30{
36
37
39 0,
43 &FilteredToken);
45
46
48
49
51 0,
55 &FilteredToken);
57
58
61 {
62 skip(
"Failed to query the total size for token statistics structure! (Status -> 0x%lx)\n",
Status);
63 return;
64 }
65
66
68 if (TokenStats ==
NULL)
69 {
70 skip(
"Failed to allocate our token statistics buffer!\n");
71 return;
72 }
73
74
77 {
78 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
79 return;
80 }
81
82 trace(
"Number of privileges before token filtering -- %lu\n\n", TokenStats->
PrivilegeCount);
83
84
90 &FilteredToken);
92
93
96 {
97 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
98 return;
99 }
100
101 trace(
"Number of privileges after token filtering (privileges disabled with DISABLE_MAX_PRIVILEGE) -- %lu\n\n", TokenStats->
PrivilegeCount);
102
103
105
106
108
111
112
114 0,
116 &Priv,
118 &FilteredToken);
120
121
124 {
125 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
126 return;
127 }
128
129 trace(
"Number of privileges after token filtering (manually deleted privilege) -- %lu\n\n", TokenStats->
PrivilegeCount);
130
131
135}
static HANDLE GetTokenProcess(VOID)
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
#define NT_SUCCESS(StatCode)
#define SE_BACKUP_PRIVILEGE
#define DISABLE_MAX_PRIVILEGE
#define STATUS_INVALID_HANDLE
#define STATUS_BUFFER_TOO_SMALL
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
FORCEINLINE LUID NTAPI_INLINE RtlConvertUlongToLuid(_In_ ULONG Val)