ReactOS  0.4.15-dev-2106-g6de3300
sefuncs.h
Go to the documentation of this file.
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu. All rights reserved.
4 
5 Header Name:
6 
7  sefuncs.h
8 
9 Abstract:
10 
11  Function definitions for the security manager.
12 
13 Author:
14 
15  Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _SEFUNCS_H
20 #define _SEFUNCS_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 
27 #ifndef NTOS_MODE_USER
28 
29 //
30 // Security Descriptors
31 //
32 NTKERNELAPI
33 NTSTATUS
34 NTAPI
35 SeCaptureSecurityDescriptor(
36  _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
37  _In_ KPROCESSOR_MODE CurrentMode,
38  _In_ POOL_TYPE PoolType,
39  _In_ BOOLEAN CaptureIfKernel,
40  _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
41 );
42 
43 NTKERNELAPI
44 NTSTATUS
45 NTAPI
46 SeReleaseSecurityDescriptor(
47  _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
48  _In_ KPROCESSOR_MODE CurrentMode,
49  _In_ BOOLEAN CaptureIfKernelMode
50 );
51 
52 //
53 // Access States
54 //
55 NTKERNELAPI
56 NTSTATUS
57 NTAPI
58 SeCreateAccessState(
59  PACCESS_STATE AccessState,
60  PAUX_ACCESS_DATA AuxData,
61  ACCESS_MASK Access,
62  PGENERIC_MAPPING GenericMapping
63 );
64 
65 NTKERNELAPI
66 VOID
67 NTAPI
68 SeDeleteAccessState(
69  _In_ PACCESS_STATE AccessState
70 );
71 
72 //
73 // Impersonation
74 //
75 NTKERNELAPI
76 SECURITY_IMPERSONATION_LEVEL
77 NTAPI
78 SeTokenImpersonationLevel(
79  _In_ PACCESS_TOKEN Token
80 );
81 
82 #endif
83 
84 //
85 // Native Calls
86 //
87 NTSYSCALLAPI
88 NTSTATUS
89 NTAPI
90 NtAccessCheck(
91  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
92  _In_ HANDLE ClientToken,
93  _In_ ACCESS_MASK DesiredAccess,
94  _In_ PGENERIC_MAPPING GenericMapping,
95  _Out_ PPRIVILEGE_SET PrivilegeSet,
96  _Out_ PULONG ReturnLength,
97  _Out_ PACCESS_MASK GrantedAccess,
98  _Out_ PNTSTATUS AccessStatus
99 );
100 
101 NTSTATUS
102 NTAPI
103 NtAccessCheckByType(
104  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
105  _In_ PSID PrincipalSelfSid,
106  _In_ HANDLE ClientToken,
107  _In_ ACCESS_MASK DesiredAccess,
108  _In_ POBJECT_TYPE_LIST ObjectTypeList,
109  _In_ ULONG ObjectTypeLength,
110  _In_ PGENERIC_MAPPING GenericMapping,
111  _In_ PPRIVILEGE_SET PrivilegeSet,
112  _Inout_ PULONG PrivilegeSetLength,
113  _Out_ PACCESS_MASK GrantedAccess,
114  _Out_ PNTSTATUS AccessStatus
115 );
116 
117 NTSTATUS
118 NTAPI
119 NtAccessCheckByTypeResultList(
120  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
121  _In_ PSID PrincipalSelfSid,
122  _In_ HANDLE ClientToken,
123  _In_ ACCESS_MASK DesiredAccess,
124  _In_ POBJECT_TYPE_LIST ObjectTypeList,
125  _In_ ULONG ObjectTypeLength,
126  _In_ PGENERIC_MAPPING GenericMapping,
127  _In_ PPRIVILEGE_SET PrivilegeSet,
128  _Inout_ PULONG PrivilegeSetLength,
129  _Out_ PACCESS_MASK GrantedAccess,
130  _Out_ PNTSTATUS AccessStatus
131 );
132 
133 _Must_inspect_result_
134 __kernel_entry NTSYSCALLAPI
135 NTSTATUS
136 NTAPI
137 NtAccessCheckAndAuditAlarm(
138  _In_ PUNICODE_STRING SubsystemName,
139  _In_opt_ PVOID HandleId,
140  _In_ PUNICODE_STRING ObjectTypeName,
141  _In_ PUNICODE_STRING ObjectName,
142  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
143  _In_ ACCESS_MASK DesiredAccess,
144  _In_ PGENERIC_MAPPING GenericMapping,
145  _In_ BOOLEAN ObjectCreation,
146  _Out_ PACCESS_MASK GrantedAccess,
147  _Out_ PNTSTATUS AccessStatus,
148  _Out_ PBOOLEAN GenerateOnClose
149 );
150 
151 _Must_inspect_result_
152 __kernel_entry
153 NTSYSCALLAPI
154 NTSTATUS
155 NTAPI
156 NtAdjustGroupsToken(
157  _In_ HANDLE TokenHandle,
158  _In_ BOOLEAN ResetToDefault,
159  _In_opt_ PTOKEN_GROUPS NewState,
160  _In_opt_ ULONG BufferLength,
161  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
162  _Out_ PULONG ReturnLength
163 );
164 
165 _Must_inspect_result_
166 __kernel_entry
167 NTSYSCALLAPI
168 NTSTATUS
169 NTAPI
170 NtAdjustPrivilegesToken(
171  _In_ HANDLE TokenHandle,
172  _In_ BOOLEAN DisableAllPrivileges,
173  _In_opt_ PTOKEN_PRIVILEGES NewState,
174  _In_ ULONG BufferLength,
175  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
176  _When_(PreviousState != NULL, _Out_) PULONG ReturnLength
177 );
178 
179 NTSYSCALLAPI
180 NTSTATUS
181 NTAPI
182 NtAllocateLocallyUniqueId(
183  _Out_ LUID *LocallyUniqueId
184 );
185 
186 NTSYSCALLAPI
187 NTSTATUS
188 NTAPI
189 NtAllocateUuids(
190  PULARGE_INTEGER Time,
191  PULONG Range,
192  PULONG Sequence,
193  PUCHAR Seed
194 );
195 
196 NTSYSCALLAPI
197 NTSTATUS
198 NTAPI
199 NtCompareTokens(
200  _In_ HANDLE FirstTokenHandle,
201  _In_ HANDLE SecondTokenHandle,
202  _Out_ PBOOLEAN Equal);
203 
204 __kernel_entry
205 NTSYSCALLAPI
206 NTSTATUS
207 NTAPI
208 NtCreateToken(
209  _Out_ PHANDLE TokenHandle,
210  _In_ ACCESS_MASK DesiredAccess,
211  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
212  _In_ TOKEN_TYPE TokenType,
213  _In_ PLUID AuthenticationId,
214  _In_ PLARGE_INTEGER ExpirationTime,
215  _In_ PTOKEN_USER TokenUser,
216  _In_ PTOKEN_GROUPS TokenGroups,
217  _In_ PTOKEN_PRIVILEGES TokenPrivileges,
218  _In_opt_ PTOKEN_OWNER TokenOwner,
219  _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
220  _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
221  _In_ PTOKEN_SOURCE TokenSource
222 );
223 
224 _Must_inspect_result_
225 __kernel_entry
226 NTSYSCALLAPI
227 NTSTATUS
228 NTAPI
229 NtDuplicateToken(
230  _In_ HANDLE ExistingTokenHandle,
231  _In_ ACCESS_MASK DesiredAccess,
232  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
233  _In_ BOOLEAN EffectiveOnly,
234  _In_ TOKEN_TYPE TokenType,
235  _Out_ PHANDLE NewTokenHandle
236 );
237 
238 NTSYSCALLAPI
239 NTSTATUS
240 NTAPI
241 NtImpersonateAnonymousToken(
242  _In_ HANDLE Thread
243 );
244 
245 __kernel_entry
246 NTSYSCALLAPI
247 NTSTATUS
248 NTAPI
249 NtOpenObjectAuditAlarm(
250  _In_ PUNICODE_STRING SubsystemName,
251  _In_opt_ PVOID HandleId,
252  _In_ PUNICODE_STRING ObjectTypeName,
253  _In_ PUNICODE_STRING ObjectName,
254  _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
255  _In_ HANDLE ClientToken,
256  _In_ ACCESS_MASK DesiredAccess,
257  _In_ ACCESS_MASK GrantedAccess,
258  _In_opt_ PPRIVILEGE_SET Privileges,
259  _In_ BOOLEAN ObjectCreation,
260  _In_ BOOLEAN AccessGranted,
261  _Out_ PBOOLEAN GenerateOnClose
262 );
263 
264 NTSYSCALLAPI
265 NTSTATUS
266 NTAPI
267 NtOpenProcessTokenEx(
268  _In_ HANDLE ProcessHandle,
269  _In_ ACCESS_MASK DesiredAccess,
270  _In_ ULONG HandleAttributes,
271  _Out_ PHANDLE TokenHandle
272 );
273 
274 _Must_inspect_result_
275 __kernel_entry
276 NTSYSCALLAPI
277 NTSTATUS
278 NTAPI
279 NtPrivilegeCheck(
280  _In_ HANDLE ClientToken,
281  _Inout_ PPRIVILEGE_SET RequiredPrivileges,
282  _Out_ PBOOLEAN Result
283 );
284 
285 NTSYSCALLAPI
286 NTSTATUS
287 NTAPI
288 NtPrivilegedServiceAuditAlarm(
289  _In_ PUNICODE_STRING SubsystemName,
290  _In_ PUNICODE_STRING ServiceName,
291  _In_ HANDLE ClientToken,
292  _In_ PPRIVILEGE_SET Privileges,
293  _In_ BOOLEAN AccessGranted
294 );
295 
296 __kernel_entry
297 NTSYSCALLAPI
298 NTSTATUS
299 NTAPI
300 NtPrivilegeObjectAuditAlarm(
301  _In_ PUNICODE_STRING SubsystemName,
302  _In_opt_ PVOID HandleId,
303  _In_ HANDLE ClientToken,
304  _In_ ACCESS_MASK DesiredAccess,
305  _In_ PPRIVILEGE_SET Privileges,
306  _In_ BOOLEAN AccessGranted
307 );
308 
