GetKernelObjectSecurity
The GetKernelObjectSecurity
function retrieves a copy of the security descriptor protecting a kernel
object.
BOOL GetKernelObjectSecurity(
|
HANDLE Handle, |
// handle of object
to query |
|
SECURITY_INFORMATION RequestedInformation, |
// requested
information |
|
PSECURITY_DESCRIPTOR pSecurityDescriptor, |
// address of
security descriptor |
|
DWORD nLength, |
// size of buffer
for security descriptor |
|
LPDWORD lpnLengthNeeded |
// address of
required size of buffer |
|
); |
|
Parameters
Handle
Identifies a
kernel object.
RequestedInformation
Specifies a SECURITY_INFORMATION structure that identifies
the security information being requested.
pSecurityDescriptor
Points to a
buffer the function fills with a copy of the security descriptor of the
specified object. The calling process must have the right to view the specified
aspects of the object s security status. The SECURITY_DESCRIPTOR structure is returned in
self-relative format.
nLength
Specifies the
size, in bytes, of the buffer pointed to by the pSecurityDescriptor
parameter.
lpnLengthNeeded
Points to a
variable the function sets to zero if the descriptor is copied successfully. If
the buffer is too small for the security descriptor, this variable receives the
number of bytes required. If this variable s value is greater than the value of
the nLength parameter when the function returns, none of the security
descriptor is copied to the buffer.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Remarks
To read the
kernel object s security descriptor, the calling process must be either granted
READ_CONTROL access or be the object s owner. In addition, the calling process
must have the SE_SECURITY_NAME privilege to read the system access-control
list.
See Also