private IEnumerable <AccessCheckResult> RunAuditCheck(NtToken token, NtType type, ObjectTypeEntry[] object_types)
        {
            _dict.GetValue("SubsystemName", out string subsystem_name);
            _dict.GetValue("HandleId", out IntPtr? handle_id);
            _dict.GetValue("ObjectTypeName", out string object_type_name);
            _dict.GetValue("ObjectName", out string object_name);
            _dict.GetValue("ObjectCreation", out SwitchParameter? object_creation);
            _dict.GetValue("AuditType", out AuditEventType? event_type);
            _dict.GetValue("AuditFlags", out AuditAccessCheckFlags? flags);

            var results = new List <AccessCheckResult>();

            if (ResultList)
            {
                results.AddRange(NtSecurity.AccessCheckWithResultListAudit(
                                     subsystem_name, handle_id ?? IntPtr.Zero, object_type_name,
                                     object_name, object_creation ?? new SwitchParameter(),
                                     event_type ?? AuditEventType.AuditEventObjectAccess,
                                     flags ?? AuditAccessCheckFlags.None,
                                     GetSecurityDescriptor(),
                                     token, GetDesiredAccess(), Principal, type.GenericMapping, object_types));
            }
            else
            {
                results.Add(NtSecurity.AccessCheckAudit(
                                subsystem_name, handle_id ?? IntPtr.Zero, object_type_name,
                                object_name, object_creation ?? new SwitchParameter(),
                                event_type ?? AuditEventType.AuditEventObjectAccess,
                                flags ?? AuditAccessCheckFlags.None,
                                GetSecurityDescriptor(), token, GetDesiredAccess(),
                                Principal, type.GenericMapping, object_types));
            }
            return(results);
        }