Search
Module:
Directory

   Desktop Functions:

   Smart Device Functions:


Show Recent Changes
Subscribe (RSS)
Misc. Pages
Comments
FAQ
Helpful Tools
Playground
Suggested Reading
Website TODO List
Download Visual Studio Add-In

GetSecurityInfo (advapi32)
 
.
Summary
You can use the GetSecurityInfo function with the following types of objects

Local or remote files or directories on an NTFS file system
Named pipes
Local or remote printers
Local or remote Windows services
Network shares
Registry keys
Semaphores, events, mutexes, and waitable timers
Processes, threads, jobs, and file-mapping objects
Interactive service window stations and desktops
Directory service objects

C# Signature:

[DllImport("advapi32.dll", SetLastError=true)]
static extern uint GetSecurityInfo(
IntPtr handle,
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr pSidOwner,
out IntPtr  pSidGroup,
out IntPtr pDacl,
out IntPtr pSacl,
out IntPtr pSecurityDescriptor);

VB Signature:

      <DllImport("advapi32.dll", setlasterror:=True)> _
     Private Shared Function GetSecurityInfo( _
        ByRef hObject As IntPtr, _
        ByRef ObjectType As SE_OBJECT_TYPE, _
        ByRef SecurityInfo As SECURITY_INFORMATION, _
        ByRef pSidOwner As IntPtr, _
        ByRef pSidGroup As IntPtr, _
        ByRef pDacl As IntPtr, _
        ByRef pSacl As IntPtr, _
        ByRef pSD As IntPtr) _
     As Integer
      End Function
Declare Function GetSecurityInfo Lib "advapi32.dll" (TODO) As TODO

User-Defined Types:

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

I am currently trying to implement this function to get the security attributes for Network Shares.

Tips & Tricks:

Please add some!

Sample Code:

C#

Compiled for 2.0 but I guess it should work for 1.1. (Of course 2.0 provides the AccessControl namespace which makes this sample only interesting for knowing the basics of how it is done)

This sample only retrieves the owner of the object (in this case a file but could be other object if you change the objectType)

using System;

using System.Collections.Generic;

using System.Text;

using System.IO;

using System.Runtime.InteropServices;

using System.Security.AccessControl;

namespace GetSecurityInfoTest

{

    class Program
    {
    [DllImport("advapi32.dll", SetLastError = true)]
    static extern int GetSecurityInfo(
        IntPtr          handle,
        SE_OBJECT_TYPE         objectType,
        SECURITY_INFORMATION     securityInfo,
        out IntPtr          sidOwner,
        out IntPtr          sidGroup,
        out IntPtr          dacl,
        out IntPtr          sacl,
        out IntPtr          securityDescriptor);

    [DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true)]
    static extern bool ConvertSidToStringSid(
        IntPtr              sid,
        out IntPtr          sidString);      

    [DllImport("kernel32.dll", SetLastError = true)]
    internal static extern IntPtr LocalFree(
        IntPtr         handle
    );

    enum SE_OBJECT_TYPE
    {
        SE_UNKNOWN_OBJECT_TYPE,
        SE_FILE_OBJECT,
        SE_SERVICE,
        SE_PRINTER,
        SE_REGISTRY_KEY,
        SE_LMSHARE,
        SE_KERNEL_OBJECT,
        SE_WINDOW_OBJECT,
        SE_DS_OBJECT,
        SE_DS_OBJECT_ALL,
        SE_PROVIDER_DEFINED_OBJECT,
        SE_WMIGUID_OBJECT,
        SE_REGISTRY_WOW64_32KEY
    }
    enum SECURITY_INFORMATION
    {
        OWNER_SECURITY_INFORMATION = 1,
        GROUP_SECURITY_INFORMATION = 2,
        DACL_SECURITY_INFORMATION = 4,
        SACL_SECURITY_INFORMATION = 8,        
    }

    static void Main(string[] args)
    {
        FileStream fileStream = null;        
        IntPtr ownerSid;
        IntPtr groupSid;
        IntPtr dacl;
        IntPtr sacl;
        IntPtr securityDescriptor = IntPtr.Zero;

        int returnValue = 0;
        bool success = false;

        try
        {
        fileStream = File.Open(@"C:\Test\Test.txt", FileMode.Open);

        returnValue = GetSecurityInfo(fileStream.Handle, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, out ownerSid, out groupSid, out dacl, out sacl, out securityDescriptor);          

        IntPtr sidString = IntPtr.Zero;
        success = ConvertSidToStringSid(ownerSid, out sidString);
        Console.WriteLine(Marshal.PtrToStringAuto(sidString));
        Marshal.FreeHGlobal(sidString);
        }
        finally
        {
        LocalFree(securityDescriptor);
        fileStream.Close();
        }          
    }
    }

}

Documentation

Please edit this page!

Do you have...

  • helpful tips or sample code to share for using this API in managed code?
  • corrections to the existing content?
  • variations of the signature you want to share?
  • additional languages you want to include?

Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).

 
Access PInvoke.net directly from VS:
Terms of Use
Edit This Page
Find References
Show Printable Version
Revisions