NtQueryDirectoryObject - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTOBAPI_H
//
// Directory objects
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Retrieves information about the specified directory object.
 * 
 * @param DirectoryHandle A handle to the directory object. This handle must have been opened with the appropriate access rights.
 * @param Buffer A pointer to a buffer that receives the directory information.
 * @param Length The size, in bytes, of the buffer pointed to by the Buffer parameter.
 * @param ReturnSingleEntry A BOOLEAN value that specifies whether to return a single entry or multiple entries.
 * @param RestartScan A BOOLEAN value that specifies whether to restart the scan from the beginning of the directory.
 * @param Context A pointer to a variable that maintains the context of the directory enumeration.
 * @param ReturnLength An optional pointer to a variable that receives the number of bytes returned in the buffer.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/devnotes/ntquerydirectoryobject
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryDirectoryObject(
    _In_ HANDLE DirectoryHandle,
    _Out_writes_bytes_opt_(Length) PVOID Buffer,
    _In_ ULONG Length,
    _In_ BOOLEAN ReturnSingleEntry,
    _In_ BOOLEAN RestartScan,
    _Inout_ PULONG Context,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryDirectoryObject(
    _In_ HANDLE DirectoryHandle,
    _Out_writes_bytes_opt_(Length) PVOID Buffer,
    _In_ ULONG Length,
    _In_ BOOLEAN ReturnSingleEntry,
    _In_ BOOLEAN RestartScan,
    _Inout_ PULONG Context,
    _Out_opt_ PULONG ReturnLength
    );

#endif

View code on GitHub

This function is documented in Windows SDK.

DirectoryObjectHandle

Handle to Directory Object opened with DIRECTORY_QUERY access.

DirObjInformation

Pointer to OBJDIR_INFORMATION structure. Warning: structure has variable length depending on length of object name.
To test for required length of buffer use DataWritten parameter.

BufferLength

Length of DirObjInformation buffer.

GetNextIndex

Decide of ObjectIndex parameter usage on output.
If FALSE: ObjectIndex is number of object in Object Directory.
If TRUE: ObjectIndex is index of next object to queried object (see below) in Object Directory.

IgnoreInputIndex

Decide how to use ObjectIndex on function input.
If FALSE: ObjectIndex point to ULONG index of object in Object Directory.
If TRUE: ObjectIndex input value is ignored. Function always return information about first object in Object Directory.

ObjectIndex

Pointer to ULONG value described above.

DataWritten

Pointer to ULONG value receiving required / written buffer size. This parameter is optional.

Documented by

See also

Edit description on GitHub