Undocumented functions of NTDLL

2OO1, 27 February



NtAccessCheckAndAuditAlarm
NtAccessCheckAndAuditAlarm

NTSYSAPI 
NTSTATUS
NTAPI

NtAccessCheckAndAuditAlarm(


  IN PUNICODE_STRING      SubsystemName OPTIONAL,
  IN HANDLE               ObjectHandle OPTIONAL,
  IN PUNICODE_STRING      ObjectTypeName OPTIONAL,
  IN PUNICODE_STRING      ObjectName OPTIONAL,
  IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  IN ACCESS_MASK          DesiredAccess,
  IN PGENERIC_MAPPING     GenericMapping,
  IN BOOLEAN              ObjectCreation,
  OUT PULONG              GrantedAccess,
  OUT PULONG              AccessStatus,
  OUT PBOOLEAN            GenerateOnClose );



Function NtAccessCheckAndAuditAlarm doesn't work properly on NT40-SP6. For more information about alarms see description of similar function AccessCheckAndAuditAlarm in Microsoft SDK.


  • SubsystemName
    •     - ???
  • ObjectHandle
    •     Can be any valid HANDLE to object, or NULL.
  • ObjectTypeName
    •     - ???
  • ObjectName
    •     - ???
  • SecurityDescriptor
    •     Pointer to "Absolute" SECURITY_DESCRIPTOR structure.
  • DesiredAccess
    •     - ???
  • GenericMapping
    •     Pointer to GENERIC_MAPPING structure valid for object specified above as ObjectHandle parameter.
  • ObjectCreation
    •     - ???
  • GrantedAccess
    •     Pointer to ACCESS_MASK value (?).
  • AccessStatus
    •     Pointer to NTSTATUS value (?).
  • GenerateOnClose
    •     Pointer to BOOLEAN value (?).


    Function can be called only from impersonated thread. (See NtImpersonateThread for more information).


    Documented by:
    Tomasz Nowak



    Requirements:
    Library: ntdll.lib
    Privilege: SE_AUDIT_PRIVILEGE


    See also:
    NtAccessCheck
    NtCloseObjectAuditAlarm
    NtDeleteObjectAuditAlarm
    NtImpersonateThread
    NtOpenObjectAuditAlarm
    SECURITY_DESCRIPTOR