22 skip(
"GetTokenProcess() has failed to get the process' token (error code: %lu)!\n",
GetLastError());
62 skip(
"Failed to query the total size for token statistics structure! (Status -> 0x%lx)\n",
Status);
68 if (TokenStats ==
NULL)
70 skip(
"Failed to allocate our token statistics buffer!\n");
78 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
82 trace(
"Number of privileges before token filtering -- %lu\n\n", TokenStats->
PrivilegeCount);
97 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
101 trace(
"Number of privileges after token filtering (privileges disabled with DISABLE_MAX_PRIVILEGE) -- %lu\n\n", TokenStats->
PrivilegeCount);
125 skip(
"Failed to query the token statistics! (Status -> 0x%lx)\n",
Status);
129 trace(
"Number of privileges after token filtering (manually deleted privilege) -- %lu\n\n", TokenStats->
PrivilegeCount);
static HANDLE GetTokenProcess(VOID)
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
#define NT_SUCCESS(StatCode)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
#define GetCurrentProcess()
#define SE_BACKUP_PRIVILEGE
#define DISABLE_MAX_PRIVILEGE
#define STATUS_INVALID_HANDLE
#define STATUS_BUFFER_TOO_SMALL
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
DWORD WINAPI GetLastError(void)
FORCEINLINE LUID NTAPI_INLINE RtlConvertUlongToLuid(_In_ ULONG Val)