#ifndef _NT_REGISTRY_H_
#define _NT_REGISTRY_H_
#include "nt_abi.h"
#include "nt_object.h"
typedef enum _nt_registry_types {
NT_REG_NONE = 0x00,
NT_REG_SZ = 0x01,
NT_REG_EXPAND_SZ = 0x02,
NT_REG_BINARY = 0x03,
NT_REG_DWORD = 0x04,
NT_REG_DWORD_LITTLE_ENDIAN = 0x04,
NT_REG_DWORD_BIG_ENDIAN = 0x05,
NT_REG_LINK = 0x06,
NT_REG_MULTI_SZ = 0x07,
NT_REG_RESOURCE_LIST = 0x08,
NT_REG_FULL_RESOURCE_DESCRIPTOR = 0x09,
NT_REG_RESOURCE_REQUIREMENTS_LIST = 0x0A,
NT_REG_QWORD = 0x0B,
NT_REG_QWORD_LITTLE_ENDIAN = 0x0B,
} nt_registry_types;
typedef enum _nt_key_info_class {
NT_KEY_BASIC_INFORMATION,
NT_KEY_NODE_INFORMATION,
NT_KEY_FULL_INFORMATION,
NT_KEY_NAME_INFORMATION,
} nt_key_info_class;
typedef enum _nt_key_value_info_class {
NT_KEY_VALUE_BASIC_INFORMATION,
NT_KEY_VALUE_FULL_INFORMATION,
NT_KEY_VALUE_PARTIAL_INFORMATION,
NT_KEY_VALUE_FULL_INFORMATION_ALIGN64,
} nt_key_value_info_class;
typedef enum _nt_key_set_info_class {
NT_KEY_LAST_WRITE_TIME_INFORMATION = 0
} nt_key_set_info_class;
/* registry key access bits */
#define NT_KEY_QUERY_VALUE 0x00000001
#define NT_KEY_SET_VALUE 0x00000002
#define NT_KEY_CREATE_SUB_NT_KEY 0x00000004
#define NT_KEY_ENUMERATE_SUB_NT_KEYS 0x00000008
#define NT_KEY_NOTIFY 0x00000010
#define NT_KEY_CREATE_LINK 0x00000020
#define NT_KEY_WOW64_64NT_KEY 0x00000100
#define NT_KEY_WOW64_32NT_KEY 0x00000200
#define NT_KEY_WRITE 0x00020006
#define NT_KEY_READ 0x00020019
#define NT_KEY_EXECUTE 0x00020019
#define NT_KEY_ALL_ACCESS 0x000F003F
/* registry option bits */
#define NT_REG_OPTION_NON_VOLATILE 0x00000000L
#define NT_REG_OPTION_VOLATILE 0x00000001L
#define NT_REG_OPTION_CREATE_LINK 0x00000002L
#define NT_REG_OPTION_BACKUP_RESTORE 0x00000004L
#define NT_REG_OPTION_OPEN_LINK 0x00000008L
/* registry hive option bits */
#define NT_REG_WHOLE_HIVE_VOLATILE 0x00000001L
#define NT_REG_REFRESH_HIVE 0x00000002L
#define NT_REG_NO_LAZY_FLUSH 0x00000004L
#define NT_REG_FORCE_RESTORE 0x00000008L
/* registry disposition bits */
#define NT_REG_CREATED_NEW_KEY 0x00000000L
#define NT_REG_OPENED_EXISTING_KEY 0x00000001L
/* registry monitor bits */
#define NT_REG_MONITOR_SINGLE_KEY 0x0000
#define NT_REG_MONITOR_SECOND_KEY 0x0001
/* registry key notification bits */
#define NT_REG_NOTIFY_CHANGE_NAME 0x00000001L
#define NT_REG_NOTIFY_CHANGE_ATTRIBUTES 0x00000002L
#define NT_REG_NOTIFY_CHANGE_LAST_SET 0x00000004L
#define NT_REG_NOTIFY_CHANGE_SECURITY 0x00000008L
#define NT_REG_LEGAL_CHANGE_FILTER NT_REG_NOTIFY_CHANGE_NAME \
| NT_REG_NOTIFY_CHANGE_ATTRIBUTES \
| NT_REG_NOTIFY_CHANGE_LAST_SET \
| NT_REG_NOTIFY_CHANGE_SECURITY
typedef struct _nt_key_basic_information {
nt_large_integer last_write_time;
uint32_t title_index;
uint32_t name_length;
wchar16_t name[];
} nt_key_basic_information;
typedef struct _nt_key_node_information {
nt_large_integer last_write_time;
uint32_t title_index;
uint32_t class_offset;
uint32_t class_length;
uint32_t name_length;
wchar16_t name[];
} nt_key_node_information;
typedef struct _nt_key_full_information {
nt_large_integer last_write_time;
uint32_t title_index;
uint32_t class_offset;
uint32_t class_length;
uint32_t sub_keys;
uint32_t max_name_len;
uint32_t max_class_len;
uint32_t values;
uint32_t max_value_name_len;
uint32_t max_value_data_len;
wchar16_t kclass[];
} nt_key_full_information;
typedef struct _nt_key_name_information {
uint32_t name_length;
wchar16_t name[];
} nt_key_name_information;
typedef struct _nt_key_value_basic_information {
uint32_t title_index;
uint32_t type;
uint32_t name_length;
wchar16_t name[];
} _nt_key_value_basic_information;
typedef struct _nt_key_value_full_information {
uint32_t title_index;
uint32_t type;
uint32_t data_offset;
uint32_t data_length;
uint32_t name_length;
wchar16_t name[];
} nt_key_value_full_information;
typedef struct _nt_key_value_partial_information {
uint32_t title_index;
uint32_t type;
uint32_t data_length;
unsigned char data[];
} nt_key_value_partial_information;
typedef struct _nt_key_value_entry {
nt_unicode_string * value_name;
uint32_t data_length;
uint32_t data_offset;
uint32_t type;
} nt_key_value_entry;
typedef struct _nt_key_last_write_time_information {
