31void PrintKeyData(
PUCHAR KeyData)
34 for (
i = 0;
i < 32;
i++)
49 UCHAR KeyDataBuffer[32];
97 ProcessData.
Process = CurrentProcess;
101 MD5Update(&Md5Contexts[0], (
PVOID)&ProcessData,
sizeof(ProcessData));
102 MD5Update(&Md5Contexts[1], (
PVOID)&ProcessData,
sizeof(ProcessData));
143 UCHAR KeyDataBuffer[32];
168 UCHAR KeyDataBuffer[32];
194 UCHAR EncryptedBlockData[8];
201 while (
Length >=
sizeof(EncryptedBlockData))
206 Length -=
sizeof(EncryptedBlockData);
227 while (
Length >=
sizeof(BlockData))
232 Length -=
sizeof(BlockData);
246 UCHAR EncryptedBlockData[16];
253 while (
Length >=
sizeof(EncryptedBlockData))
258 Length -=
sizeof(EncryptedBlockData);
279 while (
Length >=
sizeof(BlockData))
284 Length -=
sizeof(BlockData);
void WINAPI MD5Update(struct md5_ctx *, const unsigned char *, unsigned int)
void WINAPI MD5Init(struct md5_ctx *)
void WINAPI MD5Final(struct md5_ctx *)
void aes_ecb_encrypt(const unsigned char *pt, unsigned char *ct, aes_key *skey)
void aes_ecb_decrypt(const unsigned char *ct, unsigned char *pt, aes_key *skey)
int aes_setup(const unsigned char *key, int keylen, int rounds, aes_key *skey)
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const des3_key *des3)
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const des3_key *des3)
int des3_setup(const unsigned char *key, int keylen, int num_rounds, des3_key *des3)
struct _KSEC_PROCESS_DATA KSEC_PROCESS_DATA
static VOID KsecEncryptMemoryDes3(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
static VOID KsecGetDes3Key(_Out_ PDES3_KEY Des3Key, _In_ ULONG OptionFlags)
static VOID KsecGetAesKey(_Out_ PAES_KEY AesKey, _In_ ULONG OptionFlags)
static VOID KsecEncryptMemoryAes(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
DES3_KEY KsecGlobalDes3Key
struct _KSEC_LOGON_DATA * PKSEC_LOGON_DATA
MD5_CTX KsecLoadTimeStartMd5s[2]
NTSTATUS NTAPI KsecDecryptMemory(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
static VOID KsecGetKeyData(_Out_ UCHAR KeyData[32], _In_ ULONG OptionFlags)
static VOID KsecDecryptMemoryAes(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
static VOID KsecDecryptMemoryDes3(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
VOID NTAPI KsecInitializeEncryptionSupport(VOID)
struct _KSEC_LOGON_DATA KSEC_LOGON_DATA
NTSTATUS NTAPI KsecEncryptMemory(_Inout_ PVOID Buffer, _In_ ULONG Length, _In_ ULONG OptionFlags)
struct _KSEC_PROCESS_DATA * PKSEC_PROCESS_DATA
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define RTL_ENCRYPT_OPTION_SAME_LOGON
NTSTATUS NTAPI KsecGatherEntropyData(PKSEC_ENTROPY_DATA EntropyData)
#define RTL_ENCRYPT_OPTION_SAME_PROCESS
#define RTL_ENCRYPT_OPTION_CROSS_PROCESS
#define PsDereferencePrimaryToken(T)
_In_ ULONG _In_ ULONG _In_ ULONG Length
LONGLONG NTAPI PsGetProcessCreateTimeQuadPart(PEPROCESS Process)
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
NTSTATUS NTAPI SeQueryAuthenticationIdToken(_In_ PACCESS_TOKEN Token, _Out_ PLUID LogonId)
Queries the authentication ID of an access token.
ULONG_PTR DirectoryTableBase
ULONG_PTR DirectoryTableBase
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define STATUS_INVALID_PARAMETER
#define PsGetCurrentProcess
FORCEINLINE PVOID RtlSecureZeroMemory(_Out_writes_bytes_all_(Size) PVOID Pointer, _In_ SIZE_T Size)