NTSTATUS Codes

  • All system calls return a 32-bit NTSTATUS code that contains the following:

    • Severity

      • STATUS_SEVERITY_SUCCESS = 0

      • STATUS_SEVERITY_INFORMATIONAL = 1

      • STATUS_SEVERITY_WARNING = 2

      • STATUS_SEVERITY_ERROR = 3

    • Customer Code (CC)

      • Single-bit flag that indicates if the status code is defined by Microsoft (value of 0)

      • Defined by a third-party (value of 1)

        • They are not required to do this

    • Facility

      • Component or subsystem associated with the status code

      • Third parties need to define their own facility and combine it with the customer code to differentiate themselves from Microsoft.

Facility Name
Value
Description

FACILITY_DEFAULT

0

The default used for common status codes

FACILITY_DEBUGGER

1

Used for codes associated with the debugger

FACILITY_NTWIN32

7

Used for codes that originated from the Win32 APIs

  • Status Code

    • 16-bit number chosen to be unique for each facility.

    • Up to the person implementing to define what each one means

PreviousSystem CallsNextObject Handles

Last updated