About ZwCreateKey.

OSR_Community_User · March 11, 2003, 9:13pm

I hooked ZwCreateKey function to monitor creation of registry key.
By the way, registry open operation as well as registry creat operation
seem to go via this function.
Is there any method that can distinguish create from open in the
ZwCreateKey function?

Any answer’ll be great appreciated!

Best regards.
csjung.

OSR_Community_User · March 11, 2003, 9:28pm

The last parameter, Disposition (if not NULL), will be set to either
REG_CREATED_NEW_KEY or REG_OPENED_EXISTING_KEY.

D

This posting is provided “AS IS” with no warranties, and confers no
rights

-----Original Message-----
From: Chang Sung. Jung [mailto:xxxxx@korea.com]
Sent: Tuesday, March 11, 2003 6:20 PM
To: NT Developers Interest List
Subject: [ntdev] About ZwCreateKey.

I hooked ZwCreateKey function to monitor creation of registry key.
By the way, registry open operation as well as registry creat operation
seem to go via this function.
Is there any method that can distinguish create from open in the
ZwCreateKey function?

Any answer’ll be great appreciated!

Best regards.
csjung.

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com