#ifndef _NTIOAPI_H
/**
* The NtDeleteFile routine deletes the specified file.
*
* \param[in] ObjectAttributes Pointer to an OBJECT_ATTRIBUTES structure that contains the file's attributes, including file name.
* \return NTSTATUS Successful or errant status.
* \sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwdeletefile
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDeleteFile(
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes
);
View code on GitHub
#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDeleteFile(
_In_ PCOBJECT_ATTRIBUTES ObjectAttributes
);
View code on GitHub
This function is documented in Windows Driver Kit.
It's very interesting NT System Call... Normally, file deletion is realised as FileDispositionInformation
class in a call to NtSetInformationFile
. When you use NtDeleteFile
, file will be deleted immediately after call (system isn't waiting for close last HANDLE
to file).
You can manipulate ObjectName and RootDirectory members.
Example:
If you have only file name as Unicode string, use it as ObjectName.
If you have only a HANDLE
to file, set it as RootDirectory. Set ObjectName as empty string.
DeleteFile
(Although it does more than just forwarding the arguments and invoking this procedure.)