_class;


/* registry key access bits */
#define NT_KEY_QUERY_VALUE		0x00000001
#define NT_KEY_SET_VALUE		0x00000002
#define NT_KEY_CREATE_SUB_NT_KEY	0x00000004
#define NT_KEY_ENUMERATE_SUB_NT_KEYS	0x00000008
#define NT_KEY_NOTIFY			0x00000010
#define NT_KEY_CREATE_LINK		0x00000020
#define NT_KEY_WOW64_64NT_KEY		0x00000100
#define NT_KEY_WOW64_32NT_KEY		0x00000200
#define NT_KEY_WRITE			0x00020006
#define NT_KEY_READ			0x00020019
#define NT_KEY_EXECUTE			0x00020019
#define NT_KEY_ALL_ACCESS		0x000F003F


/* registry option bits */
#define NT_REG_OPTION_NON_VOLATILE	0x00000000L
#define NT_REG_OPTION_VOLATILE		0x00000001L
#define NT_REG_OPTION_CREATE_LINK	0x00000002L
#define NT_REG_OPTION_BACKUP_RESTORE	0x00000004L
#define NT_REG_OPTION_OPEN_LINK		0x00000008L


/* registry hive option bits */
#define NT_REG_WHOLE_HIVE_VOLATILE	0x00000001L
#define NT_REG_REFRESH_HIVE		0x00000002L
#define NT_REG_NO_LAZY_FLUSH		0x00000004L
#define NT_REG_FORCE_RESTORE		0x00000008L


/* registry disposition bits */
#define NT_REG_CREATED_NEW_KEY		0x00000000L
#define NT_REG_OPENED_EXISTING_KEY	0x00000001L


/* registry monitor bits */
#define NT_REG_MONITOR_SINGLE_KEY	0x0000
#define NT_REG_MONITOR_SECOND_KEY	0x0001


/* registry key notification bits */
#define NT_REG_NOTIFY_CHANGE_NAME	0x00000001L
#define NT_REG_NOTIFY_CHANGE_ATTRIBUTES	0x00000002L
#define NT_REG_NOTIFY_CHANGE_LAST_SET	0x00000004L
#define NT_REG_NOTIFY_CHANGE_SECURITY	0x00000008L

#define NT_REG_LEGAL_CHANGE_FILTER	NT_REG_NOTIFY_CHANGE_NAME \
					| NT_REG_NOTIFY_CHANGE_ATTRIBUTES \
					| NT_REG_NOTIFY_CHANGE_LAST_SET \
					| NT_REG_NOTIFY_CHANGE_SECURITY


typedef struct _nt_key_basic_information {
	nt_large_integer	last_write_time;
	uint32_t		title_index;
	uint32_t		name_length;
	wchar16_t		name[];
} nt_key_basic_information;


typedef struct _nt_key_node_information {
	nt_large_integer	last_write_time;
	uint32_t		title_index;
	uint32_t		class_offset;
	uint32_t		class_length;
	uint32_t		name_length;
	wchar16_t		name[];
} nt_key_node_information;


typedef struct _nt_key_full_information {
	nt_large_integer	last_write_time;
	uint32_t		title_index;
	uint32_t		class_offset;
	uint32_t		class_length;
	uint32_t		sub_keys;
	uint32_t		max_name_len;
	uint32_t		max_class_len;
	uint32_t		values;
	uint32_t		max_value_name_len;
	uint32_t		max_value_data_len;
	wchar16_t		kclass[];
} nt_key_full_information;


typedef struct _nt_key_name_information {
	uint32_t	name_length;
	wchar16_t	name[];
} nt_key_name_information;


typedef struct _nt_key_value_basic_information {
	uint32_t	title_index;
	uint32_t	type;
	uint32_t	name_length;
	wchar16_t	name[];
} _nt_key_value_basic_information;


typedef struct _nt_key_value_full_information {
	uint32_t	title_index;
	uint32_t	type;
	uint32_t	data_offset;
	uint32_t	data_length;
	uint32_t	name_length;
	wchar16_t	name[];
} nt_key_value_full_information;


typedef struct _nt_key_value_partial_information {
	uint32_t	title_index;
	uint32_t	type;
	uint32_t	data_length;
	unsigned char	data[];
} nt_key_value_partial_information;


typedef struct _nt_key_value_entry {
	nt_unicode_string *	value_name;
	uint32_t		data_length;
	uint32_t		data_offset;
	uint32_t		type;
} nt_key_value_entry;


typedef struct _nt_key_last_write_time_information {
	nt_large_integer	last_write_time;
} nt_key_last_write_time_information;


typedef int32_t	__stdcall ntapi_zw_create_key(
	__out	void **			hkey,
	__in	uint32_t		desired_access,
	__in	nt_object_attributes *	obj_attr,
	__in	uint32_t		title_index,
	__in	nt_unicode_string *	reg_class	__optional,
	__in	uint32_t		create_options,
	__out	uint32_t *		disposition	__optional);


typedef int32_t	__stdcall ntapi_zw_open_key(
	__out	void **			hkey,
	__in	uint32_t		desired_access,
	__in	nt_object_attributes *	obj_attr);


typedef int32_t	__stdcall ntapi_zw_delete_key(
	__in	void *	hkey);


typedef int32_t	__stdcall ntapi_zw_flush_key(
	__in	void *	hkey);


typedef int32_t	__stdcall ntapi_zw_save_key(
	__in	void *	hkey,
	__in	void *	hfile);


typedef int32_t	__stdcall ntapi_zw_save_merged_keys(
	__in	void *	hkey_1st,
	__in	void *	hkey_2nd,
	__in	void *	hfile);


typedef int32_t	__stdcall ntapi_zw_restore_key(
	__in	void *		hkey,
	__in	void *		hfile,
	__in	uint32_t	flags);


typedef int32_t	__stdcall ntapi_zw_load_key(
	__in	nt_object_attributes	key_obj_attr,
	__in	nt_object_attributes	file_obj_attr);


typedef int32_t	__stdcall ntapi_zw_load_key2(
	__in	nt_object_attributes	key_obj_attr,
	__in	nt_object_attributes	file_obj_attr,
	__in	uint32_t		flags);


typedef int32_t	__stdcall ntapi_zw_unload_key(
	__in	nt_object_attributes	key_obj_attr);


typedef int32_t	__stdcall ntapi_zw_query_open_sub_keys(
	__in	nt_object_attributes	key_obj_attr,
	__out	uint32_t *		number_of_keys);


typedef int32_t	__stdcall ntapi_zw_replace_key(
	__in	nt_object_attributes	new_file_obj_attr,
	__in	void *			hkey,
	__in	nt_object_attributes	old_file_obj_attr);


typedef int32_t	__stdcall ntapi_zw_set_information_key(
	__in	void *			hkey,
	__in	nt_key_set_info_class	key_info_class,
	__in	void *			key_info,
	__in	uint32_t		key_info_length);


typedef int32_t	__stdcall ntapi_zw_query_key(
	__in	void *			hkey,
	__in	nt_key_info_class	key_info_class,
	__out	void *			key_info,
	__in	uint32_t		key_info_length,
	__out	uint32_t *		result_length);


typedef int32_t	__stdcall ntapi_zw_enumerate_key(
	__in	void *			hkey,
	__in	uint32_t		index,
	__in	nt_key_info_class	key_info_class,
	__out	void *			key_info,
	__in	uint32_t		key_info_length,
	__out	uint32_t *		result_length);


typedef int32_t	__stdcall ntapi_zw_notify_change_key(
	__in	void *			hkey,
	__in	void *			hevent		__optional,
	__in	nt_io_apc_routine *	apc_routine	__optional,
	__in	void *			apc_context	__optional,
	__out	nt_io_status_block *	io_status_block,
	__in	uint32_t		notify_filter,
	__in	unsigned char		watch_subtree,
	__in	void *			buffer,
	__in	uint32_t		buffer_length,
	__in	unsigned char		asynchronous);


typedef int32_t	__stdcall ntapi_zw_notify_change_multiple_keys(
	__in	void *			hkey,
	__in	uint32_t		flags,
	__in	nt_object_attributes *	key_obj_attr,
	__in	void *			hevent		__optional,
	__in	nt_io_apc_routine *	apc_routine	__optional,
	__in	void *			apc_context	__optional,
	__out	nt_io_status_block *	io_status_block,
	__in	uint32_t		notify_filter,
	__in	unsigned char		watch_subtree,
	__in	void *			buffer,
	__in	uint32_t		buffer_length,
	__in	unsigned char		asynchronous);


typedef int32_t	__stdcall ntapi_zw_delete_value_key(
	__in	void *			hkey,
	__in	nt_unicode_string *	value_name);


typedef int32_t	__stdcall ntapi_zw_set_value_key(
	__in	void *			hkey,
	__in	nt_unicode_string *	value_name,
	__in	uint32_t		title_index,
	__in	uint32_t		type,
	__in	void *			data,
	__in	uint32_t		data_size);


typedef int32_t	__stdcall ntapi_zw_query_value_key(
	__in	void *			hkey,
	__in	nt_unicode_string *	value_name,
	__in	nt_key_value_info_class	key_value_info_class,
	__out	void *			key_value_info,
	__in	uint32_t		key_value_info_length,
	__out	uint32_t *		result_length);


typedef int32_t	__stdcall ntapi_zw_enumerate_value_key(
	__in	void *			hkey,
	__in	uint32_t		index,
	__in	nt_key_value_info_class	key_value_info_class,
	__out	void *			key_value_info,
	__in	uint32_t		key_value_info_length,
	__out	uint32_t *		result_length);


typedef int32_t	__stdcall ntapi_zw_query_multiple_value_key(
	__in		void *			hkey,
	__in_out	nt_key_value_entry *	value_list,
	__in		uint32_t		number_of_values,
	__out		void *			buffer,
	__in_out	uint32_t *		buffer_length,
	__out		uint32_t *		buffer_nedded);


typedef int32_t	__stdcall ntapi_zw_initialize_registry(
	__in	unsigned char	setup);

#endif