The GetKernelObjectSecurity function retrieves a copy of the security descriptor protecting a kernel object.
BOOL GetKernelObjectSecurity(
HANDLE Handle, |
// handle of object to query |
SECURITY_INFORMATION RequestedInformation, |
// requested information |
PSECURITY_DESCRIPTOR pSecurityDescriptor, |
// address of security descriptor |
DWORD nLength, |
// size of buffer for security descriptor |
LPDWORD lpnLengthNeeded |
// address of required size of buffer |
); |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
To read the owner, group, or DACL from the kernel object’s security descriptor, the calling process must have been granted READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or the object's DACL must grant the access.
To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.
GetFileSecurity, GetPrivateObjectSecurity, GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetKernelObjectSecurity