1.11 Access to Driver-Managed Objects
-
IoCreateSymbolicLink
-
Sets up a symbolic link object, aliasing a named device object to a
user-visible name for the same device.
-
IoCreateUnprotectedSymbolicLink
-
Sets up a symbolic link object, aliasing a named device object to a
user-visible name for the same device and allowing user-mode callers to affect
the mode of the device (for example, parallel and serial drivers call this
routine so users can redirect output).
-
IoGetFileObjectGenericMapping
-
Returns information about the mapping between generic access rights and
specific access rights for file objects.
-
IoSetShareAccess
-
Sets the access allowed to a given file object representing a device. (Only
highest-level drivers can call this routine.)
-
IoCheckShareAccess
-
Checks whether a request to open a file object specifies a desired access that
is compatible with the current shared access permissions for the open file
object. (Only highest-level drivers can call this routine.)
-
IoUpdateShareAccess
-
Modifies the current share-access permissions on the given file object. (Only
highest-level drivers can call this routine.)
-
IoRemoveShareAccess
-
Restores the shared-access permissions on the given file object that were
modified by a preceding call to IoUpdateShareAccess.
-
RtlLengthSecurityDescriptor
-
Returns the size in bytes of a given security descriptor.
-
RtlValidSecurityDescriptor
-
Returns whether a given security descriptor is valid.
-
RtlCreateSecurityDescriptor
-
Initializes a new security descriptor to an absolute format with default
values (in effect, with no security constraints).
-
RtlSetDaclSecurityDescriptor
-
Sets the discretionary ACL information for a given security descriptor in
absolute format.
-
SeAssignSecurity
-
Builds a security descriptor for a new object, given the security descriptor
of its parent directory (if any) and an originally requested security for the
object.
-
SeDeassignSecurity
-
Deallocates the memory associated with a security descriptor that was created
with SeAssignSecurity.
-
SeAccessCheck
-
Returns a Boolean indicating whether the requested access rights can be
granted to an object protected by a security descriptor and, possibly, a
current owner.
-
SeSinglePrivilegeCheck
-
Returns a Boolean indicating whether the current thread has at least the given
privilege level.