Geoff Chappell, Software Analyst
Symbol files that Microsoft has published for Windows 8 and higher tell of user-mode code that is compiled with the NTREGAPI.H header at
The header NTREGAPI.H is not known to have been published by Microsoft. None of the types that it is known to define appear in any published header. NTREGAPI.H thus looks to be Microsoft’s private header for parts of the kernel’s Registry API that Microsoft regards as being for the use of its own user-mode binaries but of nobody else’s. The public parts are defined in the unpublished NTREGAPI_X.H and are shared with published headers such as WDM.H and WINNT.H.
The table below is of types that are defined in NTREGAPI.H as known from LF_UDT_MOD_SRC_LINE (0x1607) records in symbol files for the original release of Windows 10.
Do not miss that one of the symbol files that show access to these private definitions for the Registry API is URLMON.PDB. The corresponding binary is URLMON.DLL, which was introduced for Internet Explorer as long ago as 1996 and still has its version numbers in step with those of Internet Explorer. In 2002, Microsoft settled an anti-trust suit which had as one element that something called Microsoft middleware—Internet Explorer being specified as an example—should have no more access to any Windows interface than is available to competing software.
Clearly, the source code for Internet Explorer as built for Windows 8, and since, uses an essentially secret header for the user-mode interface that the kernel exposes for registry access. This source-code access contravenes any plain reading of the settlement. If it is new for Windows 8, then the settlement evidently did not constrain Microsoft for long. If Internet Explorer had this access at the time of the settlement, then Microsoft didn’t disclose it or the courts and regulators either missed it or excused it.