NtQuerySecurityObject - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTOBAPI_H
// Objects, handles
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
    _In_ HANDLE Handle,
    _In_ SECURITY_INFORMATION SecurityInformation,
    _Out_writes_bytes_to_opt_(Length, *LengthNeeded) PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ ULONG Length,
    _Out_ PULONG LengthNeeded
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject(
    _In_ HANDLE Handle,
    _In_ SECURITY_INFORMATION SecurityInformation,
    _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
    _In_ ULONG Length,
    _Out_ PULONG LengthNeeded
    );

#endif
View code on GitHub

This function is documented in Windows Driver Kit here and here.

Function NtQuerySecurityObject retrieve object's Security Descriptor.

ObjectHandle

HANDLE to any object opened with READ_CONTROL access.

SecurityInformationClass

Can be combination of:

OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION

DescriptorBuffer

Result of call - pointer to SECURITY_DESCRIPTOR structure.

DescriptorBufferLength

Size of buffer, in bytes.

RequiredLength

Pointer to value receiving required length of buffer.

Documented by

Tomasz Nowak

See also

NtSetSecurityObject
SECURITY_DESCRIPTOR

Edit description on GitHub