Get file/folder list of group permission

Question

In Delphi, using WinAPI, I am try to get list of groups that have permission to file or folder, example group list:

What function or records I need to use to get these information?

I am try to using GetNamedSecurityInfoA but it fails - function return false and variables sidGrp with dacl are still nil, but variable sc (Security Descriptor) is initialized.

    procedure TForm1.Button2Click(Sender: TObject);
    var
      sciezka: array [0 .. 256] of ansiChar;
      sidOwn: PSID;
      sidGrp: PSID;
      dacl: PACL;
      sacl: PACL;
      sc: PSECURITY_DESCRIPTOR;
      success: DWORD;
      access: EXPLICIT_ACCESS_A;
      sid_id_auth: _SID_IDENTIFIER_AUTHORITY;

      hToken: THandle;
      TokenUserPoint: pTokenUser;
      bufferSize: DWORD;
      BufferSize2: DWORD;
      ptgGroups: PTokenGroups;
      psidAdmin: PSID;
      x: Integer;
    const
      SECURITY_NT_AUTHORITY: TSidIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 5));

    begin
      Memo1.Lines.Clear();

      ZeroMemory(@sciezka, Length(sciezka));
      GetMem(ptgGroups, 1024);
      bufferSize := 0;

      System.AnsiStrings.StrLCopy(@sciezka, PAnsiChar(AnsiString(Edit1.Text)), Length(Edit1.Text));

  //    success := CheckFileAccess(string(sciezka), FILE_READ_DATA);
      success := Cardinal(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY OR TOKEN_READ, hToken));
      success := Cardinal(GetTokenInformation(hToken, TokenUser, ptgGroups, 1024, bufferSize));

      GetMem(TokenUserPoint, BYTE(bufferSize));
      //FillChar(TokenUserPoint, bufferSize, 0);
      //success := Cardinal(GetTokenInformation(hToken, TokenUser, TokenUserPoint, bufferSize, BufferSize2));

      sidOwn := nil;
      sidGrp := nil;
      dacl := nil;
      sacl := nil;
      sc := nil;

      sid_id_auth.Value[0] := 2;
      sid_id_auth.Value[1] := 3;
      sid_id_auth.Value[2] := 5;
      sid_id_auth.Value[3] := 0;
      sid_id_auth.Value[4] := 0;
      sid_id_auth.Value[5] := 0;

      success := Cardinal(AllocateAndInitializeSid(SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdmin));


      {$R-}
      {  for x := 0 to ptgGroups.GroupCount - 1 do
        if EqualSid(psidAdmin, ptgGroups.Groups[x].Sid) then
        begin
          Memo1.Lines.Add('Jest administrator');
          Break;
        end;  }
      {$R+}

     // success := GetFileSecurityA(sciezka, GROUP_SECURITY_INFORMATION, sc, );


      success := GetNamedSecurityInfoA(sciezka,
                            SE_FILE_OBJECT,
                            OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION,
                            nil,
                            sidGrp,
                            dacl,
                            nil,
                            sc
      );

      Memo1.Lines.Add('Funkcja zwróciła wartoć = ' + success.ToHexString());

      if IsValidSid(sidOwn) then Memo1.Lines.Add('sidOwn - poprawne')
      else Memo1.Lines.Add('sidOwn - niepoprawne');

      if IsValidSid(sidGrp) then Memo1.Lines.Add('sidGrp - poprawne')
      else Memo1.Lines.Add('sidGrp - niepoprawne');

      if(sidOwn = nil) then
        Memo1.Lines.Add('sidOwn is null');

      if(sidGrp = nil) then
        Memo1.Lines.Add('sidGrp is null');
    end;

Answer 1

As @FredS said, the parameters use pointer of pointer, and you declare here:

sidGrp: PSID;
Dacl: PACL;
Sacl: PACL;
sidGrp := nil;
dacl := nil;
sacl := nil;
sc: PSECURITY_DESCRIPTOR;
success := GetNamedSecurityInfoA(sciezka,
                        SE_FILE_OBJECT,
                        OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION,
                        nil,
                        sidGrp,
                        dacl,
                        nil,
                        sc
  );

which is equal to:

success := GetNamedSecurityInfoA(sciezka,
                            SE_FILE_OBJECT,
                            OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION,
                            nil,
                            nil,
                            nil,
                            nil,
                            nil
      );

And you will get the return error: 87(ERROR_INVALID_PARAMETER) According to the function document:

success := GetNamedSecurityInfoA(sciezka,
                        SE_FILE_OBJECT,
                        OWNER_SECURITY_INFORMATION or GROUP_SECURITY_INFORMATION or DACL_SECURITY_INFORMATION,
                        nil,
                        @sidGrp,
                        @dacl,
                        nil,
                        sc
  );