NtOpenObjectAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PUNICODE_STRING ObjectTypeName,
    _In_ PUNICODE_STRING ObjectName,
    _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ ACCESS_MASK GrantedAccess,
    _In_opt_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN ObjectCreation,
    _In_ BOOLEAN AccessGranted,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenObjectAuditAlarm(
    _In_ PUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PUNICODE_STRING ObjectTypeName,
    _In_ PUNICODE_STRING ObjectName,
    _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ HANDLE ClientToken,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ ACCESS_MASK GrantedAccess,
    _In_opt_ PPRIVILEGE_SET Privileges,
    _In_ BOOLEAN ObjectCreation,
    _In_ BOOLEAN AccessGranted,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub

Function NtOpenObjectAuditAlarm does not work on NT40-SP6. For additional information see description of ObjectOpenAuditAlarm function in Microsoft SDK.

SubsystemName

???

ObjectHandle

Can be any valid HANDLE to object, or NULL.

ObjectTypeName

???

ObjectName

???

SecurityDescriptor

Pointer to SECURITY_DESCRIPTOR structure, or NULL.

ClientToken

HANDLE to Token Object previously opened with TOKEN_QUERY access.

DesiredAccess

???

GrantedAccess

???

Privileges

Optionally pointer to PRIVILEGE_SET structure filled by user with valid privileges.

ObjectCreation

???

AccessGranted

???

GenerateOnClose

Optionally pointer to BOOLEAN value.

Documented by

Requirements

Privilege: SE_AUDIT_PRIVILEGE

See also

Edit description on GitHub