please dont rip this site Prev Next

GetKernelObjectSecurity info  Overview  Group

The GetKernelObjectSecurity function retrieves a copy of the security descriptor protecting a kernel object.

BOOL GetKernelObjectSecurity(

    HANDLE Handle,

// handle of object to query

    SECURITY_INFORMATION RequestedInformation,

// requested information

    PSECURITY_DESCRIPTOR pSecurityDescriptor,

// address of security descriptor

    DWORD nLength,

// size of buffer for security descriptor

    LPDWORD lpnLengthNeeded 

// address of required size of buffer



Identifies a kernel object.
Specifies a SECURITY_INFORMATION value that identifies the security information being requested.
Points to a buffer the function fills with a copy of the security descriptor of the specified object. The calling process must have the right to view the specified aspects of the objectís security status. The SECURITY_DESCRIPTOR structure is returned in self-relative format.
Specifies the size, in bytes, of the buffer pointed to by the pSecurityDescriptor parameter.
Points to a variable the function sets to zero if the descriptor is copied successfully. If the buffer is too small for the security descriptor, this variable receives the number of bytes required. If this variableís value is greater than the value of the nLength parameter when the function returns, none of the security descriptor is copied to the buffer.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.


To read the owner, group, or DACL from the kernel objectís security descriptor, the calling process must have been granted READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or the object's DACL must grant the access.

To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

See Also

GetFileSecurity, GetPrivateObjectSecurity, GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetKernelObjectSecurity

file: /Techref/os/win/api/win32/func/src/f33_4.htm, 4KB, , updated: 2000/4/7 12:19, local time: 2024/6/22 15:30,

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> GetKernelObjectSecurity</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?


Welcome to!


Welcome to!