nt_large_integer last_write_time;
} nt_key_last_write_time_information;
typedef int32_t __stdcall ntapi_zw_create_key(
__out void ** hkey,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr,
__in uint32_t title_index,
__in nt_unicode_string * reg_class __optional,
__in uint32_t create_options,
__out uint32_t * disposition __optional);
typedef int32_t __stdcall ntapi_zw_open_key(
__out void ** hkey,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr);
typedef int32_t __stdcall ntapi_zw_delete_key(
__in void * hkey);
typedef int32_t __stdcall ntapi_zw_flush_key(
__in void * hkey);
typedef int32_t __stdcall ntapi_zw_save_key(
__in void * hkey,
__in void * hfile);
typedef int32_t __stdcall ntapi_zw_save_merged_keys(
__in void * hkey_1st,
__in void * hkey_2nd,
__in void * hfile);
typedef int32_t __stdcall ntapi_zw_restore_key(
__in void * hkey,
__in void * hfile,
__in uint32_t flags);
typedef int32_t __stdcall ntapi_zw_load_key(
__in nt_object_attributes key_obj_attr,
__in nt_object_attributes file_obj_attr);
typedef int32_t __stdcall ntapi_zw_load_key2(
__in nt_object_attributes key_obj_attr,
__in nt_object_attributes file_obj_attr,
__in uint32_t flags);
typedef int32_t __stdcall ntapi_zw_unload_key(
__in nt_object_attributes key_obj_attr);
typedef int32_t __stdcall ntapi_zw_query_open_sub_keys(
__in nt_object_attributes key_obj_attr,
__out uint32_t * number_of_keys);
typedef int32_t __stdcall ntapi_zw_replace_key(
__in nt_object_attributes new_file_obj_attr,
__in void * hkey,
__in nt_object_attributes old_file_obj_attr);
typedef int32_t __stdcall ntapi_zw_set_information_key(
__in void * hkey,
__in nt_key_set_info_class key_info_class,
__in void * key_info,
__in uint32_t key_info_length);
typedef int32_t __stdcall ntapi_zw_query_key(
__in void * hkey,
__in nt_key_info_class key_info_class,
__out void * key_info,
__in uint32_t key_info_length,
__out uint32_t * result_length);
typedef int32_t __stdcall ntapi_zw_enumerate_key(
__in void * hkey,
__in uint32_t index,
__in nt_key_info_class key_info_class,
__out void * key_info,
__in uint32_t key_info_length,
__out uint32_t * result_length);
typedef int32_t __stdcall ntapi_zw_notify_change_key(
__in void * hkey,
__in void * hevent __optional,
__in nt_io_apc_routine * apc_routine __optional,
__in void * apc_context __optional,
__out nt_io_status_block * io_status_block,
__in uint32_t notify_filter,
__in unsigned char watch_subtree,
__in void * buffer,
__in uint32_t buffer_length,
__in unsigned char asynchronous);
typedef int32_t __stdcall ntapi_zw_notify_change_multiple_keys(
__in void * hkey,
__in uint32_t flags,
__in nt_object_attributes * key_obj_attr,
__in void * hevent __optional,
__in nt_io_apc_routine * apc_routine __optional,
__in void * apc_context __optional,
__out nt_io_status_block * io_status_block,
__in uint32_t notify_filter,
__in unsigned char watch_subtree,
__in void * buffer,
__in uint32_t buffer_length,
__in unsigned char asynchronous);
typedef int32_t __stdcall ntapi_zw_delete_value_key(
__in void * hkey,
__in nt_unicode_string * value_name);
typedef int32_t __stdcall ntapi_zw_set_value_key(
__in void * hkey,
__in nt_unicode_string * value_name,
__in uint32_t title_index,
__in uint32_t type,
__in void * data,
__in uint32_t data_size);
typedef int32_t __stdcall ntapi_zw_query_value_key(
__in void * hkey,
__in nt_unicode_string * value_name,
__in nt_key_value_info_class key_value_info_class,
__out void * key_value_info,
__in uint32_t key_value_info_length,
__out uint32_t * result_length);
typedef int32_t __stdcall ntapi_zw_enumerate_value_key(
__in void * hkey,
__in uint32_t index,
__in nt_key_value_info_class key_value_info_class,
__out void * key_value_info,
__in uint32_t key_value_info_length,
__out uint32_t * result_length);
typedef int32_t __stdcall ntapi_zw_query_multiple_value_key(
__in void * hkey,
__in_out nt_key_value_entry * value_list,
__in uint32_t number_of_values,
__out void * buffer,
__in_out uint32_t * buffer_length,
__out uint32_t * buffer_nedded);
typedef int32_t __stdcall ntapi_zw_initialize_registry(
__in unsigned char setup);
#endif