NtDuplicateObject - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTOBAPI_H
//
// Objects, handles
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)
/**
* The NtDuplicateObject routine creates a handle that is a duplicate of the specified source handle.
*
* @param SourceProcessHandle A handle to the source process for the handle being duplicated.
* @param SourceHandle The handle to duplicate.
* @param TargetProcessHandle A handle to the target process that is to receive the new handle. This parameter is optional and can be specified as NULL if the DUPLICATE_CLOSE_SOURCE flag is set in Options.
* @param TargetHandle A pointer to a HANDLE variable into which the routine writes the new duplicated handle. The duplicated handle is valid in the specified target process. This parameter is optional and can be specified as NULL if no duplicate handle is to be created.
* @param DesiredAccess An ACCESS_MASK value that specifies the desired access for the new handle.
* @param HandleAttributes A ULONG that specifies the desired attributes for the new handle.
* @param Options A set of flags to control the behavior of the duplication operation.
* @return NTSTATUS Successful or errant status.
* @sa https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwduplicateobject
*/
NTSYSCALLAPI
NTSTATUS
NTAPI
NtDuplicateObject(
_In_ HANDLE SourceProcessHandle,
_In_ HANDLE SourceHandle,
_In_opt_ HANDLE TargetProcessHandle,
_Out_opt_ PHANDLE TargetHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_In_ ULONG Options
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwDuplicateObject(
_In_ HANDLE SourceProcessHandle,
_In_ HANDLE SourceHandle,
_In_opt_ HANDLE TargetProcessHandle,
_Out_opt_ PHANDLE TargetHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_In_ ULONG Options
);
View code on GitHubAllows copying handles across process boundaries and opening additional handles pointing to the same underlying kernel object. This function is documented in Windows Driver Kit.
SourceProcessHandle - a handle to the source process. This can be the NtCurrentProcess pseudo-handle or a handle granting PROCESS_DUP_HANDLE access.SourceHandle - the source handle to duplicate. This value is meaningful in the context of the source process.TargetProcessHandle - a handle to the target process. This can be the NtCurrentProcess pseudo-handle or a handle granting PROCESS_DUP_HANDLE access.TargetHandle - an optional pointer to a variable that receives the new handle. This value is meaningful in the context of the target process.DesiredAccess - the access mask to grant on the new handle.HandleAttributes - the object attribute flags to set on the new handle. Supported flags are OBJ_INHERIT and OBJ_PROTECT_CLOSE.Options - the flags that control the behavior of the function described below.DUPLICATE_CLOSE_SOURCE - instructs the system to close the source handle. Note that this occurs regardless of any error status returned. The target handle parameter becomes optional when using this flag.DUPLICATE_SAME_ACCESS - instructs the system to ignore the DesiredAccess parameter and copy the access mask from the source handle.DUPLICATE_SAME_ATTRIBUTES - instructs the system to ignore the HandleAttributes parameter and copy the handle attributes from the source handle.This function offers a wide range of modes of operation:
Note that this function performs an access check against the security descriptor of the source handle only when the Options parameter does not include the DUPLICATE_SAME_ACCESS flag.