200 #define SepAcquireTokenLockExclusive(Token) \ 202 KeEnterCriticalRegion(); \ 203 ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \ 205 #define SepAcquireTokenLockShared(Token) \ 207 KeEnterCriticalRegion(); \ 208 ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \ 211 #define SepReleaseTokenLock(Token) \ 213 ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \ 214 KeLeaveCriticalRegion(); \ 374 ULONG PrivilegeCount,
377 ULONG AllocatedLength,
397 ULONG PrivilegeCount,
398 ULONG PrivilegeControl,
INIT_FUNCTION BOOLEAN NTAPI SepInitSDs(VOID)
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
struct _KNOWN_ACE * PKNOWN_ACE
const LUID SeSystemEnvironmentPrivilege
const LUID SeTimeZonePrivilege
const LUID SeRemoteShutdownPrivilege
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
const LUID SeCreateSymbolicLinkPrivilege
NTSTATUS NTAPI SeCopyClientToken(IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
const LUID SeSystemtimePrivilege
NTSTATUS NTAPI SeIsTokenSibling(IN PTOKEN Token, OUT PBOOLEAN IsSibling)
PACL SePublicDefaultUnrestrictedDacl
BOOLEAN NTAPI SepSidInTokenEx(IN PACCESS_TOKEN _Token, IN PSID PrincipalSelfSid, IN PSID _Sid, IN BOOLEAN Deny, IN BOOLEAN Restricted)
const LUID SeIncreaseQuotaPrivilege
const LUID SeIncreaseWorkingSetPrivilege
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
const LUID SeCreateTokenPrivilege
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
const LUID SeCreatePermanentPrivilege
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
const LUID SeDebugPrivilege
const LUID SeBackupPrivilege
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
NTSTATUS NTAPI SeIsTokenChild(IN PTOKEN Token, OUT PBOOLEAN IsChild)
INIT_FUNCTION BOOLEAN NTAPI SepInitDACLs(VOID)
PSECURITY_DESCRIPTOR SeSystemDefaultSd
INIT_FUNCTION BOOLEAN NTAPI SeInitSystem(VOID)
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
VOID NTAPI SeDeassignPrimaryToken(struct _EPROCESS *Process)
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
const LUID SeEnableDelegationPrivilege
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PSID SeAuthenticatedUserSid
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
const LUID SeAssignPrimaryTokenPrivilege
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
const LUID SeSystemProfilePrivilege
VOID NTAPI SeAuditProcessExit(IN PEPROCESS Process)
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
PSID SeAuthenticatedUsersSid
PSID SeCreatorOwnerServerSid
const LUID SeTrustedCredmanPrivilege
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
BOOLEAN NTAPI SepTokenIsOwner(IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
PSID SeAliasAccountOpsSid
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
const LUID SeSyncAgentPrivilege
VOID NTAPI SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
const LUID SeChangeNotifyPrivilege
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
PSECURITY_DESCRIPTOR SeUnrestrictedSd
struct _KNOWN_ACE KNOWN_ACE
PSECURITY_DESCRIPTOR SePublicDefaultSd
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
DWORD SECURITY_INFORMATION
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
NTSTATUS NTAPI SeGetLogonIdDeviceMap(IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
INIT_FUNCTION BOOLEAN NTAPI SepInitSecurityIDs(VOID)
#define _Out_writes_bytes_opt_(a)
VOID NTAPI SeCaptureSubjectContextEx(IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
const LUID SeLoadDriverPrivilege
const LUID SeManageVolumePrivilege
const LUID SeTakeOwnershipPrivilege
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
const LUID SeCreateGlobalPrivilege
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
_Inout_ PFILE_OBJECT FileObject
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
UNICODE_STRING Restricted
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
_In_ KPROCESSOR_MODE PreviousMode
const LUID SeCreatePagefilePrivilege
NTSTATUS NTAPI SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject, IN BOOLEAN DoAudit, OUT POBJECT_NAME_INFORMATION *AuditInfo)
const LUID SeRestorePrivilege
DWORD * PSECURITY_INFORMATION
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
const LUID SeRelabelPrivilege
const LUID SeImpersonatePrivilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
_In_ ULONG _In_ ULONG _In_ ULONG Length
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
BOOLEAN NTAPI SeRmInitPhase0(VOID)
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
VOID NTAPI SeAuditProcessCreate(IN PEPROCESS Process)
BOOLEAN NTAPI SepSidInToken(IN PACCESS_TOKEN _Token, IN PSID Sid)
const LUID SeLockMemoryPrivilege
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
const LUID SeProfileSingleProcessPrivilege
BOOLEAN NTAPI SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
#define _In_reads_bytes_(size)
const LUID SeIncreaseBasePriorityPrivilege
enum _TOKEN_TYPE TOKEN_TYPE
NTSTATUS NTAPI SeDefaultObjectMethod(PVOID Object, SECURITY_OPERATION_CODE OperationType, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR NewSecurityDescriptor, PULONG ReturnLength, PSECURITY_DESCRIPTOR *OldSecurityDescriptor, POOL_TYPE PoolType, PGENERIC_MAPPING GenericMapping)
const LUID SeTcbPrivilege
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
NTSTATUS NTAPI SeSubProcessToken(IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
static GENERIC_MAPPING GenericMapping
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
const LUID SeShutdownPrivilege
PSID SeAliasPowerUsersSid
PSID SeCreatorGroupServerSid
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
INIT_FUNCTION VOID NTAPI SepInitPrivileges(VOID)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
PSECURITY_DESCRIPTOR SePublicOpenSd
PACL SePublicOpenUnrestrictedDacl
ACCESS_MASK * PACCESS_MASK
INIT_FUNCTION VOID NTAPI SepInitializeTokenImplementation(VOID)
const LUID SeUnsolicitedInputPrivilege
BOOLEAN NTAPI SeCheckPrivilegedObject(IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
BOOLEAN NTAPI SeRmInitPhase1(VOID)
NTSTATUS NTAPI SeCreateAccessStateEx(IN PETHREAD Thread, IN PEPROCESS Process, IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
const LUID SeUndockPrivilege
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
const LUID SeAuditPrivilege
struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
VOID NTAPI SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
PULONG MinorVersion OPTIONAL
1.8.15