216 #define SepAcquireTokenLockExclusive(Token) \ 218 KeEnterCriticalRegion(); \ 219 ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \ 221 #define SepAcquireTokenLockShared(Token) \ 223 KeEnterCriticalRegion(); \ 224 ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \ 227 #define SepReleaseTokenLock(Token) \ 229 ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \ 230 KeLeaveCriticalRegion(); \ 406 ULONG PrivilegeCount,
409 ULONG AllocatedLength,
429 ULONG PrivilegeCount,
430 ULONG PrivilegeControl,
PTOKEN SeAnonymousLogonTokenNoEveryone
struct _KNOWN_ACE * PKNOWN_ACE
const LUID SeSystemEnvironmentPrivilege
const LUID SeTimeZonePrivilege
const LUID SeRemoteShutdownPrivilege
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
const LUID SeCreateSymbolicLinkPrivilege
NTSTATUS NTAPI SeCopyClientToken(IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
const LUID SeSystemtimePrivilege
NTSTATUS NTAPI SeIsTokenSibling(IN PTOKEN Token, OUT PBOOLEAN IsSibling)
_In_ ULONG _In_ ULONG _In_ ULONG Length
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
PACL SePublicDefaultUnrestrictedDacl
BOOLEAN NTAPI SepSidInTokenEx(IN PACCESS_TOKEN _Token, IN PSID PrincipalSelfSid, IN PSID _Sid, IN BOOLEAN Deny, IN BOOLEAN Restricted)
#define _In_reads_bytes_(s)
const LUID SeIncreaseQuotaPrivilege
const LUID SeIncreaseWorkingSetPrivilege
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
const LUID SeCreateTokenPrivilege
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
const LUID SeCreatePermanentPrivilege
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
const LUID SeDebugPrivilege
const LUID SeBackupPrivilege
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
NTSTATUS NTAPI SeIsTokenChild(IN PTOKEN Token, OUT PBOOLEAN IsChild)
PSECURITY_DESCRIPTOR SeSystemDefaultSd
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
VOID NTAPI SeDeassignPrimaryToken(struct _EPROCESS *Process)
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
const LUID SeEnableDelegationPrivilege
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PSID SeAuthenticatedUserSid
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
VOID NTAPI SepInitPrivileges(VOID)
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
PTOKEN SeAnonymousLogonToken
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
const LUID SeAssignPrimaryTokenPrivilege
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
const LUID SeSystemProfilePrivilege
VOID NTAPI SeAuditProcessExit(IN PEPROCESS Process)
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
PSID SeAuthenticatedUsersSid
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
PSID SeCreatorOwnerServerSid
const LUID SeTrustedCredmanPrivilege
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
BOOLEAN NTAPI SepTokenIsOwner(IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
PSID SeAliasAccountOpsSid
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
const LUID SeSyncAgentPrivilege
VOID NTAPI SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
BOOLEAN NTAPI SepInitDACLs(VOID)
const LUID SeChangeNotifyPrivilege
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
PSECURITY_DESCRIPTOR SeUnrestrictedSd
struct _KNOWN_ACE KNOWN_ACE
PSECURITY_DESCRIPTOR SePublicDefaultSd
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
DWORD SECURITY_INFORMATION
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
NTSTATUS NTAPI SeGetLogonIdDeviceMap(IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
VOID NTAPI SepInitializeTokenImplementation(VOID)
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
VOID NTAPI SeCaptureSubjectContextEx(IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
const LUID SeLoadDriverPrivilege
const LUID SeManageVolumePrivilege
const LUID SeTakeOwnershipPrivilege
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
const LUID SeCreateGlobalPrivilege
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
UNICODE_STRING Restricted
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
_In_ KPROCESSOR_MODE PreviousMode
const LUID SeCreatePagefilePrivilege
NTSTATUS NTAPI SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject, IN BOOLEAN DoAudit, OUT POBJECT_NAME_INFORMATION *AuditInfo)
const LUID SeRestorePrivilege
DWORD * PSECURITY_INFORMATION
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_In_ GUID _In_ PVOID ValueData
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
const LUID SeRelabelPrivilege
const LUID SeImpersonatePrivilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
BOOLEAN NTAPI SeRmInitPhase0(VOID)
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
VOID NTAPI SeAuditProcessCreate(IN PEPROCESS Process)
BOOLEAN NTAPI SepSidInToken(IN PACCESS_TOKEN _Token, IN PSID Sid)
const LUID SeLockMemoryPrivilege
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
const LUID SeProfileSingleProcessPrivilege
BOOLEAN NTAPI SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
const LUID SeIncreaseBasePriorityPrivilege
enum _TOKEN_TYPE TOKEN_TYPE
NTSTATUS NTAPI SeDefaultObjectMethod(PVOID Object, SECURITY_OPERATION_CODE OperationType, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR NewSecurityDescriptor, PULONG ReturnLength, PSECURITY_DESCRIPTOR *OldSecurityDescriptor, POOL_TYPE PoolType, PGENERIC_MAPPING GenericMapping)
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
const LUID SeTcbPrivilege
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
NTSTATUS NTAPI SeSubProcessToken(IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
static GENERIC_MAPPING GenericMapping
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
const LUID SeShutdownPrivilege
PSID SeAliasPowerUsersSid
PSID SeCreatorGroupServerSid
BOOLEAN NTAPI SeInitSystem(VOID)
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
PSECURITY_DESCRIPTOR SePublicOpenSd
PACL SePublicOpenUnrestrictedDacl
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
#define _Out_writes_bytes_opt_(s)
ACCESS_MASK * PACCESS_MASK
const LUID SeUnsolicitedInputPrivilege
BOOLEAN NTAPI SeCheckPrivilegedObject(IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
BOOLEAN NTAPI SeRmInitPhase1(VOID)
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
NTSTATUS NTAPI SeCreateAccessStateEx(IN PETHREAD Thread, IN PEPROCESS Process, IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeDetailedAuditingWithToken(IN PTOKEN Token)
const LUID SeUndockPrivilege
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
const LUID SeAuditPrivilege
PACL SeSystemAnonymousLogonDacl
struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
BOOLEAN NTAPI SepInitSDs(VOID)
VOID NTAPI SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
PULONG MinorVersion OPTIONAL
1.8.15