NtDeleteObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

/**
 * The NtDeleteObjectAuditAlarm routine generates an audit message in the security event log when an object is deleted.
 *
 * @param SubsystemName A pointer to a UNICODE_STRING specifying the name of the subsystem calling the function.
 * @param HandleId A pointer to a unique value representing the client's handle to the object.
 * @param GenerateOnClose Specifies a flag that determines whether to generate an audit on close.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDeleteObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDeleteObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ BOOLEAN GenerateOnClose
    );

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

Function NtDeleteObjectAuditAlarm generates Security Audit Alarm, stored in Event Log. See also description of NtCloseObjectAuditAlarm.

SubsystemName

This string is passed as a parameter to event message.

ObjectHandle

HANDLE to any object.

GenerateOnClose

If set, event is generated.

Documented by

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub