NtAccessCheckByTypeAndAuditAlarm - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTSEAPI_H

/**
 * The NtAccessCheckByTypeAndAuditAlarm routine determines whether a security descriptor grants a specified set of access rights to the client being impersonated by the calling thread.
 * If the security descriptor has a SACL with ACEs that apply to the client, the function generates any necessary audit messages in the security event log.
 *
 * @param SubsystemName A pointer to a UNICODE_STRING specifying the name of the subsystem calling the function.
 * @param HandleId A pointer to a unique value representing the client's handle to the object.
 * @param ObjectTypeName A pointer to a UNICODE_STRING specifying the type of object being created or accessed.
 * @param ObjectName A pointer to a UNICODE_STRING specifying the name of the object being created or accessed.
 * @param SecurityDescriptor A pointer to the SECURITY_DESCRIPTOR structure against which access is checked.
 * @param PrincipalSelfSid A pointer to a SID structure representing the principal self SID, or NULL.
 * @param DesiredAccess Access mask that specifies the access rights to check. This mask must have been mapped by the MapGenericMask function to contain no generic access rights.
 * @param AuditType Specifies the type of audit event to be generated.
 * @param Flags Audit event flags.
 * @param ObjectTypeList A pointer to an array of OBJECT_TYPE_LIST structures that specify the hierarchy of object types for the object being accessed.
 * @param ObjectTypeListLength The number of elements in the ObjectTypeList array.
 * @param GenericMapping A pointer to the GENERIC_MAPPING structure associated with the object for which access is being checked.
 * @param ObjectCreation Specifies a flag that determines whether the calling application will create a new object when access is granted.
 * @param GrantedAccess A pointer to an access mask that receives the granted access rights.
 * @param AccessStatus A pointer to a variable that receives the results of the access check.
 * @param GenerateOnClose A pointer to a flag set by the audit-generation routine when the function returns.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-accesscheckbytypeandauditalarma
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeAndAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PCUNICODE_STRING ObjectTypeName,
    _In_ PCUNICODE_STRING ObjectName,
    _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_opt_ PSID PrincipalSelfSid,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ AUDIT_EVENT_TYPE AuditType,
    _In_ ULONG Flags,
    _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
    _In_ ULONG ObjectTypeListLength,
    _In_ PGENERIC_MAPPING GenericMapping,
    _In_ BOOLEAN ObjectCreation,
    _Out_ PACCESS_MASK GrantedAccess,
    _Out_ PNTSTATUS AccessStatus,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeAndAuditAlarm(
    _In_ PCUNICODE_STRING SubsystemName,
    _In_opt_ PVOID HandleId,
    _In_ PCUNICODE_STRING ObjectTypeName,
    _In_ PCUNICODE_STRING ObjectName,
    _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_opt_ PSID PrincipalSelfSid,
    _In_ ACCESS_MASK DesiredAccess,
    _In_ AUDIT_EVENT_TYPE AuditType,
    _In_ ULONG Flags,
    _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
    _In_ ULONG ObjectTypeListLength,
    _In_ PGENERIC_MAPPING GenericMapping,
    _In_ BOOLEAN ObjectCreation,
    _Out_ PACCESS_MASK GrantedAccess,
    _Out_ PNTSTATUS AccessStatus,
    _Out_ PBOOLEAN GenerateOnClose
    );

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub