Geoff Chappell, Software Analyst
SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED
This function creates a memory partition.
NTSTATUS NtCreatePartition ( HANDLE ParentPartitionHandle, HANDLE *PartitionHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes);
in version 1511 and higher, but
NTSTATUS NtCreatePartition ( HANDLE ParentPartitionHandle, HANDLE *PartitionHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, ULONG Node);
The ParentPartitionHandle argument is a handle to a memory partition that is to be the parent of the created partition. This argument can be NULL to represent the system partition. If a parent is specified, the handle must have the MEMORY_PARTITION_MODIFY_ACCESS permission.
The PartitionHandle argument is the address of a variable that is to receive a handle to the created partition.
The DesiredAccess argument is an access mask of generic, standard and specific rights that are wanted to the created partition. The specific rights MEMORY_PARTITION_QUERY_ACCESS (0x01) and MEMORY_PARTITION_MODIFY_ACCESS (0x02) are defined in WDM.H and WINNT.H.
The ObjectAttributes argument specifies a name and other properties for the created partition.
The Node argument selects a Non-Uniform Memory Access (NUMA) node. It can be 0xFFFFFFFF to select the node for the current thread’s ideal processor.
The function returns STATUS_SUCCESS if successful, else a negative error code.
The NtCreatePartition function and its alias ZwCreatePartition are exported by name from NTDLL in version 10.0 and higher. In kernel mode, where ZwCreatePartition is a stub and NtCreatePartition is the implementation, neither is exported until the 1607 release of Windows 10 exports the stub.
For all practical effect, the functions are available only in 64-bit Windows. As exports from the 32-bit NTDLL, they do exist, but only to return STATUS_NOT_SUPPORTED.
Neither NtCreatePartition nor its alias is documented. As ZwCreatePartition, it is declared in the ZWAPI.H file from an Enterprise edition of the Windows Driver Kit (WDK) for the 1511 release of Windows 10.