309 _When_(TokenInformationClass == TokenAccessInformation,
310  _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
311 _Must_inspect_result_
312 __kernel_entry
313 NTSYSCALLAPI
314 NTSTATUS
315 NTAPI
316 NtQueryInformationToken(
317  _In_ HANDLE TokenHandle,
318  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
319  _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
320  _In_ ULONG TokenInformationLength,
321  _Out_ PULONG ReturnLength
322 );
323 
324 _Must_inspect_result_
325 __kernel_entry
326 NTSYSCALLAPI
327 NTSTATUS
328 NTAPI
329 NtSetInformationToken(
330  _In_ HANDLE TokenHandle,
331  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
332  _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
333  _In_ ULONG TokenInformationLength
334 );
335 
336 NTSYSAPI
337 NTSTATUS
338 NTAPI
339 ZwAccessCheck(
340  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
341  _In_ HANDLE ClientToken,
342  _In_ ACCESS_MASK DesiredAccess,
343  _In_ PGENERIC_MAPPING GenericMapping,
344  _Out_ PPRIVILEGE_SET PrivilegeSet,
345  _Out_ PULONG ReturnLength,
346  _Out_ PACCESS_MASK GrantedAccess,
347  _Out_ PNTSTATUS AccessStatus
348 );
349 
350 NTSYSAPI
351 NTSTATUS
352 NTAPI
353 ZwAdjustGroupsToken(
354  _In_ HANDLE TokenHandle,
355  _In_ BOOLEAN ResetToDefault,
356  _In_ PTOKEN_GROUPS NewState,
357  _In_ ULONG BufferLength,
358  _Out_opt_ PTOKEN_GROUPS PreviousState,
359  _Out_ PULONG ReturnLength
360 );
361 
362 _Must_inspect_result_
363 NTSYSAPI
364 NTSTATUS
365 NTAPI
366 ZwAdjustPrivilegesToken(
367  _In_ HANDLE TokenHandle,
368  _In_ BOOLEAN DisableAllPrivileges,
369  _In_opt_ PTOKEN_PRIVILEGES NewState,
370  _In_ ULONG BufferLength,
371  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
372  _When_(PreviousState != NULL, _Out_) PULONG ReturnLength
373 );
374 
375 NTSYSAPI
376 NTSTATUS
377 NTAPI
378 ZwAllocateLocallyUniqueId(
379  _Out_ LUID *LocallyUniqueId
380 );
381 
382 NTSYSAPI
383 NTSTATUS
384 NTAPI
385 ZwAllocateUuids(
386  PULARGE_INTEGER Time,
387  PULONG Range,
388  PULONG Sequence,
389  PUCHAR Seed
390 );
391 
392 NTSYSAPI
393 NTSTATUS
394 NTAPI
395 ZwCreateToken(
396  _Out_ PHANDLE TokenHandle,
397  _In_ ACCESS_MASK DesiredAccess,
398  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
399  _In_ TOKEN_TYPE TokenType,
400  _In_ PLUID AuthenticationId,
401  _In_ PLARGE_INTEGER ExpirationTime,
402  _In_ PTOKEN_USER TokenUser,
403  _In_ PTOKEN_GROUPS TokenGroups,
404  _In_ PTOKEN_PRIVILEGES TokenPrivileges,
405  _In_ PTOKEN_OWNER TokenOwner,
406  _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
407  _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
408  _In_ PTOKEN_SOURCE TokenSource
409 );
410 
411 _IRQL_requires_max_(PASSIVE_LEVEL)
412 NTSYSAPI
413 NTSTATUS
414 NTAPI
415 ZwDuplicateToken(
416  _In_ HANDLE ExistingTokenHandle,
417  _In_ ACCESS_MASK DesiredAccess,
418  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
419  _In_ BOOLEAN EffectiveOnly,
420  _In_ TOKEN_TYPE TokenType,
421  _Out_ PHANDLE NewTokenHandle
422 );
423 
424 NTSYSAPI
425 NTSTATUS
426 NTAPI
427 ZwImpersonateAnonymousToken(
428  _In_ HANDLE Thread
429 );
430 
431 NTSYSAPI
432 NTSTATUS
433 NTAPI
434 ZwOpenObjectAuditAlarm(
435  _In_ PUNICODE_STRING SubsystemName,
436  _In_ PVOID HandleId,
437  _In_ PUNICODE_STRING ObjectTypeName,
438  _In_ PUNICODE_STRING ObjectName,
439  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
440  _In_ HANDLE ClientToken,
441  _In_ ULONG DesiredAccess,
442  _In_ ULONG GrantedAccess,
443  _In_ PPRIVILEGE_SET Privileges,
444  _In_ BOOLEAN ObjectCreation,
445  _In_ BOOLEAN AccessGranted,
446  _Out_ PBOOLEAN GenerateOnClose
447 );
448 
449 _IRQL_requires_max_(PASSIVE_LEVEL)
450 NTSYSAPI
451 NTSTATUS
452 NTAPI
453 ZwOpenProcessToken(
454  _In_ HANDLE ProcessHandle,
455  _In_ ACCESS_MASK DesiredAccess,
456  _Out_ PHANDLE TokenHandle
457 );
458 
459 NTSYSAPI
460 NTSTATUS
461 NTAPI
462 ZwOpenProcessTokenEx(
463  _In_ HANDLE ProcessHandle,
464  _In_ ACCESS_MASK DesiredAccess,
465  _In_ ULONG HandleAttributes,
466  _Out_ PHANDLE TokenHandle
467 );
468 
469 NTSYSAPI
470 NTSTATUS
471 NTAPI
472 ZwPrivilegeCheck(
473  _In_ HANDLE ClientToken,
474  _In_ PPRIVILEGE_SET RequiredPrivileges,
475  _In_ PBOOLEAN Result
476 );
477 
478 NTSYSAPI
479 NTSTATUS
480 NTAPI
481 ZwPrivilegedServiceAuditAlarm(
482  _In_ PUNICODE_STRING SubsystemName,
483  _In_ PUNICODE_STRING ServiceName,
484  _In_ HANDLE ClientToken,
485  _In_ PPRIVILEGE_SET Privileges,
486  _In_ BOOLEAN AccessGranted
487 );
488 
489 NTSYSAPI
490 NTSTATUS
491 NTAPI
492 ZwPrivilegeObjectAuditAlarm(
493  _In_ PUNICODE_STRING SubsystemName,
494  _In_ PVOID HandleId,
495  _In_ HANDLE ClientToken,
496  _In_ ULONG DesiredAccess,
497  _In_ PPRIVILEGE_SET Privileges,
498  _In_ BOOLEAN AccessGranted
499 );
500 
501 _IRQL_requires_max_(PASSIVE_LEVEL)
502 NTSYSAPI
503 NTSTATUS
504 NTAPI
505 ZwQueryInformationToken(
506  _In_ HANDLE TokenHandle,
507  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
508  _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
509  _In_ ULONG Length,
510  _Out_ PULONG ResultLength
511 );
512 
513 NTSYSAPI
514 NTSTATUS
515 NTAPI
516 ZwSetInformationToken(
517  _In_ HANDLE TokenHandle,
518  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
519  _Out_ PVOID TokenInformation,
520  _In_ ULONG TokenInformationLength
521 );
522 #endif
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
ZwAccessCheck
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_Must_inspect_result_
#define _Must_inspect_result_
Definition: no_sal2.h:62
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_In_range_
#define _In_range_(l, h)
Definition: no_sal2.h:368
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
_TOKEN_PRIVILEGES
Definition: setypes.h:968
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ZwOpenProcessTokenEx
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_PRIVILEGE_SET
Definition: setypes.h:85
SeDeleteAccessState
NTKERNELAPI VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
NTSYSCALLAPI
#define NTSYSCALLAPI
Definition: ntbasedef.h:204
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_TOKEN_ACCESS_INFORMATION
Definition: setypes.h:1113
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:14
GenericMapping
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
Definition: sefuncs.h:13
_In_opt_
#define _In_opt_
Definition: no_sal2.h:212
NtPrivilegedServiceAuditAlarm
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NtCreateToken
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Definition: token.c:3477
SeTokenImpersonationLevel
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
NtPrivilegeObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NtAllocateUuids
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids(PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
NtCompareTokens
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
ZwAdjustPrivilegesToken
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
_LUID
Definition: devicetopology.idl:136
_In_reads_bytes_
_In_reads_bytes_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
ZwAllocateUuids
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids(PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
NtAccessCheck
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
ZwOpenObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
