| BOOL GetKernelObjectSecurity(Handle, RequestedInformation, pSecurityDescriptor, nLength, lpnLengthNeeded) | |||
| HANDLE Handle; | |||
| SECURITY_INFORMATION RequestedInformation; | |||
| PSECURITY_DESCRIPTOR pSecurityDescriptor; | |||
| DWORD nLength; | |||
| LPDWORD lpnLengthNeeded; |
The GetKernelObjectSecurity function retrieves a copy of the security descriptor protecting a kernel object.
Handle
Specifies a kernel-object handle.
RequestedInformation
Specifies the requested security information.
pSecurityDescriptor
Points to a buffer thast receives a copy of the security descriptor protecting the object. The security descriptor is returned in self-relative format.
nLength
Specifies the size of the security descriptor buffer (in bytes).
lpnLengthNeeded
Points to a variable that receives the number of bytes needed to store the complete security descriptor. If returned number of bytes is less than or equal to nLength then the entire security descriptor is returned in the output buffer, otherwise none of the descriptor is returned.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
Based on the caller's access rights and privileges, this procedure will return a security descriptor containing the requested security descriptor fields. To read the handle's security descriptor the caller must be granted READ_CONTROL access or be the owner of the object. In addition, the caller must have SeSecurityPrivilege privilege to read the system ACL.