NtOpenObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

/**
 * The NtOpenObjectAuditAlarm routine generates an audit message in the security event log when an object is opened.
 *
 * @param SubsystemName A pointer to a UNICODE_STRING specifying the name of the subsystem calling the function.
 * @param HandleId A pointer to a unique value representing the client's handle to the object.
 * @param ObjectTypeName A pointer to a UNICODE_STRING specifying the type of object being opened.
 * @param ObjectName A pointer to a UNICODE_STRING specifying the name of the object being opened.
 * @param SecurityDescriptor A pointer to the SECURITY_DESCRIPTOR structure for the object.
 * @param ClientToken Handle to the access token representing the client.
 * @param DesiredAccess Access mask that specifies the access rights requested.
 * @param GrantedAccess Access mask that specifies the access rights granted.
 * @param Privileges A pointer to a PRIVILEGE_SET structure that specifies the privileges used to gain access, or NULL.
 * @param ObjectCreation Specifies a flag that determines whether the object is being created.
 * @param AccessGranted Specifies a flag that determines whether access was granted.
 * @param GenerateOnClose A pointer to a flag set by the audit-generation routine when the function returns.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openobjectauditalarma
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PCUNICODE_STRING ObjectTypeName,
    _In_ PCUNICODE_STRING ObjectName,
    _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ ACCESS_MASK GrantedAccess,
    _In_opt_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN ObjectCreation,
    _In_ BOOLEAN AccessGranted,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenObjectAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PCUNICODE_STRING ObjectTypeName,
    _In_ PCUNICODE_STRING ObjectName,
    _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ ACCESS_MASK GrantedAccess,
    _In_opt_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN ObjectCreation,
    _In_ BOOLEAN AccessGranted,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub

Function NtOpenObjectAuditAlarm does not work on NT40-SP6. For additional information see description of ObjectOpenAuditAlarm function in Microsoft SDK.

SubsystemName

???

ObjectHandle

Can be any valid HANDLE to object, or NULL.

ObjectTypeName

???

ObjectName

???

SecurityDescriptor

Pointer to SECURITY_DESCRIPTOR structure, or NULL.

ClientToken

HANDLE to Token Object previously opened with TOKEN_QUERY access.

DesiredAccess

???

GrantedAccess

???

Privileges

Optionally pointer to PRIVILEGE_SET structure filled by user with valid privileges.

ObjectCreation

???

AccessGranted

???

GenerateOnClose

Optionally pointer to BOOLEAN value.

Documented by

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub