Closes the specified kernel handle. This function is documented in Windows Driver Kit here and here.
Handle- a handle to a kernel object.
STATUS_INVALID_HANDLE- an invalid handle value was specified.STATUS_HANDLE_NOT_CLOSABLE- the provided handle is marked as protected from closing. SeeOBJ_PROTECT_CLOSEfor more details.
NtClose is one the few Native API functions that can raise exceptions instead of returning an error status code. See the exploit protection reference for a description of the mitigation that causes this behavior.
OBJ_PROTECT_CLOSENtMakeTemporaryObjectNtDuplicateObjectNtQueryObjectNtSetInformationObject