ReactOS 0.4.15-dev-6712-g46b4b55
sefuncs.h
Go to the documentation of this file.
1/*++ NDK Version: 0098
2
3Copyright (c) Alex Ionescu. All rights reserved.
4
5Header Name:
6
7 sefuncs.h
8
9Abstract:
10
11 Function definitions for the security manager.
12
13Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 George Bișoc (george.bisoc@reactos.org) - Updated - 23-Apr-2023
17
18--*/
19
20#ifndef _SEFUNCS_H
21#define _SEFUNCS_H
22
23//
24// Dependencies
25//
26#include <umtypes.h>
27
28#ifndef NTOS_MODE_USER
29
30//
31// Security Descriptors
32//
33NTKERNELAPI
34NTSTATUS
35NTAPI
36SeCaptureSecurityDescriptor(
37 _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
38 _In_ KPROCESSOR_MODE CurrentMode,
39 _In_ POOL_TYPE PoolType,
40 _In_ BOOLEAN CaptureIfKernel,
41 _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor);
42
43NTKERNELAPI
44NTSTATUS
45NTAPI
46SeReleaseSecurityDescriptor(
47 _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
48 _In_ KPROCESSOR_MODE CurrentMode,
49 _In_ BOOLEAN CaptureIfKernelMode);
50
51//
52// Access States
53//
54NTKERNELAPI
55NTSTATUS
56NTAPI
57SeCreateAccessState(
58 _In_ PACCESS_STATE AccessState,
59 _In_ PAUX_ACCESS_DATA AuxData,
60 _In_ ACCESS_MASK Access,
61 _In_ PGENERIC_MAPPING GenericMapping);
62
63NTKERNELAPI
64VOID
65NTAPI
66SeDeleteAccessState(
67 _In_ PACCESS_STATE AccessState);
68
69//
70// Impersonation
71//
72NTKERNELAPI
73SECURITY_IMPERSONATION_LEVEL
74NTAPI
75SeTokenImpersonationLevel(
76 _In_ PACCESS_TOKEN Token);
77
78#endif
79
80//
81// Native Calls
82//
83_Must_inspect_result_
84__kernel_entry
85NTSYSCALLAPI
86NTSTATUS
87NTAPI
88NtAccessCheck(
89 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
90 _In_ HANDLE ClientToken,
91 _In_ ACCESS_MASK DesiredAccess,
92 _In_ PGENERIC_MAPPING GenericMapping,
93 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
94 _Inout_ PULONG PrivilegeSetLength,
95 _Out_ PACCESS_MASK GrantedAccess,
96 _Out_ PNTSTATUS AccessStatus);
97
98_Must_inspect_result_
99NTSYSCALLAPI
100NTSTATUS
101NTAPI
102NtAccessCheckByType(
103 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
104 _In_opt_ PSID PrincipalSelfSid,
105 _In_ HANDLE ClientToken,
106 _In_ ACCESS_MASK DesiredAccess,
107 _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
108 _In_ ULONG ObjectTypeListLength,
109 _In_ PGENERIC_MAPPING GenericMapping,
110 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
111 _Inout_ PULONG PrivilegeSetLength,
112 _Out_ PACCESS_MASK GrantedAccess,
113 _Out_ PNTSTATUS AccessStatus);
114
115_Must_inspect_result_
116NTSYSCALLAPI
117NTSTATUS
118NTAPI
119NtAccessCheckByTypeResultList(
120 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
121 _In_opt_ PSID PrincipalSelfSid,
122 _In_ HANDLE ClientToken,
123 _In_ ACCESS_MASK DesiredAccess,
124 _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
125 _In_ ULONG ObjectTypeListLength,
126 _In_ PGENERIC_MAPPING GenericMapping,
127 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
128 _Inout_ PULONG PrivilegeSetLength,
129 _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
130 _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus);
131
132_Must_inspect_result_
133__kernel_entry NTSYSCALLAPI
134NTSTATUS
135NTAPI
136NtAccessCheckAndAuditAlarm(
137 _In_ PUNICODE_STRING SubsystemName,
138 _In_opt_ PVOID HandleId,
139 _In_ PUNICODE_STRING ObjectTypeName,
140 _In_ PUNICODE_STRING ObjectName,
141 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
142 _In_ ACCESS_MASK DesiredAccess,
143 _In_ PGENERIC_MAPPING GenericMapping,
144 _In_ BOOLEAN ObjectCreation,
145 _Out_ PACCESS_MASK GrantedAccess,
146 _Out_ PNTSTATUS AccessStatus,
147 _Out_ PBOOLEAN GenerateOnClose);
148
149_Must_inspect_result_
150__kernel_entry
151NTSYSCALLAPI
152NTSTATUS
153NTAPI
154NtAdjustGroupsToken(
