NtOpenFilePHANDLE
NtOpenFilePHANDLE refers to the use of a PHANDLE (a pointer to a HANDLE) as the out parameter in the Windows Native API function NtOpenFile. NtOpenFile is a low-level, native API exported by ntdll.dll that opens a file or I/O object and returns a handle for subsequent operations. It is primarily used by kernel-mode components and some system utilities; standard applications typically invoke higher-level wrappers such as CreateFile or ZwOpenFile.
The typical NtOpenFile signature is NTSTATUS NtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess,
- FileHandle (out): the address of a HANDLE variable that receives the opened handle.
- DesiredAccess: an access mask defining requested permissions (read, write, execute, etc.).
- ObjectAttributes: contains information about the object name (and possibly root directory and attributes).
- IoStatusBlock: receives I/O status information.
- ShareAccess and OpenOptions control sharing semantics and opening flags (for example, synchronous I/O, non-directory file, delete-on-close
Return value is an NTSTATUS code; STATUS_SUCCESS indicates the handle was opened successfully. Other codes indicate
Notes: In user-mode, ZwOpenFile is the typical wrapper that forwards to NtOpenFile. For most applications, standard