#ifndef _NTOBAPI_H
// Objects, handles
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtClose(
    _In_ _Post_ptr_invalid_ HANDLE Handle
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwClose(
    _In_ _Post_ptr_invalid_ HANDLE Handle
    );

#endif
View code on GitHub

Closes the specified kernel handle. This function is documented in Windows Driver Kit here and here.

Parameters

Handle - a handle to a kernel object.

Notable return values

STATUS_INVALID_HANDLE - an invalid handle value was specified.
STATUS_HANDLE_NOT_CLOSABLE - the provided handle is marked as protected from closing. See OBJ_PROTECT_CLOSE for more details.

Remarks

NtClose is one the few Native API functions that can raise exceptions instead of returning an error status code. See the exploit protection reference for a description of the mitigation that causes this behavior.

CloseHandle

NtClose - NtDoc

Parameters

Notable return values

Remarks

See also

Parameters

Notable return values

Remarks

Related Win32 API

See also