/* When this hive file was last modified */
LARGE_INTEGER DateModified;
- /* Registry format version ? (1?) */
- ULONG Unused3;
+ /* Registry format major version (1) */
+ ULONG MajorVersion;
- /* Registry format version ? (3?) */
- ULONG Unused4;
+ /* Registry format minor version (3)
+ Version 3 added fast indexes, version 5 has large value optimizations */
+ ULONG MinorVersion;
- /* Registry format version ? (0?) */
- ULONG Unused5;
+ /* Registry file type (0 - Primary, 1 - Log) */
+ ULONG Type;
- /* Registry format version ? (1?) */
- ULONG Unused6;
+ /* Registry format (1 is the only defined value so far) */
+ ULONG Format;
/* Offset into file from the byte after the end of the base block.
If the hive is volatile, this is the actual pointer to the KEY_CELL */
ULONG Unused7;
/* Name of hive file */
- WCHAR FileName[64];
+ WCHAR FileName[48];
- /* ? */
- ULONG Unused8[83];
+ ULONG Reserved[99];
/* Checksum of first 0x200 bytes */
ULONG Checksum;
/* Size in bytes, multiple of the block size (4KB) */
ULONG BinSize;
- /* ? */
- ULONG Unused1;
+ ULONG Reserved[2];
/* When this bin was last modified */
LARGE_INTEGER DateModified;
- /* ? */
- ULONG Unused2;
+ /* ? (In-memory only) */
+ ULONG MemAlloc;
} HBIN, *PHBIN;
typedef struct _CELL_HEADER
extern ERESOURCE CmiRegistryLock;
-typedef enum _REG_NOTIFY_CLASS
-{
- RegNtDeleteKey,
- RegNtPreDeleteKey = RegNtDeleteKey,
- RegNtSetValueKey,
- RegNtPreSetValueKey = RegNtSetValueKey,
- RegNtDeleteValueKey,
- RegNtPreDeleteValueKey = RegNtDeleteValueKey,
- RegNtSetInformationKey,
- RegNtPreSetInformationKey = RegNtSetInformationKey,
- RegNtRenameKey,
- RegNtPreRenameKey = RegNtRenameKey,
- RegNtEnumerateKey,
- RegNtPreEnumerateKey = RegNtEnumerateKey,
- RegNtEnumerateValueKey,
- RegNtPreEnumerateValueKey = RegNtEnumerateValueKey,
- RegNtQueryKey,
- RegNtPreQueryKey = RegNtQueryKey,
- RegNtQueryValueKey,
- RegNtPreQueryValueKey = RegNtQueryValueKey,
- RegNtQueryMultipleValueKey,
- RegNtPreQueryMultipleValueKey = RegNtQueryMultipleValueKey,
- RegNtPreCreateKey,
- RegNtPostCreateKey,
- RegNtPreOpenKey,
- RegNtPostOpenKey,
- RegNtKeyHandleClose,
- RegNtPreKeyHandleClose = RegNtKeyHandleClose,
- RegNtPostDeleteKey,
- RegNtPostSetValueKey,
- RegNtPostDeleteValueKey,
- RegNtPostSetInformationKey,
- RegNtPostRenameKey,
- RegNtPostEnumerateKey,
- RegNtPostEnumerateValueKey,
- RegNtPostQueryKey,
- RegNtPostQueryValueKey,
- RegNtPostQueryMultipleValueKey,
- RegNtPostKeyHandleClose,
- RegNtPreCreateKeyEx,
- RegNtPostCreateKeyEx,
- RegNtPreOpenKeyEx,
- RegNtPostOpenKeyEx
-} REG_NOTIFY_CLASS, *PREG_NOTIFY_CLASS;
/* Registry Callback Function */
-typedef NTSTATUS (*PEX_CALLBACK_FUNCTION ) (
+typedef NTSTATUS (STDCALL *PEX_CALLBACK_FUNCTION ) (
IN PVOID CallbackContext,
IN REG_NOTIFY_CLASS Argument1,
IN PVOID Argument2
SECURITY_OPERATION_CODE OperationCode,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR SecurityDescriptor,
- PULONG BufferLength);
+ PULONG BufferLength,
+ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
+ POOL_TYPE PoolType,
+ PGENERIC_MAPPING GenericMapping);
NTSTATUS STDCALL
CmiObjectQueryName (PVOID ObjectBody,