#ifndef _NTRTL_H
#if (PHNT_VERSION >= PHNT_WIN8)
// rev
NTSYSAPI
BOOLEAN
NTAPI
RtlIsCapabilitySid(
_In_ PSID Sid
);
View code on GitHub
Determines if the specified SID is a capability SID.
Sid
- a SID to check.The function checks if the SID belongs to SECURITY_APP_PACKAGE_AUTHORITY
(15) with SECURITY_CAPABILITY_BASE_RID
(3). In other words, it accepts S-1-15-3-*
SIDs.
This function was introduced in Windows 8.