RtlGetOwnerSecurityDescriptor - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTRTL_H

/**
 * The RtlGetOwnerSecurityDescriptor routine returns the owner information for a given security descriptor.
 *
 * \param SecurityDescriptor Pointer to the SECURITY_DESCRIPTOR structure.
 * \param Owner Pointer to an address to receive a pointer to the owner security identifier (SID). If the security descriptor does not currently contain an owner SID, Owner receives NULL.
 * \param OwnerDefaulted Pointer to a Boolean variable that receives TRUE if the owner information is derived from a default mechanism, FALSE otherwise. Valid only if Owner receives a non-NULL value.
 * \return NTSTATUS Successful or errant status.
 * \see https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-rtlgetownersecuritydescriptor
 */
NTSYSAPI
NTSTATUS
NTAPI
RtlGetOwnerSecurityDescriptor(
    _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
    _Outptr_result_maybenull_ PSID *Owner,
    _Out_ PBOOLEAN OwnerDefaulted
    );

#endif

View code on GitHub
// ntifs.h

NTSYSAPI NTSTATUS RtlGetOwnerSecurityDescriptor(
  [in]  PSECURITY_DESCRIPTOR SecurityDescriptor,
  [out] PSID                 *Owner,
  [out] PBOOLEAN             OwnerDefaulted
);
View the official Windows Driver Kit DDI reference

NtDoc

This function is documented in Windows Driver Kit.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-ntifs-rtlgetownersecuritydescriptor)

RtlGetOwnerSecurityDescriptor function

Description

The RtlGetOwnerSecurityDescriptor routine returns the owner information for a given security descriptor.

Parameters

SecurityDescriptor [in]

Pointer to the security descriptor.

Owner [out]

Pointer to an address to receive a pointer to the owner security identifier (SID). If the security descriptor does not currently contain an owner SID, Owner receives NULL.

OwnerDefaulted [out]

Pointer to a Boolean variable that receives TRUE if the owner information is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly, FALSE otherwise. Valid only if Owner receives a non-NULL value.

Return value

RtlGetOwnerSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return code Description
STATUS_UNKNOWN_REVISION The security descriptor's revision level is not known or is not supported. This is an error code.

Remarks

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

See also

RtlCreateSecurityDescriptor

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SECURITY_DESCRIPTOR

SID

View the official Windows Driver Kit DDI reference

Edit description on GitHub