Registry Key Object Routines
The Windows executive represents registry keys as executive objects that are managed by the object manager. (For more information about the object manager, see Object Management.) In particular, every key has an object name, and you can open a handle to a key.
User-mode applications access keys relative to global handles, such as HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER. However, these handles are not available to kernel-mode code. Instead, you refer to a key by its object name. The root for all registry keys is the \Registry object. The global handles correspond to descendants of the \Registry object, as shown in the following table.
| User-mode handle | Corresponding object name |
|---|---|
HKEY_LOCAL_MACHINE |
\Registry\Machine |
HKEY_USERS |
\Registry\User |
HKEY_CLASSES_ROOT |
No kernel-mode equivalent |
HKEY_CURRENT_USER |
No simple kernel-mode equivalent, but see Registry Run-Time Library Routines |
A driver can manipulate a registry-key object by performing the following steps:
Open a handle to the registry-key object. For more information, see Opening a Handle to a Registry-Key Object.
Perform the intended operations by calling the appropriate ZwXxxKey routines. For information about how to do so, see Using a Handle to a Registry-Key Object.
Close the handle by calling ZwClose.