UID

title

description

old-location

tech.root

ms.date

keywords

ms.keywords

req.header

req.include-header

req.target-type

req.target-min-winverclnt

req.target-min-winversvr

req.kmdf-ver

req.umdf-ver

req.ddi-compliance

req.unicode-ansi

req.idl

req.max-support

req.namespace

req.assembly

req.type-library

req.lib

req.dll

req.irql

targetos

req.typenames

f1_keywords

topic_type

api_type

api_location

api_name

NS:wdm._REG_CREATE_KEY_INFORMATION_V1

_REG_CREATE_KEY_INFORMATION_V1 (wdm.h)

The REG_CREATE_KEY_INFORMATION_V1 structure contains information that a filter driver's RegistryCallback routine can use when a registry key is being created.

kernel\reg_create_key_information_v1.htm

kernel

04/30/2018

REG_CREATE_KEY_INFORMATION_V1 structure

*PREG_CREATE_KEY_INFORMATION_V1, *PREG_OPEN_KEY_INFORMATION_V1, PREG_CREATE_KEY_INFORMATION_V1, PREG_CREATE_KEY_INFORMATION_V1 structure pointer [Kernel-Mode Driver Architecture], PREG_OPEN_KEY_INFORMATION_V1, PREG_OPEN_KEY_INFORMATION_V1 structure pointer [Kernel-Mode Driver Architecture], REG_CREATE_KEY_INFORMATION_V1, REG_CREATE_KEY_INFORMATION_V1 structure [Kernel-Mode Driver Architecture], REG_OPEN_KEY_INFORMATION_V1, REG_OPEN_KEY_INFORMATION_V1 structure [Kernel-Mode Driver Architecture], _REG_CREATE_KEY_INFORMATION_V1, kernel.reg_create_key_information_v1, kstruct_d_79809cef-3593-4774-8407-c26c281735eb.xml, wdm/PREG_CREATE_KEY_INFORMATION_V1, wdm/PREG_OPEN_KEY_INFORMATION_V1, wdm/REG_CREATE_KEY_INFORMATION_V1, wdm/REG_OPEN_KEY_INFORMATION_V1

wdm.h

Wdm.h, Ntddk.h, Ntifs.h

Windows

Available on Windows 7 and later versions of the Windows operating systems.

Windows

REG_CREATE_KEY_INFORMATION_V1, REG_OPEN_KEY_INFORMATION_V1, *PREG_CREATE_KEY_INFORMATION_V1, *PREG_OPEN_KEY_INFORMATION_V1

_REG_CREATE_KEY_INFORMATION_V1

wdm/_REG_CREATE_KEY_INFORMATION_V1

PREG_CREATE_KEY_INFORMATION_V1

wdm/PREG_CREATE_KEY_INFORMATION_V1

REG_CREATE_KEY_INFORMATION_V1

wdm/REG_CREATE_KEY_INFORMATION_V1

APIRef

kbSyntax

HeaderDef

Wdm.h

_REG_CREATE_KEY_INFORMATION_V1

PREG_CREATE_KEY_INFORMATION_V1

REG_CREATE_KEY_INFORMATION_V1

_REG_CREATE_KEY_INFORMATION_V1 structure

-description

The REG_CREATE_KEY_INFORMATION_V1 structure contains information that a filter driver's RegistryCallback routine can use when a registry key is being created.

-struct-fields

-field CompleteName

A pointer to a UNICODE_STRING structure that contains the path of the new registry key. The path can be absolute or relative. If the path is absolute, this structure contains a fully qualified path that starts with the "\" character. For an absolute path, the RootObject member specifies the \REGISTRY key, which is the root directory of the registry tree. If the path is relative, the path starts with a character other than "\", and is relative to the key that is specified by the RootObject member.

-field RootObject

A pointer to a registry key object that represents the root registry key for the path that is specified by the CompleteName member.

-field ObjectType

This member is reserved for use by the operating system. Drivers must not access this member.

-field Options

Specifies the options for the key-create routine to use to create or open the new key. For more information, see the description of the CreateOptions parameter of the ZwCreateKey routine and the description of the OpenOptions parameter of the ZwOpenKeyEx routine.

-field Class

A pointer to a UNICODE_STRING structure that identifies the object class of the new key. For more information about this member, see the Class parameter of the ZwCreateKey routine. This pointer value can be NULL.

-field SecurityDescriptor

A pointer to a SECURITY_DESCRIPTOR structure that contains security information for the key object. This pointer was obtained from the SecurityDescriptor member of the OBJECT_ATTRIBUTES structure that was passed as an input parameter in the call to create the new registry key.

-field SecurityQualityOfService

A pointer to a SECURITY_QUALITY_OF_SERVICE structure. This structure indicates whether a server can impersonate the client that is trying to create the registry key, and, if impersonation is permitted, the extent to which it is permitted.

-field DesiredAccess

The access mask that was specified by the thread that is trying to create the registry key. For more information about this access mask, see the description of the DesiredAccess parameter of the ZwCreateKey routine.

-field GrantedAccess

An access mask that indicates the access rights that were granted to the thread that is trying to create the registry key. For more information about this member, see the following Remarks section.

-field Disposition

A value that indicates whether the requested registry operation will create a new key or open an existing one. For more information about this member, see the description of the Disposition parameter of the ZwCreateKey routine and the following Remarks section.

-field ResultObject

A pointer to a location that receives the address of the key object that represents the created registry key.

-field CallContext

Optional driver-defined context information that the driver's RegistryCallback routine can supply.

-field RootObjectContext

A pointer to driver-defined context information that the driver has associated with the root of the path of the registry object by calling the CmSetCallbackObjectContext routine.

-field Transaction

A pointer to a transaction object for the registry operation. You can supply this pointer to the ObOpenObjectByPointer routine to obtain the corresponding transaction handle. If this member is NULL, the operation is being performed in non-transactional context.

-field Version

The structure version number. This member distinguishes the REG_CREATE_KEY_INFORMATION structure in Windows Vista from the REG_CREATE_KEY_INFORMATION_V1 structure in Windows 7 and later versions of Windows. The following version numbers are currently defined.

Version number	Version of structure
0	REG_CREATE_KEY_INFORMATION
1	REG_CREATE_KEY_INFORMATION_V1

Future versions of this structure might add new members but will not change the members that are already defined in existing versions of the structure. This member is defined in the REG_CREATE_KEY_INFORMATION_V1 structure that is supported in Windows 7 and later versions of the Windows operating systems. In the REG_CREATE_KEY_INFORMATION structure that Windows Vista supports, this member is named Reserved and is set to zero. Filter drivers should rely on the version number and not the operating system version to determine which version of the structure they are using.

-field RemainingName

A pointer to a UNICODE_STRING structure that contains the relative path of the new registry key. This member always expresses the path of the new key relative to the path of the key that is specified by the RootObject member. In contrast, the CompleteName member can contain an absolute path if the RootObject member specifies the \REGISTRY key.

-field Wow64Flags

Contains the Wow64 flags from the access mask that was passed as an input parameter in the call to create the new registry key. This member indicates whether a 32-bit client program that is running on a 64-bit version of Windows is trying to create a registry key. This member is set to zero or to one of the following flag bits:

KEY_WOW64_32KEY
KEY_WOW64_64KEY

These flag bits are defined in the Wdm.h and Winnt.h header files. For more information about these flags, see Registry Key Security and Access Rights.

-field Attributes

Contains the object-attribute flags from the Attributes member of the OBJECT_ATTRIBUTES structure that was passed as an input parameter in the call to create the new registry key. This member might contain one or more of the following flag bits:

OBJ_KERNEL_HANDLE
OBJ_FORCE_ACCESS_CHECK
OBJ_OPENLINK

For more information about these flags, see OBJECT_ATTRIBUTES.

-field CheckAccessMode

Indicates how the configuration manager performs the security access check for the call to create the new key. This member contains one of the following MODE enumeration values from the Wdm.h header file:

KernelMode
UserMode

This security check is similar to that performed by the SeAccessCheck routine, which has an AccessMode parameter that can be set to either UserMode or KernelMode. If CheckAccessMode is set to UserMode, the configuration manager performs a full security access check regardless of whether the call originated in user mode or kernel mode. For more information about how to force user-mode security access checks on a call that originates in kernel mode, see the description of the OBJ_FORCE_ACCESS_CHECK flag in the Attributes member of the OBJECT_ATTRIBUTES structure.

-remarks

The configuration manager passes this structure to the RegistryCallback routine every time that a thread tries to create a key—for example, when a user-mode thread calls RegCreateKey or RegCreateKeyEx, or when a kernel-mode driver calls ZwCreateKey.

This structure is an extended version of the REG_CREATE_KEY_INFORMATION structure that Windows Vista supports. The first 14 members, CompleteName through Transaction, are identical in the two structures. The last five members of the REG_CREATE_KEY_INFORMATION_V1 structure, Version through CheckAccessMode, are not part of the REG_CREATE_KEY_INFORMATION structure.

If the driver's RegistryCallback routine returns STATUS_CALLBACK_BYPASS for a RegNtPreCreateKeyEx notification, the driver must supply the values for the GrantedAccess, Disposition, and ResultObject members.

The REG_CREATE_KEY_INFORMATION_V1 structure is one of a number of structures that a filter driver can receive through its RegistryCallback routine. For more information about registry filtering operations, see Filtering Registry Calls.