1.11 Access to Driver-managed Objects

1.11 Access to Driver-Managed Objects

IoCreateSymbolicLink: Sets up a symbolic link object, aliasing a named device object to a user-visible name for the same device.
IoCreateUnprotectedSymbolicLink: Sets up a symbolic link object, aliasing a named device object to a user-visible name for the same device and allowing user-mode callers to affect the mode of the device (for example, parallel and serial drivers call this routine so users can redirect output).
IoGetFileObjectGenericMapping: Returns information about the mapping between generic access rights and specific access rights for file objects.
IoSetShareAccess: Sets the access allowed to a given file object representing a device. (Only highest-level drivers can call this routine.)
IoCheckShareAccess: Checks whether a request to open a file object specifies a desired access that is compatible with the current shared access permissions for the open file object. (Only highest-level drivers can call this routine.)
IoUpdateShareAccess: Modifies the current share-access permissions on the given file object. (Only highest-level drivers can call this routine.)
IoRemoveShareAccess: Restores the shared-access permissions on the given file object that were modified by a preceding call to IoUpdateShareAccess.
RtlLengthSecurityDescriptor: Returns the size in bytes of a given security descriptor.
RtlValidSecurityDescriptor: Returns whether a given security descriptor is valid.
RtlCreateSecurityDescriptor: Initializes a new security descriptor to an absolute format with default values (in effect, with no security constraints).
RtlSetDaclSecurityDescriptor: Sets the discretionary ACL information for a given security descriptor in absolute format.
SeAssignSecurity: Builds a security descriptor for a new object, given the security descriptor of its parent directory (if any) and an originally requested security for the object.
SeDeassignSecurity: Deallocates the memory associated with a security descriptor that was created with SeAssignSecurity.
SeAccessCheck: Returns a Boolean indicating whether the requested access rights can be granted to an object protected by a security descriptor and, possibly, a current owner.
SeSinglePrivilegeCheck: Returns a Boolean indicating whether the current thread has at least the given privilege level.