BOOLEAN
SeValidSecurityDescriptor(
  IN  ULONG Length,
  IN  PSECURITY_DESCRIPTOR SecurityDescriptor
  );

Routine Description:

    Validates a security descriptor for structural correctness.  The idea is to make
    sure that the security descriptor may be passed to other kernel callers, without
    fear that they're going to choke while manipulating it.

    This routine does not enforce policy (e.g., ACL/ACE revision information).  It is
    entirely possible for a security descriptor to be approved by this routine, only
    to be later found to be invalid by some later routine.

    This routine is designed to be used by callers who have a security descriptor in
    kernel memory.  Callers wishing to validate a security descriptor passed from user
    mode should call RtlValidSecurityDescriptor.

Arguments:

    Length - Length in bytes of passed Security Descriptor.

    SecurityDescriptor - Points to the Security Descriptor (in kernel memory) to be
        validatated.

Return Value:

    TRUE - The passed security descriptor is correctly structured
    FALSE - The passed security descriptor is badly formed