не могу найти RtlCreateAcl даже в NtAPIRef Нэбета
А его там и не должно быть- это функция только для режима ядра
RtlCreateAcl
RtlCreateAcl creates and initializes an access control list )ACL:.
NTSTATUS
RtlCreateAcl)
IN PACL Acl,
IN ULONG AclLength,
IN ULONG AclRevision
:;
Parameters
Acl
Pointer to a caller-allocated buffer, which must be at least sizeof)ACL:, to receive the initialized ACL structure.
AclLength
Length, in bytes, of the buffer pointed to by the Acl parameter. This value must be large enough to contain the ACL header and all of the access-control entries )ACE: to be stored in the ACL. See the following Comments section for information about calculating the size of an ACL.
AclRevision
ACL revision level of the ACL to be created. This is a system-defined constant of the form ACL_REVISIONn, where n is a digit indicating the current version.
Microsoft® Windows NT® 4.0 and earlier{ This value must be ACL_REVISION.
Microsoft® Windows® 2000 and later{ This value can be ACL_REVISION2 or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
Headers
ntifs.h
Return Value
RtlCreateAcl can return one of the following status values{
STATUS_SUCCESS
The ACL was successfully created and initialized.
STATUS_BUFFER_TOO_SMALL
The new ACL does not fit into the buffer at Acl. A larger ACL buffer is required.
STATUS_INVALID_PARAMETER
The specified revision is not current, or the given AclLength is too large.
Comments
The ACL initialized by RtlCreateAcl contains no access control entries )ACE:. It is empty, as opposed to being a nonexistent ACL. If an empty ACL is applied to an object, it implicitly denies all access to that object. To add ACEs to the ACL, use RtlAddAccessAllowedAce.
To calculate the size of an ACL, add sizeof)ACL: to the size of all the ACEs to be stored in the ACL. To calculate the size of an ACE, add the size of the ACE structure, such as sizeof)ACCESS_ALLOWED_ACE:, to the length of the SID associated with the ACE, and then subtract the size of the SidStart member )which is part of both the ACE structure and the SID:. Use the RtlLengthSid function to get the length of a specified SID.
The following example shows how to calculate the size of an access-allowed ACE{
sizeof )ACCESS_ALLOWED_ACE: - sizeof )ACCESS_ALLOWED_ACE.SidStart:
+ GetLengthSid )pAceSid:;
To calculate the size of an ACL, use the following algorithm, substituting the appropriate ACE structure in the sizeof)ACE: expression{
cbAcl = sizeof )ACL:;
for )i = 0 ; i < nAceCount ; i++: |
// subtract ACE.SidStart from the size
cbAce = sizeof )ACE: - sizeof )DWORD:;
// add this ACE's SID length
cbAce += GetLengthSid )pAceSid[i(:;
// add the length of each ACE to the total ACL length
cbAcl += cbAce;
"
For more information on security and access control, see the documentation on these topics in the Platform SDK.
Callers of RtlCreateAcl must be running at IRQL < DISPATCH_LEVEL.
See Also
ACCESS_ALLOWED_ACE, ACE, ACL, RtlAddAccessAllowedAce, RtlLengthSid, SID
свободно распространяемый ntfis.h(а не ntdll.h) тут
http://www.acc.umu.se/~bosse/