Export (0) Print
Expand All

ObGetObjectSecurity routine

The ObGetObjectSecurity routine gets the security descriptor for a given object.

Syntax


NTSTATUS ObGetObjectSecurity(
  _In_   PVOID Object,
  _Out_  PSECURITY_DESCRIPTOR *SecurityDescriptor,
  _Out_  PBOOLEAN MemoryAllocated
);

Parameters

Object [in]

Pointer to the object.

SecurityDescriptor [out]

Pointer to a caller-supplied variable that this routine sets to the address of a buffer containing the SECURITY_DESCRIPTOR for the given object. If the given object has no security descriptor, this variable is set to NULL on return from ObGetObjectSecurity.

MemoryAllocated [out]

Pointer to a caller-supplied variable that this routine sets to TRUE if it allocated a buffer to contain the security descriptor.

Return value

ObGetObjectSecurity either returns STATUS_SUCCESS or an error status, such as STATUS_INSUFFICIENT_RESOURCES if it could not allocate enough memory to return the requested information.

Remarks

A successful call to ObGetObjectSecurity either returns a self-relative security descriptor in the buffer at *SecurityDescriptor or it returns NULL at *SecurityDescriptor if the given object has no security descriptor. For example, any unnamed object, such as an event object, has no security descriptor.

If ObGetObjectSecurity returns STATUS_SUCCESS, the caller must save the value returned at MemoryAllocated. Such a caller must pass MemoryAllocated in a reciprocal call to ObReleaseObjectSecurity eventually, thereby restoring the reference count on the security descriptor to its original value and releasing the buffer, if any, that was allocated by ObGetObjectSecurity.

Requirements

Version

Available starting with Windows 2000.

Header

Wdm.h (include Wdm.h, Ntddk.h, or Ntifs.h)

Library

Ntoskrnl.lib

IRQL

<=APC_LEVEL

DDI compliance rules

IrqlApcLte, HwStorPortProhibitedDDIs

See also

SECURITY_DESCRIPTOR
ObReferenceObjectByHandle
ObReleaseObjectSecurity

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft