NtDeleteFile - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTIOAPI_H

/**
 * The NtDeleteFile routine deletes the specified file.
 *
 * \param[in] ObjectAttributes Pointer to an OBJECT_ATTRIBUTES structure that contains the file's attributes, including file name.
 * \return NTSTATUS Successful or errant status.
 * \sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwdeletefile
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDeleteFile(
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDeleteFile(
    _In_ PCOBJECT_ATTRIBUTES ObjectAttributes
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit.

It's very interesting NT System Call... Normally, file deletion is realised as FileDispositionInformation class in a call to NtSetInformationFile. When you use NtDeleteFile, file will be deleted immediately after call (system isn't waiting for close last HANDLE to file).

ObjectAttributes

You can manipulate ObjectName and RootDirectory members.
Example:
If you have only file name as Unicode string, use it as ObjectName.
If you have only a HANDLE to file, set it as RootDirectory. Set ObjectName as empty string.

Related Win32 API

Documented by

See also

Edit description on GitHub