155 _In_ HANDLE TokenHandle,
156 _In_ BOOLEAN ResetToDefault,
157 _In_opt_ PTOKEN_GROUPS NewState,
158 _In_opt_ ULONG BufferLength,
159 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
160 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
161
162_Must_inspect_result_
163__kernel_entry
164NTSYSCALLAPI
165NTSTATUS
166NTAPI
167NtAdjustPrivilegesToken(
168 _In_ HANDLE TokenHandle,
169 _In_ BOOLEAN DisableAllPrivileges,
170 _In_opt_ PTOKEN_PRIVILEGES NewState,
171 _In_ ULONG BufferLength,
172 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
173 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
174
175NTSYSCALLAPI
176NTSTATUS
177NTAPI
178NtAllocateLocallyUniqueId(
179 _Out_ LUID *LocallyUniqueId);
180
181NTSYSCALLAPI
182NTSTATUS
183NTAPI
184NtAllocateUuids(
185 _Out_ PULARGE_INTEGER Time,
186 _Out_ PULONG Range,
187 _Out_ PULONG Sequence,
188 _Out_ PUCHAR Seed);
189
190NTSYSCALLAPI
191NTSTATUS
192NTAPI
193NtCompareTokens(
194 _In_ HANDLE FirstTokenHandle,
195 _In_ HANDLE SecondTokenHandle,
196 _Out_ PBOOLEAN Equal);
197
198__kernel_entry
199NTSYSCALLAPI
200NTSTATUS
201NTAPI
202NtCreateToken(
203 _Out_ PHANDLE TokenHandle,
204 _In_ ACCESS_MASK DesiredAccess,
205 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
206 _In_ TOKEN_TYPE TokenType,
207 _In_ PLUID AuthenticationId,
208 _In_ PLARGE_INTEGER ExpirationTime,
209 _In_ PTOKEN_USER TokenUser,
210 _In_ PTOKEN_GROUPS TokenGroups,
211 _In_ PTOKEN_PRIVILEGES TokenPrivileges,
212 _In_opt_ PTOKEN_OWNER TokenOwner,
213 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
214 _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
215 _In_ PTOKEN_SOURCE TokenSource);
216
217_Must_inspect_result_
218__kernel_entry
219NTSYSCALLAPI
220NTSTATUS
221NTAPI
222NtDuplicateToken(
223 _In_ HANDLE ExistingTokenHandle,
224 _In_ ACCESS_MASK DesiredAccess,
225 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
226 _In_ BOOLEAN EffectiveOnly,
227 _In_ TOKEN_TYPE TokenType,
228 _Out_ PHANDLE NewTokenHandle);
229
230_Must_inspect_result_
231__kernel_entry
232NTSYSCALLAPI
233NTSTATUS
234NTAPI
235NtFilterToken(
236 _In_ HANDLE ExistingTokenHandle,
237 _In_ ULONG Flags,
238 _In_opt_ PTOKEN_GROUPS SidsToDisable,
239 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
240 _In_opt_ PTOKEN_GROUPS RestrictedSids,
241 _Out_ PHANDLE NewTokenHandle);
242
243NTSYSCALLAPI
244NTSTATUS
245NTAPI
246NtImpersonateAnonymousToken(
247 _In_ HANDLE ThreadHandle);
248
249__kernel_entry
250NTSYSCALLAPI
251NTSTATUS
252NTAPI
253NtOpenObjectAuditAlarm(
254 _In_ PUNICODE_STRING SubsystemName,
255 _In_opt_ PVOID HandleId,
256 _In_ PUNICODE_STRING ObjectTypeName,
257 _In_ PUNICODE_STRING ObjectName,
258 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
259 _In_ HANDLE ClientToken,
260 _In_ ACCESS_MASK DesiredAccess,
261 _In_ ACCESS_MASK GrantedAccess,
262 _In_opt_ PPRIVILEGE_SET Privileges,
263 _In_ BOOLEAN ObjectCreation,
264 _In_ BOOLEAN AccessGranted,
265 _Out_ PBOOLEAN GenerateOnClose);
266
267NTSYSCALLAPI
268NTSTATUS
269NTAPI
270NtOpenProcessTokenEx(
271 _In_ HANDLE ProcessHandle,
272 _In_ ACCESS_MASK DesiredAccess,
273 _In_ ULONG HandleAttributes,
274 _Out_ PHANDLE TokenHandle);
275
276_Must_inspect_result_
277__kernel_entry
278NTSYSCALLAPI
279NTSTATUS
280NTAPI
281NtPrivilegeCheck(
282 _In_ HANDLE ClientToken,
283 _Inout_ PPRIVILEGE_SET RequiredPrivileges,
284 _Out_ PBOOLEAN Result);
285
286NTSYSCALLAPI
287NTSTATUS
288NTAPI
289NtPrivilegedServiceAuditAlarm(
290 _In_ PUNICODE_STRING SubsystemName,
291 _In_ PUNICODE_STRING ServiceName,
292 _In_ HANDLE ClientToken,
293 _In_ PPRIVILEGE_SET Privileges,
294 _In_ BOOLEAN AccessGranted);
295
296__kernel_entry
297NTSYSCALLAPI
298NTSTATUS
299NTAPI
300NtPrivilegeObjectAuditAlarm(
301 _In_ PUNICODE_STRING SubsystemName,
302 _In_opt_ PVOID HandleId,
303 _In_ HANDLE ClientToken,
