NtCloseObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTSEAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
NtCloseObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCloseObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif
View code on GitHub

Function NtCloseObjectAuditAlarm sends alarm to Event Log, section Security. Alarm informs about close user's created object.

SubsystemName

This string is sent to Event Log as the first parameter.

ObjectHandle

HANDLE to object, or NULL value.

GenerateOnClose

If set, event is generated.

Documented by

Tomasz Nowak

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub