private IEnumerable <AccessCheckResult> RunAuditCheck(NtToken token, NtType type, ObjectTypeEntry[] object_types)
{
_dict.GetValue("SubsystemName", out string subsystem_name);
_dict.GetValue("HandleId", out IntPtr? handle_id);
_dict.GetValue("ObjectTypeName", out string object_type_name);
_dict.GetValue("ObjectName", out string object_name);
_dict.GetValue("ObjectCreation", out SwitchParameter? object_creation);
_dict.GetValue("AuditType", out AuditEventType? event_type);
_dict.GetValue("AuditFlags", out AuditAccessCheckFlags? flags);
var results = new List <AccessCheckResult>();
if (ResultList)
{
results.AddRange(NtSecurity.AccessCheckWithResultListAudit(
subsystem_name, handle_id ?? IntPtr.Zero, object_type_name,
object_name, object_creation ?? new SwitchParameter(),
event_type ?? AuditEventType.AuditEventObjectAccess,
flags ?? AuditAccessCheckFlags.None,
GetSecurityDescriptor(),
token, GetDesiredAccess(), Principal, type.GenericMapping, object_types));
}
else
{
results.Add(NtSecurity.AccessCheckAudit(
subsystem_name, handle_id ?? IntPtr.Zero, object_type_name,
object_name, object_creation ?? new SwitchParameter(),
event_type ?? AuditEventType.AuditEventObjectAccess,
flags ?? AuditAccessCheckFlags.None,
GetSecurityDescriptor(), token, GetDesiredAccess(),
Principal, type.GenericMapping, object_types));
}
return(results);
}
