Rediger

Del via


Registry Key Object Routines

The Windows executive represents registry keys as executive objects that are managed by the object manager. (For more information about the object manager, see Object Management.) In particular, every key has an object name, and you can open a handle to a key.

User-mode applications access keys relative to global handles, such as HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. However, these handles are not available to kernel-mode code. Instead, you refer to a key by its object name. The root for all registry keys is the \Registry object. The global handles correspond to descendants of the \Registry object, as shown in the following table.

User-mode handle Corresponding object name

HKEY_LOCAL_MACHINE

\Registry\Machine

HKEY_USERS

\Registry\User

HKEY_CLASSES_ROOT

No kernel-mode equivalent

HKEY_CURRENT_USER

No simple kernel-mode equivalent, but see Registry Run-Time Library Routines

A driver can manipulate a registry-key object by performing the following steps:

  1. Open a handle to the registry-key object. For more information, see Opening a Handle to a Registry-Key Object.

  2. Perform the intended operations by calling the appropriate ZwXxxKey routines. For information about how to do so, see Using a Handle to a Registry-Key Object.

  3. Close the handle by calling ZwClose.