NTSTATUS RtlQuerySecurityObject( IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength ); Routine Description: Query information from a protected server object's existing security descriptor. This procedure, called only from user mode, is used to retrieve information from a security descriptor on an existing protected server's object. All access checking is expected to be done before calling this routine. This includes checking for READ_CONTROL, and privilege to read a system ACL as appropriate. - - WARNING - - This service is for use by protected subsystems that project their own type of object. This service is explicitly not for use by the executive for executive objects and must not be called from kernel mode. Arguments: ObjectDescriptor - Points to a pointer to a security descriptor to be queried. SecurityInformation - Identifies the security information being requested. ResultantDescriptor - Points to buffer to receive the resultant security descriptor. The resultant security descriptor will contain all information requested by the SecurityInformation parameter. DescriptorLength - Is an unsigned integer which indicates the length, in bytes, of the buffer provided to receive the resultant descriptor. ReturnLength - Receives an unsigned integer indicating the actual number of bytes needed in the ResultantDescriptor to store the requested information. If the value returned is greater than the value passed via the DescriptorLength parameter, then STATUS_BUFFER_TOO_SMALL is returned and no information is returned. Return Value: STATUS_SUCCESS - The operation was successful. STATUS_BUFFER_TOO_SMALL - The buffer provided to receive the requested information was not large enough to hold the information. No information has been returned. STATUS_BAD_DESCRIPTOR_FORMAT - Indicates the provided object's security descriptor was not in self-relative format.