ZwSetInformationToken
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
NtAccessCheckByType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
NtOpenProcessTokenEx
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Definition: token.c:1896
ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
Definition: sefuncs.h:417
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_Out_
#define _Out_
Definition: no_sal2.h:160
NTKERNELAPI
#define NTKERNELAPI
_When_
_When_(TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
_ULARGE_INTEGER
Definition: ms-dtyp.idl:184
ZwAllocateLocallyUniqueId
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Definition: token.c:2998
NtAllocateLocallyUniqueId
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
_TOKEN_OWNER
Definition: setypes.h:973
_Out_opt_
#define _Out_opt_
Definition: no_sal2.h:214
TokenHandle
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
Definition: sefuncs.h:455
_ACCESS_STATE
Definition: setypes.h:196
ServiceName
LPTSTR ServiceName
Definition: ServiceMain.c:15
__kernel_entry
#define __kernel_entry
Definition: specstrings.h:355
_GENERIC_MAPPING
Definition: nt_native.h:564
_OBJECT_TYPE_LIST
Definition: setypes.h:802
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
NtAdjustGroupsToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
_Inout_
#define _Inout_
Definition: no_sal2.h:162
TOKEN_INFORMATION_CLASS
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ZwPrivilegedServiceAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_TOKEN_USER
Definition: setypes.h:955
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
_IRQL_requires_max_
_IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
Definition: Messaging.c:64
_Out_writes_bytes_to_opt_
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ZwPrivilegeObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
SeReleaseSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
SeCaptureSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
ZwPrivilegeCheck
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
tagRange
Definition: range.c:39
PASSIVE_LEVEL
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE
ZwAdjustGroupsToken
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
_TOKEN_SOURCE
Definition: imports.h:277
_In_
#define _In_
Definition: no_sal2.h:158
ZwImpersonateAnonymousToken
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken(_In_ HANDLE Thread)
NtPrivilegeCheck
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
_UNICODE_STRING
Definition: env_spec_w32.h:368
_AUX_ACCESS_DATA
Definition: setypes.h:218
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Definition: token.c:2471
ReturnLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
Definition: sefuncs.h:320
ZwOpenProcessToken
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
_At_
#define _At_(t, a)
Definition: no_sal2.h:40
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
NtAccessCheckByTypeResultList
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:1406
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
NtOpenObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:1001
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
SeCreateAccessState
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState(PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
ZwCreateToken
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
Time
static PLARGE_INTEGER Time
Definition: time.c:105
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
PreviousState
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
NtImpersonateAnonymousToken
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE Thread)