304 _In_ ACCESS_MASK DesiredAccess,
305 _In_ PPRIVILEGE_SET Privileges,
306 _In_ BOOLEAN AccessGranted);
307
308_When_(TokenInformationClass == TokenAccessInformation,
309 _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
310_Must_inspect_result_
311__kernel_entry
312NTSYSCALLAPI
313NTSTATUS
314NTAPI
315NtQueryInformationToken(
316 _In_ HANDLE TokenHandle,
317 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
318 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
319 _In_ ULONG TokenInformationLength,
320 _Out_ PULONG ReturnLength);
321
322_Must_inspect_result_
323__kernel_entry
324NTSYSCALLAPI
325NTSTATUS
326NTAPI
327NtSetInformationToken(
328 _In_ HANDLE TokenHandle,
329 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
330 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
331 _In_ ULONG TokenInformationLength);
332
333NTSYSAPI
334NTSTATUS
335NTAPI
336ZwAccessCheck(
337 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
338 _In_ HANDLE ClientToken,
339 _In_ ACCESS_MASK DesiredAccess,
340 _In_ PGENERIC_MAPPING GenericMapping,
341 _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
342 _Out_ PULONG PrivilegeSetLength,
343 _Out_ PACCESS_MASK GrantedAccess,
344 _Out_ PNTSTATUS AccessStatus);
345
346NTSYSAPI
347NTSTATUS
348NTAPI
349ZwAdjustGroupsToken(
350 _In_ HANDLE TokenHandle,
351 _In_ BOOLEAN ResetToDefault,
352 _In_ PTOKEN_GROUPS NewState,
353 _In_ ULONG BufferLength,
354 _Out_opt_ PTOKEN_GROUPS PreviousState,
355 _Out_ PULONG ReturnLength);
356
357_Must_inspect_result_
358NTSYSAPI
359NTSTATUS
360NTAPI
361ZwAdjustPrivilegesToken(
362 _In_ HANDLE TokenHandle,
363 _In_ BOOLEAN DisableAllPrivileges,
364 _In_opt_ PTOKEN_PRIVILEGES NewState,
365 _In_ ULONG BufferLength,
366 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
367 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
368
369NTSYSAPI
370NTSTATUS
371NTAPI
372ZwAllocateLocallyUniqueId(
373 _Out_ LUID *LocallyUniqueId);
374
375NTSYSAPI
376NTSTATUS
377NTAPI
378ZwAllocateUuids(
379 _Out_ PULARGE_INTEGER Time,
380 _Out_ PULONG Range,
381 _Out_ PULONG Sequence,
382 _Out_ PUCHAR Seed);
383
384NTSYSAPI
385NTSTATUS
386NTAPI
387ZwCreateToken(
388 _Out_ PHANDLE TokenHandle,
389 _In_ ACCESS_MASK DesiredAccess,
390 _In_ POBJECT_ATTRIBUTES ObjectAttributes,
391 _In_ TOKEN_TYPE TokenType,
392 _In_ PLUID AuthenticationId,
393 _In_ PLARGE_INTEGER ExpirationTime,
394 _In_ PTOKEN_USER TokenUser,
395 _In_ PTOKEN_GROUPS TokenGroups,
396 _In_ PTOKEN_PRIVILEGES TokenPrivileges,
397 _In_ PTOKEN_OWNER TokenOwner,
398 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
399 _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
400 _In_ PTOKEN_SOURCE TokenSource);
401
402_IRQL_requires_max_(PASSIVE_LEVEL)
403NTSYSAPI
404NTSTATUS
405NTAPI
406ZwDuplicateToken(
407 _In_ HANDLE ExistingTokenHandle,
408 _In_ ACCESS_MASK DesiredAccess,
409 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
410 _In_ BOOLEAN EffectiveOnly,
411 _In_ TOKEN_TYPE TokenType,
412 _Out_ PHANDLE NewTokenHandle);
413
414NTSYSAPI
415NTSTATUS
416NTAPI
417ZwImpersonateAnonymousToken(
418 _In_ HANDLE Thread);
419
420NTSYSAPI
421NTSTATUS
422NTAPI
423ZwOpenObjectAuditAlarm(
424 _In_ PUNICODE_STRING SubsystemName,
425 _In_ PVOID HandleId,
426 _In_ PUNICODE_STRING ObjectTypeName,
427 _In_ PUNICODE_STRING ObjectName,
428 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
429 _In_ HANDLE ClientToken,
430 _In_ ULONG DesiredAccess,
431 _In_ ULONG GrantedAccess,
432 _In_ PPRIVILEGE_SET Privileges,
433 _In_ BOOLEAN ObjectCreation,
434 _In_ BOOLEAN AccessGranted,
435 _Out_ PBOOLEAN GenerateOnClose);
436
437_IRQL_requires_max_(PASSIVE_LEVEL)
438NTSYSAPI
439NTSTATUS
440NTAPI
441ZwOpenProcessToken(
442 _In_ HANDLE ProcessHandle,
443 _In_ ACCESS_MASK DesiredAccess,
444 _Out_ PHANDLE TokenHandle);
445
446NTSYSAPI
447NTSTATUS
448NTAPI
449ZwOpenProcessTokenEx(
450 _In_ HANDLE ProcessHandle,
451 _In_ ACCESS_MASK DesiredAccess,
452 _In_ ULONG HandleAttributes,
453 _Out_ PHANDLE TokenHandle);
454
455NTSYSAPI
456NTSTATUS
457NTAPI
458ZwPrivilegeCheck(
459 _In_ HANDLE ClientToken,
460 _In_ PPRIVILEGE_SET RequiredPrivileges,
461 _In_ PBOOLEAN Result);
462
463NTSYSAPI
464NTSTATUS
465NTAPI
466ZwPrivilegedServiceAuditAlarm(
467 _In_ PUNICODE_STRING SubsystemName,
468 _In_ PUNICODE_STRING ServiceName,
469 _In_ HANDLE ClientToken,
470 _In_ PPRIVILEGE_SET Privileges,
471 _In_ BOOLEAN AccessGranted);
472
473NTSYSAPI
474NTSTATUS
475NTAPI
476ZwPrivilegeObjectAuditAlarm(
477 _In_ PUNICODE_STRING SubsystemName,
478 _In_ PVOID HandleId,
479 _In_ HANDLE ClientToken,
480 _In_ ULONG DesiredAccess,
481 _In_ PPRIVILEGE_SET Privileges,
482 _In_ BOOLEAN AccessGranted);
483
484_IRQL_requires_max_(PASSIVE_LEVEL)
485NTSYSAPI
486NTSTATUS
487NTAPI
488ZwQueryInformationToken(
489 _In_ HANDLE TokenHandle,
490 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
491 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
492 _In_ ULONG Length,
493 _Out_ PULONG ResultLength);
494
495NTSYSAPI
496NTSTATUS
497NTAPI
498ZwSetInformationToken(
499 _In_ HANDLE TokenHandle,
500 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
501 _Out_ PVOID TokenInformation,
502 _In_ ULONG TokenInformationLength);
503
504#endif
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
TOKEN_TYPE
TOKEN_TYPE
Definition: asmpp.cpp:29
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ServiceName
static WCHAR ServiceName[]
Definition: browser.c:19
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:12
NULL
#define NULL
Definition: types.h:112
_IRQL_requires_max_
#define _IRQL_requires_max_(irql)
Definition: driverspecs.h:230
PASSIVE_LEVEL
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
Time
static PLARGE_INTEGER Time
Definition: time.c:105
_Out_opt_
#define _Out_opt_
Definition: ms_sal.h:346
_In_reads_bytes_
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321
_Inout_
#define _Inout_
Definition: ms_sal.h:378
_Out_writes_bytes_
#define _Out_writes_bytes_(size)
Definition: ms_sal.h:350
_Out_writes_
#define _Out_writes_(size)
Definition: ms_sal.h:348
_At_
#define _At_(target, annos)
Definition: ms_sal.h:244
_Must_inspect_result_
#define _Must_inspect_result_
Definition: ms_sal.h:558
_Out_
#define _Out_
Definition: ms_sal.h:345
_In_reads_opt_
#define _In_reads_opt_(size)
Definition: ms_sal.h:320
_When_
#define _When_(expr, annos)
Definition: ms_sal.h:254
_Out_writes_bytes_to_opt_
#define _Out_writes_bytes_to_opt_(size, count)
Definition: ms_sal.h:361
_In_
#define _In_
Definition: ms_sal.h:308
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
_In_range_
#define _In_range_(lb, ub)
Definition: ms_sal.h:571
_In_reads_
#define _In_reads_(size)
Definition: ms_sal.h:319
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:433
SeReleaseSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
NtAllocateLocallyUniqueId
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
NtAccessCheckByType
_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2226
NtOpenObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1622
NtAdjustGroupsToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
NtOpenProcessTokenEx
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
SeCaptureSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
ZwImpersonateAnonymousToken
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken(_In_ HANDLE Thread)
NtCompareTokens
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:2501
ZwAdjustPrivilegesToken
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
NtCreateToken
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Creates an access token.
Definition: tokenlif.c:1558
ZwPrivilegeCheck
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
SeTokenImpersonationLevel
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
Definition: token.c:2057
NtPrivilegedServiceAuditAlarm
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: tokencls.c:1125
ZwAccessCheck
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
NtImpersonateAnonymousToken
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2610
ZwAllocateUuids
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids(_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
ZwPrivilegeObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
SeCreateAccessState
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState(_In_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
ZwAdjustGroupsToken
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
ZwPrivilegedServiceAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
TokenHandle
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
Definition: sefuncs.h:444
ZwOpenProcessTokenEx
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
ZwCreateToken
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
NtFilterToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
ZwSetInformationToken
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
NtPrivilegeCheck
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2125
SeDeleteAccessState
NTKERNELAPI VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:150
ZwOpenObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
Definition: sefuncs.h:409
NtAccessCheckByTypeResultList
_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
Definition: accesschk.c:2269
NtAllocateUuids
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids(_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
NtPrivilegeObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
ReturnLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
Definition: sefuncs.h:320
ZwAllocateLocallyUniqueId
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
NtAccessCheck
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on an object.
Definition: accesschk.c:2186
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
NTSYSCALLAPI
#define NTSYSCALLAPI
Definition: ntbasedef.h:204
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
__kernel_entry
#define __kernel_entry
Definition: specstrings.h:355
_ACCESS_STATE
Definition: setypes.h:224
_AUX_ACCESS_DATA
Definition: setypes.h:257
_GENERIC_MAPPING
Definition: nt_native.h:564
_LUID
Definition: devicetopology.idl:137
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_OBJECT_TYPE_LIST
Definition: setypes.h:856
_PRIVILEGE_SET
Definition: setypes.h:85
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SID
Definition: ms-dtyp.idl:198
_TOKEN_ACCESS_INFORMATION
Definition: setypes.h:1167
_TOKEN_DEFAULT_DACL
Definition: setypes.h:1035
_TOKEN_GROUPS
Definition: setypes.h:1013
_TOKEN_OWNER
Definition: setypes.h:1027
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:1031
_TOKEN_PRIVILEGES
Definition: setypes.h:1022
_TOKEN_SOURCE
Definition: imports.h:277
_TOKEN_USER
Definition: setypes.h:1009
_ULARGE_INTEGER
Definition: ms-dtyp.idl:184
_UNICODE_STRING
Definition: env_spec_w32.h:368
tagRange
Definition: range.c:39
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
PBOOLEAN
unsigned char * PBOOLEAN
Definition: typedefs.h:53
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
NTAPI
#define NTAPI
Definition: typedefs.h:36
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
ULONG
uint32_t ULONG
Definition: typedefs.h:59
_LARGE_INTEGER
Definition: typedefs.h:103
PreviousState
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
NTKERNELAPI
#define NTKERNELAPI
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
TokenDefaultDacl
@ TokenDefaultDacl
Definition: setypes.h:971
TokenSource
@ TokenSource
Definition: setypes.h:972
TokenAccessInformation
@ TokenAccessInformation
Definition: setypes.h:987
TokenGroups
@ TokenGroups
Definition: setypes.h:967
TokenPrivileges
@ TokenPrivileges
Definition: setypes.h:968
TokenUser
@ TokenUser
Definition: setypes.h:966
TokenPrimaryGroup
@ TokenPrimaryGroup
Definition: setypes.h:970
TokenOwner
@ TokenOwner
Definition: setypes.h:969
TOKEN_INFORMATION_CLASS
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
ZwOpenProcessToken
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)