NtDeleteObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

/**
 * The NtDeleteObjectAuditAlarm routine generates an audit message in the security event log when an object is deleted.
 *
 * @param SubsystemName A pointer to a UNICODE_STRING specifying the name of the subsystem calling the function.
 * @param HandleId A pointer to a unique value representing the client's handle to the object.
 * @param GenerateOnClose Specifies a flag that determines whether to generate an audit on close.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-deleteobjectauditalarma
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDeleteObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDeleteObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif

View code on GitHub

Function NtDeleteObjectAuditAlarm generates Security Audit Alarm, stored in Event Log. See also description of NtCloseObjectAuditAlarm.

SubsystemName

This string is passed as a parameter to event message.

ObjectHandle

HANDLE to any object.

GenerateOnClose

If set, event is generated.

Documented by

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub