Question
I am currently investigating writing a windows kernel-mode driver, and in terms of registry access, I found RtlQueryRegistryValues on MSDN. However, while RtlQueryRegistryValues is good for querying actual registry values, I was wondering if there's a registry function for determining the number of subkeys of a given regkey? Again, I found RegQueryInfoKey on MSDN, but my understanding is that it's for user-mode applications. Is there an equivalent function for windows kernel-mode drivers?
Thanks.
Solution
You can use ZwXxx functions in the kernel mode, in particular, ZwQueryKey with KeyFullInformation parameter.
This API is quite similar to its NtXxx analogues, and you can use both API set in the kernel mode. The difference is that ZwXxx doesn't perform some access check and parameters validation, and thus runs a little faster.
For more information see this article
https://stackoverflow.com/questions/18711692
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian