NtCreateDirectoryObject - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTOBAPI_H
//
// Directory objects
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)
/**
* The NtCreateDirectoryObject routine creates or opens an object-directory object.
*
* @param DirectoryHandle Pointer to a HANDLE variable that receives a handle to the object directory.
* @param DesiredAccess An ACCESS_MASK that specifies the requested access to the directory object.
* @param ObjectAttributes The attributes for the directory object.
* @return NTSTATUS Successful or errant status.
* @sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwcreatedirectoryobject
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateDirectoryObject(
_Out_ PHANDLE DirectoryHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateDirectoryObject(
_Out_ PHANDLE DirectoryHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes
);
View code on GitHub// wdm.h
NTSYSAPI NTSTATUS ZwCreateDirectoryObject(
[out] PHANDLE DirectoryHandle,
[in] ACCESS_MASK DesiredAccess,
[in] POBJECT_ATTRIBUTES ObjectAttributes
);
View the official Windows Driver Kit DDI referenceNo description available.
The ZwCreateDirectoryObject routine creates or opens an object-directory object.
DirectoryHandle [out]Pointer to a HANDLE variable that receives a handle to the object directory.
DesiredAccess [in]Specifies an ACCESS_MASK value that determines the requested access to the object. In addition to the access rights that are defined for all types of objects (see ACCESS_MASK), the caller can specify one or more of the following access rights, which are specific to object directories:
| ACCESS_MASK flag | Type of access |
|---|---|
| DIRECTORY_QUERY | Query |
| DIRECTORY_TRAVERSE | Name lookup |
| DIRECTORY_CREATE_OBJECT | Name creation |
| DIRECTORY_CREATE_SUBDIRECTORY | Subdirectory creation |
| DIRECTORY_ALL_ACCESS | All of the preceding types |
ObjectAttributes [in]Pointer to an OBJECT_ATTRIBUTES structure that contains the object's attributes, which you must have already initialized by calling InitializeObjectAttributes.
ZwCreateDirectoryObject returns an NTSTATUS value. Possible return values include:
Once the handle pointed to by DirectoryHandle is no longer in use, the driver must call ZwClose to close it.
If the caller is not running in a system thread context, it must ensure that any handles it creates are private handles. Otherwise, the handle can be accessed by the process in whose context the driver is running. For more information, see Object Handles.
The system uses object directories to organize other types of objects, such as device objects. For more information, see Object Directories.
The system does not use object directory objects to represent file-system directories, which are represented instead as file objects.
If the call to this function occurs in user mode, you should use the name "NtCreateDirectoryObject" instead of "ZwCreateDirectoryObject".
For calls from kernel-mode drivers, the Nt*Xxx* and Zw*Xxx* versions of a Windows Native System Services routine can behave differently in the way that they handle and interpret input parameters. For more information about the relationship between the Nt*Xxx* and Zw*Xxx* versions of a routine, see Using Nt and Zw Versions of the Native System Services Routines.
Using Nt and Zw Versions of the Native System Services Routines
This function is documented in Windows Driver Kit.
Pointer to newly created Directory Object after function call.
As defined in <ntddk.h> can be one of following:
#define DIRECTORY_QUERY (0x0001)
#define DIRECTORY_TRAVERSE (0x0002)
#define DIRECTORY_CREATE_OBJECT (0x0004)
#define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
Pointer to object attributes. Structure must contain valid object name.