#ifndef _NTOBAPI_H
//
// Objects, handles
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The NtClose routine closes the specified handle.
 *
 * @param Handle The handle being closed.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwclose
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtClose(
    _In_ _Post_ptr_invalid_ HANDLE Handle
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwClose(
    _In_ _Post_ptr_invalid_ HANDLE Handle
    );

#endif
View code on GitHub

Closes the specified kernel handle. This function is documented in Windows Driver Kit here and here.

Parameters

Handle - a handle to a kernel object.

Notable return values

STATUS_INVALID_HANDLE - an invalid handle value was specified.
STATUS_HANDLE_NOT_CLOSABLE - the provided handle is marked as protected from closing. See OBJ_PROTECT_CLOSE for more details.

Remarks

NtClose is one the few Native API functions that can raise exceptions instead of returning an error status code. See the exploit protection reference for a description of the mitigation that causes this behavior.

CloseHandle

NtClose - NtDoc

Parameters

Notable return values

Remarks

See also

Parameters

Notable return values

Remarks

Related Win32 API

See also