KeyInformation parameter of NtEnumerateKey()

0

I'm curious to know how the KeyInformation parameter should be passed to NtEnumerateKey(). When I run the following code, NtEnumerateKey() returns NTSTATUS = 0xC000000D with the error message "An invalid parameter was passed to a service or function."

I'm using Windows 7. Although the following code uses Delphi language, you can answer my question in C language too. My question is not specific to a programming language.

type
  KEY_NAME_INFORMATION = record
    NameLength: ULONG;
    Name: array[0..254] of WCHAR;
  end;
  PKEY_NAME_INFORMATION = ^KEY_NAME_INFORMATION;

var
  iNtStatus: LONG;
  hKeyResult: THandle;
  KeyNameInfo: KEY_NAME_INFORMATION;
  iResultLen: ULONG;

iNtStatus := NtOpenKey(@hKeyResult, (KEY_ENUMERATE_SUB_KEYS) and not
    SYNCHRONIZE, @rObjAttrs);
if hKeyResult = 0 then Exit;

iNtStatus := NtEnumerateKey(hKeyResult,
    0,
    KeyNameInformation,
    @KeyNameInfo,                 // I'm asking about this parameter,
    SizeOf(KEY_NAME_INFORMATION), // and also this parameter
    @iResultLen);

UPDATED: Weird Thing

If I pass KeyBasicInformation instead of KeyNameInformation, NtEnumerateKey() returns STATUS_SUCCESS. Does not NtEnumerateKey() support the KeyNameInformation?

type
  KEY_BASIC_INFORMATION = record
    LastWriteTime: LARGE_INTEGER;
    TitleIndex: ULONG;
    NameLength: ULONG;
    Name: array[0..254] of WCHAR;
  end;
  PKEY_BASIC_INFORMATION = ^KEY_BASIC_INFORMATION;

var
  KeyBasicInfo: KEY_BASIC_INFORMATION;

iNtStatus := NtEnumerateKey(hKeyResult,
    0,
    KeyBasicInformation,           // Note this!
    @KeyBasicInfo,                 // Note this!
    SizeOf(KEY_BASIC_INFORMATION), // Note this!
    @iResultLen);
c++
c
windows
delphi
winapi
asked on Stack Overflow Oct 6, 2012 by Astaroth • edited Oct 6, 2012 by Astaroth

1 Answer

2

If you look at the documentation of Zw(Nt for usermode)EnumerateKey you'll see

NTSTATUS ZwEnumerateKey(
  _In_       HANDLE KeyHandle,
  _In_       ULONG Index,
  _In_       KEY_INFORMATION_CLASS KeyInformationClass,
  _Out_opt_  PVOID KeyInformation,
  _In_       ULONG Length,
  _Out_      PULONG ResultLength
);

Then if you look down at KeyInformationClass you'll see

KeyInformationClass [in]
Specifies a KEY_INFORMATION_CLASS enumeration value that determines the type of information to be received by the KeyInformation buffer. Set KeyInformationClass to one of the following values:
KeyBasicInformation
KeyFullInformation
KeyNodeInformation
If any value not in this list is specified, the routine returns error code STATUS_INVALID_PARAMETER.

You need to be using one of those 3

answered on Stack Overflow Oct 6, 2012 by Avery3R • edited Oct 6, 2012 by Avery3R

User contributions licensed under CC BY-SA 3.0