SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

NtOpenPartition

This function opens a memory partition.

Declaration

NTSTATUS 
NtOpenPartition (
    HANDLE *PartitionHandle, 
    ULONG DesiredAccess, 
    POBJECT_ATTRIBUTES ObjectAttributes);

Parameters

The PartitionHandle argument is the address of a variable that is to receive a handle to the opened partition.

The DesiredAccess argument is an access mask of generic, standard and specific rights that are wanted to the opened partition. The specific rights MEMORY_PARTITION_QUERY_ACCESS (0x01) and MEMORY_PARTITION_MODIFY_ACCESS (0x02) are defined in WDM.H and WINNT.H.

The ObjectAttributes argument specifies a name and other properties for the opened partition.

Return Value

The function returns STATUS_SUCCESS if successful, else a negative error code.

Availability

The NtOpenPartition function and its alias ZwOpenPartition are exported by name from NTDLL in version 10.0 and higher. In kernel mode, where ZwOpenPartition is a stub and NtOpenPartition is the implementation, neither is exported.

For all practical effect, the functions are available only in 64-bit Windows. As exports from the 32-bit NTDLL, they do exist, but only to return STATUS_NOT_SUPPORTED.

Documentation Status

Neither NtOpenPartition nor its alias is documented. As ZwOpenPartition, it is declared in the ZWAPI.H file in the Windows Driver Kit (WDK) for Windows 10.

Behaviour

The following implementation notes are from inspection of the kernel from the original release of Windows 10.

TO BE DONE