[myid]

There is a corresponding relationship between the ObjectType and Struct:
PsProcessType -> EPROCESS
PsThreadType -> ETHREAD
IoFileObjectType -> FILE_OBJECT
CmKeyObjectType -> ???

[EP_X0FF]

Pointer to OBJECT_TYPE

[myid]

Pointer to OBJECT_TYPE

Not this one.
Is a struct exist like FILE_OBJECT for CmKeyObjectType? Which struct include many information of RegKey. Like KeyName,KeyPath etc...

[EP_X0FF]

CM structures like CM_KEY_NODE, CM_KEY_VALUE and other CM_* are private and not accessible directly and Windows operates with them only from kernel private API. So answer is no.

[Vrtule]

Hello,

I think you are searching for CM_KEY_BODY. As EP already said, the structure is not documented and may change (and definitely does so) accross various Windows versions. If you want to see more of it, use the following WinDbg command:

Code: Select all

dt nt!_CM_KEY_BODY

Some structures, EHTREAD and EPROCESS for example, are just opaque ones. They their pointers are publicly declared as void pointers AFAIR so you get no additional information here. The situation is similar to the CM_KEY_BODY case.

[myid]

Thanks, Mr.Vrtule and EP_X0FF. :lol: