The SetKernelObjectSecurity function sets the security of a kernel object. For example, this can be a process, thread, or event.
BOOL SetKernelObjectSecurity(
| HANDLE Handle, | // handle of object |
| SECURITY_INFORMATION SecurityInformation, | // type of information to set |
| PSECURITY_DESCRIPTOR SecurityDescriptor | // address of security descriptor |
| ); |
Parameters
Handle
Identifies a kernel object for which security information is set.
SecurityInformation
Specifies a SECURITY_INFORMATION structure identifying the contents of the security descriptor pointed to by the SecurityDescriptor parameter.
SecurityDescriptor
Points to a SECURITY_DESCRIPTOR structure containing the new security information.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
The SetKernelObjectSecurity function is successful only if the following conditions are met:
·If the object's owner is being set, the calling process must have either WRITE_OWNER permission or be the object's owner.
·If the object's discretionary access-control list (ACL) is being set, the calling process must have either WRITE_DAC permission or be the object's owner.
·If the object's system ACL is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.
See Also
GetKernelObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetPrivateObjectSecurity, SetUserObjectSecurity