📄 ntregapi.h
字号:
/*++ BUILD Version: 0009 // Increment this if a change has global effects
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
ntregapi.h
Abstract:
This module contains the registration apis and related structures,
in the forms for use with the Nt api set (as opposed to the win api set).
Author:
Bryan M. Willman (bryanwi) 26-Aug-1991
Revision History:
--*/
#ifndef _NTREGAPI_
#define _NTREGAPI_
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {
#endif
//
// begin_winnt
//
// begin_ntddk begin_wdm begin_nthal
//
// Registry Specific Access Rights.
//
#define KEY_QUERY_VALUE (0x0001)
#define KEY_SET_VALUE (0x0002)
#define KEY_CREATE_SUB_KEY (0x0004)
#define KEY_ENUMERATE_SUB_KEYS (0x0008)
#define KEY_NOTIFY (0x0010)
#define KEY_CREATE_LINK (0x0020)
#define KEY_WOW64_32KEY (0x0200)
#define KEY_WOW64_64KEY (0x0100)
#define KEY_WOW64_RES (0x0300)
#define KEY_READ ((STANDARD_RIGHTS_READ |\
KEY_QUERY_VALUE |\
KEY_ENUMERATE_SUB_KEYS |\
KEY_NOTIFY) \
& \
(~SYNCHRONIZE))
#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
KEY_SET_VALUE |\
KEY_CREATE_SUB_KEY) \
& \
(~SYNCHRONIZE))
#define KEY_EXECUTE ((KEY_READ) \
& \
(~SYNCHRONIZE))
#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
KEY_QUERY_VALUE |\
KEY_SET_VALUE |\
KEY_CREATE_SUB_KEY |\
KEY_ENUMERATE_SUB_KEYS |\
KEY_NOTIFY |\
KEY_CREATE_LINK) \
& \
(~SYNCHRONIZE))
//
// Open/Create Options
//
#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
// when system is rebooted
#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
// when system is rebooted
#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
// symbolic link
#define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
// special access rules
// privilege required
#define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
#define REG_LEGAL_OPTION \
(REG_OPTION_RESERVED |\
REG_OPTION_NON_VOLATILE |\
REG_OPTION_VOLATILE |\
REG_OPTION_CREATE_LINK |\
REG_OPTION_BACKUP_RESTORE |\
REG_OPTION_OPEN_LINK)
//
// Key creation/open disposition
//
#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created
#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened
//
// hive format to be used by Reg(Nt)SaveKeyEx
//
#define REG_STANDARD_FORMAT 1
#define REG_LATEST_FORMAT 2
#define REG_NO_COMPRESSION 4
//
// Key restore flags
//
#define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile
#define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush
#define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive
#define REG_FORCE_RESTORE (0x00000008L) // Force the restore process even when we have open handles on subkeys
// end_ntddk end_wdm end_nthal
//
// Notify filter values
//
#define REG_NOTIFY_CHANGE_NAME (0x00000001L) // Create or delete (child)
#define REG_NOTIFY_CHANGE_ATTRIBUTES (0x00000002L)
#define REG_NOTIFY_CHANGE_LAST_SET (0x00000004L) // time stamp
#define REG_NOTIFY_CHANGE_SECURITY (0x00000008L)
#define REG_LEGAL_CHANGE_FILTER \
(REG_NOTIFY_CHANGE_NAME |\
REG_NOTIFY_CHANGE_ATTRIBUTES |\
REG_NOTIFY_CHANGE_LAST_SET |\
REG_NOTIFY_CHANGE_SECURITY)
//
// end_winnt
//
// Boot condition flags (for NtInitializeRegistry)
#define REG_INIT_BOOT_SM (0x0000) // Init called from SM after Autocheck, etc.
#define REG_INIT_BOOT_SETUP (0x0001) // Init called from text-mode setup
//
// Values to indicate that a standard Boot has been accepted by the Service Controller.
// The Boot information will be saved by NtInitializeRegistry to a registry ControlSet with an
//
// ID = [Given Boot Condition Value] - REG_INIT_BOOT_ACCEPTED_BASE
//
#define REG_INIT_BOOT_ACCEPTED_BASE (0x0002)
#define REG_INIT_BOOT_ACCEPTED_MAX REG_INIT_BOOT_ACCEPTED_BASE + 999
#define REG_INIT_MAX_VALID_CONDITION REG_INIT_BOOT_ACCEPTED_MAX
//
// registry limits for value name and key name
//
#define REG_MAX_KEY_VALUE_NAME_LENGTH 32767 // 32k - sanity limit for value name
#define REG_MAX_KEY_NAME_LENGTH 512 // allow for 256 unicode, as promise
// begin_ntddk begin_wdm begin_nthal
//
// Key query structures
//
typedef struct _KEY_BASIC_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
typedef struct _KEY_NODE_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
// Class[1]; // Variable length string not declared
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
typedef struct _KEY_FULL_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG MaxClassLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
WCHAR Class[1]; // Variable length
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
// end_wdm
typedef struct _KEY_NAME_INFORMATION {
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
typedef struct _KEY_CACHED_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
ULONG NameLength;
WCHAR Name[1]; // Variable length string
} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
typedef struct _KEY_FLAGS_INFORMATION {
ULONG UserFlags;
} KEY_FLAGS_INFORMATION, *PKEY_FLAGS_INFORMATION;
// begin_wdm
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation,
KeyNodeInformation,
KeyFullInformation
// end_wdm
,
KeyNameInformation,
KeyCachedInformation,
KeyFlagsInformation
// begin_wdm
} KEY_INFORMATION_CLASS;
typedef struct _KEY_WRITE_TIME_INFORMATION {
LARGE_INTEGER LastWriteTime;
} KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION;
typedef struct _KEY_USER_FLAGS_INFORMATION {
ULONG UserFlags;
} KEY_USER_FLAGS_INFORMATION, *PKEY_USER_FLAGS_INFORMATION;
typedef enum _KEY_SET_INFORMATION_CLASS {
KeyWriteTimeInformation,
KeyUserFlagsInformation
} KEY_SET_INFORMATION_CLASS;
//
// Value entry query structures
//
typedef struct _KEY_VALUE_BASIC_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG NameLength;
WCHAR Name[1]; // Variable size
} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
typedef struct _KEY_VALUE_FULL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataOffset;
ULONG DataLength;
ULONG NameLength;
WCHAR Name[1]; // Variable size
// Data[1]; // Variable size data not declared
} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataLength;
UCHAR Data[1]; // Variable size
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
typedef struct _KEY_VALUE_PARTIAL_INFORMATION_ALIGN64 {
ULONG Type;
ULONG DataLength;
UCHAR Data[1]; // Variable size
} KEY_VALUE_PARTIAL_INFORMATION_ALIGN64, *PKEY_VALUE_PARTIAL_INFORMATION_ALIGN64;
typedef struct _KEY_VALUE_ENTRY {
PUNICODE_STRING ValueName;
ULONG DataLength;
ULONG DataOffset;
ULONG Type;
} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
typedef enum _KEY_VALUE_INFORMATION_CLASS {
KeyValueBasicInformation,
KeyValueFullInformation,
KeyValuePartialInformation,
KeyValueFullInformationAlign64,
KeyValuePartialInformationAlign64
} KEY_VALUE_INFORMATION_CLASS;
// end_ntddk end_wdm end_nthal
//
// Notify return structures
//
typedef enum _REG_ACTION {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -