GetKernelObjectSecurity

  BOOL GetKernelObjectSecurity(Handle, RequestedInformation, pSecurityDescriptor, nLength, lpnLengthNeeded)    
  HANDLE Handle;    
  SECURITY_INFORMATION RequestedInformation;    
  PSECURITY_DESCRIPTOR pSecurityDescriptor;    
  DWORD nLength;    
  LPDWORD lpnLengthNeeded;    

The GetKernelObjectSecurity function retrieves a copy of the security descriptor protecting a kernel object.

Parameters

Handle

Specifies a kernel-object handle.

RequestedInformation

Specifies the requested security information.

pSecurityDescriptor

Points to a buffer thast receives a copy of the security descriptor protecting the object. The security descriptor is returned in self-relative format.

nLength

Specifies the size of the security descriptor buffer (in bytes).

lpnLengthNeeded

Points to a variable that receives the number of bytes needed to store the complete security descriptor. If returned number of bytes is less than or equal to nLength then the entire security descriptor is returned in the output buffer, otherwise none of the descriptor is returned.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

Comments

Based on the caller's access rights and privileges, this procedure will return a security descriptor containing the requested security descriptor fields. To read the handle's security descriptor the caller must be granted READ_CONTROL access or be the owner of the object. In addition, the caller must have SeSecurityPrivilege privilege to read the system ACL.