Advapi32 Functions
The Advapi32.dll library provides access to advanced Windows API functions, including registry operations, security and user management, and event logging.
Function Categories
Registry Functions
RegCreateKeyEx
Description: Creates a new key or opens an existing key in the registry.
Parameters:
HKEY hKey: A handle to an open registry key. This handle is obtained by calling the RegOpenKeyEx or RegCreateKeyEx function.
LPCTSTR lpSubKey: The name of the registry key to be opened or created.
DWORD Reserved: This parameter is reserved and must be zero.
LPTSTR lpClass: Buffer that receives a null-terminated string specifying the class of the specified key.
DWORD dwOptions: Specifies options for creating or opening the key.
REGSAM samDesired: A mask that specifies the access rights for the key to be opened.
LPSECURITY_ATTRIBUTES lpSecurityAttributes: Security attributes.
PHKEY phkResult: Pointer to a variable that receives a handle to the created or opened key.
Return Value: If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a non-zero error code defined in Winerror.h.
RegOpenKeyEx
Description: Opens an existing registry key. Applications should not call this function to create a registry key.
Parameters:
HKEY hKey: A handle to an open registry key. The key specified by the lpSubKey parameter must be an open key that is accessible to the handle.
LPCTSTR lpSubKey: The name of the registry key to be opened.
DWORD ulOptions: This parameter is reserved and must be zero.
REGSAM samDesired: A mask that specifies the access rights for the key to be opened.
PHKEY phkResult: Pointer to a variable that receives a handle to the opened key.
Return Value: If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a non-zero error code defined in Winerror.h.
RegGetValue
Description: Retrieves the type and data for the specified registry value.
Parameters:
HKEY hKey: A handle to an open registry key.
LPCTSTR lpSubKey: The path to the registry key.
LPCTSTR lpValueName: The name of the registry value to retrieve.
DWORD dwFlags: Flags that specify how to read the value.
LPDWORD pdwType: Pointer to a variable that receives the type code for the data.
PVOID pvData: Pointer to a buffer that receives the value's data.
LPDWORD pcbData: Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by the pvData parameter.
Return Value: If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a non-zero error code.
RegSetValueEx
Description: Copies a Specifies that the data for the specified value is copied to the specified registry key and stored with the specified extension type.
Parameters:
HKEY hKey: A handle to an open registry key.
LPCTSTR lpValueName: The name of the registry value to be set.
DWORD Reserved: Reserved for future use. Must be zero.
DWORD dwType: The type of data stored in the value.
CONST BYTE* lpData: Pointer to the buffer that contains the data to be stored.
DWORD cbData: Size, in bytes, of the data pointed to by the lpData parameter.
Return Value: If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a non-zero error code.
RegCloseKey
Description: Closes a handle to the specified registry key.
Parameters:
HKEY hKey: A handle to an open registry key.
Return Value: If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a non-zero error code.
Security Functions
AccessCheck
Description: Determines whether a security descriptor grants the requested access rights to an accessed security principal.
Parameters:
PSECURITY_DESCRIPTOR SecurityDescriptor: Pointer to the security descriptor.
HANDLE ClientToken: Handle to the access token for the client.
DWORD DesiredAccess: Access mask that specifies the requested access rights.
PGENERIC_MAPPING GenericMapping: Pointer to a GENERIC_MAPPING structure.
PPRIVILEGE_SET PrivilegeSet: Pointer to a PRIVILEGE_SET structure.
PACCESS_MASK AccessStatus: Pointer to an ACCESS_MASK value.
LPDWORD DesiredAccess: Pointer to a variable that receives the remaining access rights.
LPBOOL AccessStatus: Pointer to a variable that receives the result of the access check.
Return Value: If the function succeeds, it returns TRUE. If the function fails, it returns FALSE.
GetTokenInformation
Description: Retrieves various types of information from the specified access token.
Parameters:
HANDLE TokenHandle: Handle to the access token.
TOKEN_INFORMATION_CLASS TokenInformationClass: Specifies the type of information to retrieve.
PVOID TokenInformation: Pointer to a buffer that receives the information.
ULONG TokenInformationLength: Size of the buffer.
PULONG ReturnLength: Pointer to a variable that receives the required buffer size.
Return Value: If the function succeeds, it returns TRUE. If the function fails, it returns FALSE.
AdjustTokenPrivileges
Description: Enables or disables privileges in the specified access token of the calling process or process.
Parameters:
HANDLE TokenHandle: Handle to the access token.
BOOL DisableAllPrivileges: Indicates whether all privileges are disabled.
PTOKEN_PRIVILEGES NewState: Pointer to a TOKEN_PRIVILEGES structure.
DWORD PreviousStateLength: Size of the buffer for previous state.
PTOKEN_PRIVILEGES PreviousState: Pointer to a buffer that receives the previous state.
PDWORD ReturnLength: Pointer to a variable that receives the required buffer size.
Return Value: If the function succeeds, it returns TRUE. If the function fails, it returns FALSE.
Event Logging Functions
ReportEvent
Description: Writes an entry to the specified event log.
Parameters:
HANDLE EventLogHandle: Handle to the event log.
WORD EventType: Type of event to be logged.
WORD EventCategory: Category of the event.
DWORD EventID: Identifier for the event.
PSID pUserSid: Pointer to the SID of the user associated with the event.
WORD wNumStrings: Number of strings in the strings array.
DWORD dwDataSize: Size of the event data.
LPCTSTR* lpStrings: Pointer to an array of null-terminated strings.
LPVOID lpRawData: Pointer to the event data.
Return Value: If the function succeeds, the return value is TRUE. If the function fails, the return value is FALSE.
RegisterServiceControlHandlerEx
Description: Registers a function to handle service control requests and extended service control requests.
Parameters:
LPCTSTR lpServiceName: The name of the service.
LPHANDLER_FUNCTION_EX HandlerEx: Pointer to the handler function.
Return Value: If the function succeeds, it returns a service status handle. If the function fails, it returns zero.
Service Control Functions
StartService
Description: Starts a service or a dependent service.
Parameters:
SC_HANDLE hService: Handle to the service.
DWORD dwNumServiceArgs: Number of arguments to pass to the service.
LPCTSTR *lpServiceArgVectors: Pointer to an array of null-terminated strings.
Return Value: If the function succeeds, the return value is TRUE. If the function fails, the return value is FALSE.
ControlService
Description: Sends a control code to a service.
Parameters:
SC_HANDLE hService: Handle to the service.
DWORD dwControl: The control code to be sent to the service.
LPSERVICE_STATUS lpServiceStatus: Pointer to a SERVICE_STATUS structure.
Return Value: If the function succeeds, the return value is TRUE. If the function fails, the return value is FALSE.