NtDuplicateObject - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTOBAPI_H
// Objects, handles
#if (PHNT_MODE != PHNT_MODE_KERNEL)
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDuplicateObject(
_In_ HANDLE SourceProcessHandle,
_In_ HANDLE SourceHandle,
_In_opt_ HANDLE TargetProcessHandle,
_Out_opt_ PHANDLE TargetHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_In_ ULONG Options
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDuplicateObject(
_In_ HANDLE SourceProcessHandle,
_In_ HANDLE SourceHandle,
_In_opt_ HANDLE TargetProcessHandle,
_Out_opt_ PHANDLE TargetHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_In_ ULONG Options
);
View code on GitHubAllows copying handles across process boundaries and opening additional handles pointing to the same underlying kernel object. This function is documented in Windows Driver Kit.
SourceProcessHandle - a handle to the source process. This can be the NtCurrentProcess pseudo-handle or a handle granting PROCESS_DUP_HANDLE access.SourceHandle - the source handle to duplicate. This value is meaningful in the context of the source process.TargetProcessHandle - a handle to the target process. This can be the NtCurrentProcess pseudo-handle or a handle granting PROCESS_DUP_HANDLE access.TargetHandle - an optional pointer to a variable that receives the new handle. This value is meaningful in the context of the target process.DesiredAccess - the access mask to grant on the new handle.HandleAttributes - the object attribute flags to set on the new handle. Supported flags are OBJ_INHERIT and OBJ_PROTECT_CLOSE.Options - the flags that control the behavior of the function described below.DUPLICATE_CLOSE_SOURCE - instructs the system to close the source handle. Note that this occurs regardless of any error status returned. The target handle parameter becomes optional when using this flag.DUPLICATE_SAME_ACCESS - instructs the system to ignore the DesiredAccess parameter and copy the access mask from the source handle.DUPLICATE_SAME_ATTRIBUTES - instructs the system to ignore the HandleAttributes parameter and copy the handle attributes from the source handle.This function offers a wide range of modes of operation:
Note that this function performs an access check against the security descriptor of the source handle only when the Options parameter does not include the DUPLICATE_SAME_ACCESS flag.