ReactOS  0.4.15-dev-4594-g505ac65
sefuncs.h
Go to the documentation of this file.
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu. All rights reserved.
4 
5 Header Name:
6 
7  sefuncs.h
8 
9 Abstract:
10 
11  Function definitions for the security manager.
12 
13 Author:
14 
15  Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _SEFUNCS_H
20 #define _SEFUNCS_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 
27 #ifndef NTOS_MODE_USER
28 
29 //
30 // Security Descriptors
31 //
32 NTKERNELAPI
33 NTSTATUS
34 NTAPI
35 SeCaptureSecurityDescriptor(
36  _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
37  _In_ KPROCESSOR_MODE CurrentMode,
38  _In_ POOL_TYPE PoolType,
39  _In_ BOOLEAN CaptureIfKernel,
40  _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor);
41 
42 NTKERNELAPI
43 NTSTATUS
44 NTAPI
45 SeReleaseSecurityDescriptor(
46  _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
47  _In_ KPROCESSOR_MODE CurrentMode,
48  _In_ BOOLEAN CaptureIfKernelMode);
49 
50 //
51 // Access States
52 //
53 NTKERNELAPI
54 NTSTATUS
55 NTAPI
56 SeCreateAccessState(
57  _In_ PACCESS_STATE AccessState,
58  _In_ PAUX_ACCESS_DATA AuxData,
59  _In_ ACCESS_MASK Access,
60  _In_ PGENERIC_MAPPING GenericMapping);
61 
62 NTKERNELAPI
63 VOID
64 NTAPI
65 SeDeleteAccessState(
66  _In_ PACCESS_STATE AccessState);
67 
68 //
69 // Impersonation
70 //
71 NTKERNELAPI
72 SECURITY_IMPERSONATION_LEVEL
73 NTAPI
74 SeTokenImpersonationLevel(
75  _In_ PACCESS_TOKEN Token);
76 
77 #endif
78 
79 //
80 // Native Calls
81 //
82 NTSYSCALLAPI
83 NTSTATUS
84 NTAPI
85 NtAccessCheck(
86  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
87  _In_ HANDLE ClientToken,
88  _In_ ACCESS_MASK DesiredAccess,
89  _In_ PGENERIC_MAPPING GenericMapping,
90  _Out_ PPRIVILEGE_SET PrivilegeSet,
91  _Out_ PULONG ReturnLength,
92  _Out_ PACCESS_MASK GrantedAccess,
93  _Out_ PNTSTATUS AccessStatus);
94 
95 NTSTATUS
96 NTAPI
97 NtAccessCheckByType(
98  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
99  _In_ PSID PrincipalSelfSid,
100  _In_ HANDLE ClientToken,
101  _In_ ACCESS_MASK DesiredAccess,
102  _In_ POBJECT_TYPE_LIST ObjectTypeList,
103  _In_ ULONG ObjectTypeLength,
104  _In_ PGENERIC_MAPPING GenericMapping,
105  _In_ PPRIVILEGE_SET PrivilegeSet,
106  _Inout_ PULONG PrivilegeSetLength,
107  _Out_ PACCESS_MASK GrantedAccess,
108  _Out_ PNTSTATUS AccessStatus);
109 
110 NTSTATUS
111 NTAPI
112 NtAccessCheckByTypeResultList(
113  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
114  _In_ PSID PrincipalSelfSid,
115  _In_ HANDLE ClientToken,
116  _In_ ACCESS_MASK DesiredAccess,
117  _In_ POBJECT_TYPE_LIST ObjectTypeList,
118  _In_ ULONG ObjectTypeLength,
119  _In_ PGENERIC_MAPPING GenericMapping,
120  _In_ PPRIVILEGE_SET PrivilegeSet,
121  _Inout_ PULONG PrivilegeSetLength,
122  _Out_ PACCESS_MASK GrantedAccess,
123  _Out_ PNTSTATUS AccessStatus);
124 
125 _Must_inspect_result_
126 __kernel_entry NTSYSCALLAPI
127 NTSTATUS
128 NTAPI
129 NtAccessCheckAndAuditAlarm(
130  _In_ PUNICODE_STRING SubsystemName,
131  _In_opt_ PVOID HandleId,
132  _In_ PUNICODE_STRING ObjectTypeName,
133  _In_ PUNICODE_STRING ObjectName,
134  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
135  _In_ ACCESS_MASK DesiredAccess,
136  _In_ PGENERIC_MAPPING GenericMapping,
137  _In_ BOOLEAN ObjectCreation,
138  _Out_ PACCESS_MASK GrantedAccess,
139  _Out_ PNTSTATUS AccessStatus,
140  _Out_ PBOOLEAN GenerateOnClose);
141 
142 _Must_inspect_result_
143 __kernel_entry
144 NTSYSCALLAPI
145 NTSTATUS
146 NTAPI
147 NtAdjustGroupsToken(
148  _In_ HANDLE TokenHandle,
149  _In_ BOOLEAN ResetToDefault,
150  _In_opt_ PTOKEN_GROUPS NewState,
151  _In_opt_ ULONG BufferLength,
152  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
153  _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
154 
155 _Must_inspect_result_
156 __kernel_entry
157 NTSYSCALLAPI
158 NTSTATUS
159 NTAPI
160 NtAdjustPrivilegesToken(
161  _In_ HANDLE TokenHandle,
162  _In_ BOOLEAN DisableAllPrivileges,
163  _In_opt_ PTOKEN_PRIVILEGES NewState,
164  _In_ ULONG BufferLength,
165  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
166  _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
167 
168 NTSYSCALLAPI
169 NTSTATUS
170 NTAPI
171 NtAllocateLocallyUniqueId(
172  _Out_ LUID *LocallyUniqueId);
173 
174 NTSYSCALLAPI
175 NTSTATUS
176 NTAPI
177 NtAllocateUuids(
178  _Out_ PULARGE_INTEGER Time,
179  _Out_ PULONG Range,
180  _Out_ PULONG Sequence,
181  _Out_ PUCHAR Seed);
182 
183 NTSYSCALLAPI
184 NTSTATUS
185 NTAPI
186 NtCompareTokens(
187  _In_ HANDLE FirstTokenHandle,
188  _In_ HANDLE SecondTokenHandle,
189  _Out_ PBOOLEAN Equal);
190 
191 __kernel_entry
192 NTSYSCALLAPI
193 NTSTATUS
194 NTAPI
195 NtCreateToken(
196  _Out_ PHANDLE TokenHandle,
197  _In_ ACCESS_MASK DesiredAccess,
198  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
199  _In_ TOKEN_TYPE TokenType,
200  _In_ PLUID AuthenticationId,
201  _In_ PLARGE_INTEGER ExpirationTime,
202  _In_ PTOKEN_USER TokenUser,
203  _In_ PTOKEN_GROUPS TokenGroups,
204  _In_ PTOKEN_PRIVILEGES TokenPrivileges,
205  _In_opt_ PTOKEN_OWNER TokenOwner,
206  _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
207  _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
208  _In_ PTOKEN_SOURCE TokenSource);
209 
210 _Must_inspect_result_
211 __kernel_entry
212 NTSYSCALLAPI
213 NTSTATUS
214 NTAPI
215 NtDuplicateToken(
216  _In_ HANDLE ExistingTokenHandle,
217  _In_ ACCESS_MASK DesiredAccess,
218  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
219  _In_ BOOLEAN EffectiveOnly,
220  _In_ TOKEN_TYPE TokenType,
221  _Out_ PHANDLE NewTokenHandle);
222 
223 _Must_inspect_result_
224 __kernel_entry
225 NTSYSCALLAPI
226 NTSTATUS
227 NTAPI
228 NtFilterToken(
229  _In_ HANDLE ExistingTokenHandle,
230  _In_ ULONG Flags,
231  _In_opt_ PTOKEN_GROUPS SidsToDisable,
232  _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
233  _In_opt_ PTOKEN_GROUPS RestrictedSids,
234  _Out_ PHANDLE NewTokenHandle);
235 
236 NTSYSCALLAPI
237 NTSTATUS
238 NTAPI
239 NtImpersonateAnonymousToken(
240  _In_ HANDLE ThreadHandle);
241 
242 __kernel_entry
243 NTSYSCALLAPI
244 NTSTATUS
245 NTAPI
246 NtOpenObjectAuditAlarm(
247  _In_ PUNICODE_STRING SubsystemName,
248  _In_opt_ PVOID HandleId,
249  _In_ PUNICODE_STRING ObjectTypeName,
250  _In_ PUNICODE_STRING ObjectName,
251  _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
252  _In_ HANDLE ClientToken,
253  _In_ ACCESS_MASK DesiredAccess,
254  _In_ ACCESS_MASK GrantedAccess,
255  _In_opt_ PPRIVILEGE_SET Privileges,
256  _In_ BOOLEAN ObjectCreation,
257  _In_ BOOLEAN AccessGranted,
258  _Out_ PBOOLEAN GenerateOnClose);
259 
260 NTSYSCALLAPI
261 NTSTATUS
262 NTAPI
263 NtOpenProcessTokenEx(
264  _In_ HANDLE ProcessHandle,
265  _In_ ACCESS_MASK DesiredAccess,
266  _In_ ULONG HandleAttributes,
267  _Out_ PHANDLE TokenHandle);
268 
269 _Must_inspect_result_
270 __kernel_entry
271 NTSYSCALLAPI
272 NTSTATUS
273 NTAPI
274 NtPrivilegeCheck(
275  _In_ HANDLE ClientToken,
276  _Inout_ PPRIVILEGE_SET RequiredPrivileges,
277  _Out_ PBOOLEAN Result);
278 
279 NTSYSCALLAPI
280 NTSTATUS
281 NTAPI
282 NtPrivilegedServiceAuditAlarm(
283  _In_ PUNICODE_STRING SubsystemName,
284  _In_ PUNICODE_STRING ServiceName,
285  _In_ HANDLE ClientToken,
286  _In_ PPRIVILEGE_SET Privileges,
287  _In_ BOOLEAN AccessGranted);
288 
289 __kernel_entry
290 NTSYSCALLAPI
291 NTSTATUS
292 NTAPI
293 NtPrivilegeObjectAuditAlarm(
294  _In_ PUNICODE_STRING SubsystemName,
295  _In_opt_ PVOID HandleId,
296  _In_ HANDLE ClientToken,
297  _In_ ACCESS_MASK DesiredAccess,
298  _In_ PPRIVILEGE_SET Privileges,
299  _In_ BOOLEAN AccessGranted);
300 
301 _When_(TokenInformationClass == TokenAccessInformation,
302  _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
303 _Must_inspect_result_
304 __kernel_entry
305 NTSYSCALLAPI
306 NTSTATUS
307 NTAPI
308 NtQueryInformationToken(
309  _In_ HANDLE TokenHandle,
310  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
311  _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
312  _In_ ULONG TokenInformationLength,
313  _Out_ PULONG ReturnLength);
314 
315 _Must_inspect_result_
316 __kernel_entry
317 NTSYSCALLAPI
318 NTSTATUS
319 NTAPI
320 NtSetInformationToken(
321  _In_ HANDLE TokenHandle,
322  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
323  _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
324  _In_ ULONG TokenInformationLength);
325 
326 NTSYSAPI
327 NTSTATUS
328 NTAPI
329 ZwAccessCheck(
330  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
331  _In_ HANDLE ClientToken,
332  _In_ ACCESS_MASK DesiredAccess,
333  _In_ PGENERIC_MAPPING GenericMapping,
334  _Out_ PPRIVILEGE_SET PrivilegeSet,
335  _Out_ PULONG ReturnLength,
336  _Out_ PACCESS_MASK GrantedAccess,
337  _Out_ PNTSTATUS AccessStatus);
338 
339 NTSYSAPI
340 NTSTATUS
341 NTAPI
342 ZwAdjustGroupsToken(
343  _In_ HANDLE TokenHandle,
344  _In_ BOOLEAN ResetToDefault,
345  _In_ PTOKEN_GROUPS NewState,
346  _In_ ULONG BufferLength,
347  _Out_opt_ PTOKEN_GROUPS PreviousState,
348  _Out_ PULONG ReturnLength);
349 
350 _Must_inspect_result_
351 NTSYSAPI
352 NTSTATUS
353 NTAPI
354 ZwAdjustPrivilegesToken(
355  _In_ HANDLE TokenHandle,
356  _In_ BOOLEAN DisableAllPrivileges,
357  _In_opt_ PTOKEN_PRIVILEGES NewState,
358  _In_ ULONG BufferLength,
359  _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
360  _When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
361 
362 NTSYSAPI
363 NTSTATUS
364 NTAPI
365 ZwAllocateLocallyUniqueId(
366  _Out_ LUID *LocallyUniqueId);
367 
368 NTSYSAPI
369 NTSTATUS
370 NTAPI
371 ZwAllocateUuids(
372  _Out_ PULARGE_INTEGER Time,
373  _Out_ PULONG Range,
374  _Out_ PULONG Sequence,
375  _Out_ PUCHAR Seed);
376 
377 NTSYSAPI
378 NTSTATUS
379 NTAPI
380 ZwCreateToken(
381  _Out_ PHANDLE TokenHandle,
382  _In_ ACCESS_MASK DesiredAccess,
383  _In_ POBJECT_ATTRIBUTES ObjectAttributes,
384  _In_ TOKEN_TYPE TokenType,
385  _In_ PLUID AuthenticationId,
386  _In_ PLARGE_INTEGER ExpirationTime,
387  _In_ PTOKEN_USER TokenUser,
388  _In_ PTOKEN_GROUPS TokenGroups,
389  _In_ PTOKEN_PRIVILEGES TokenPrivileges,
390  _In_ PTOKEN_OWNER TokenOwner,
391  _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
392  _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
393  _In_ PTOKEN_SOURCE TokenSource);
394 
395 _IRQL_requires_max_(PASSIVE_LEVEL)
396 NTSYSAPI
397 NTSTATUS
398 NTAPI
399 ZwDuplicateToken(
400  _In_ HANDLE ExistingTokenHandle,
401  _In_ ACCESS_MASK DesiredAccess,
402  _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
403  _In_ BOOLEAN EffectiveOnly,
404  _In_ TOKEN_TYPE TokenType,
405  _Out_ PHANDLE NewTokenHandle);
406 
407 NTSYSAPI
408 NTSTATUS
409 NTAPI
410 ZwImpersonateAnonymousToken(
411  _In_ HANDLE Thread);
412 
413 NTSYSAPI
414 NTSTATUS
415 NTAPI
416 ZwOpenObjectAuditAlarm(
417  _In_ PUNICODE_STRING SubsystemName,
418  _In_ PVOID HandleId,
419  _In_ PUNICODE_STRING ObjectTypeName,
420  _In_ PUNICODE_STRING ObjectName,
421  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
422  _In_ HANDLE ClientToken,
423  _In_ ULONG DesiredAccess,
424  _In_ ULONG GrantedAccess,
425  _In_ PPRIVILEGE_SET Privileges,
426  _In_ BOOLEAN ObjectCreation,
427  _In_ BOOLEAN AccessGranted,
428  _Out_ PBOOLEAN GenerateOnClose);
429 
430 _IRQL_requires_max_(PASSIVE_LEVEL)
431 NTSYSAPI
432 NTSTATUS
433 NTAPI
434 ZwOpenProcessToken(
435  _In_ HANDLE ProcessHandle,
436  _In_ ACCESS_MASK DesiredAccess,
437  _Out_ PHANDLE TokenHandle);
438 
439 NTSYSAPI
440 NTSTATUS
441 NTAPI
442 ZwOpenProcessTokenEx(
443  _In_ HANDLE ProcessHandle,
444  _In_ ACCESS_MASK DesiredAccess,
445  _In_ ULONG HandleAttributes,
446  _Out_ PHANDLE TokenHandle);
447 
448 NTSYSAPI
449 NTSTATUS
450 NTAPI
451 ZwPrivilegeCheck(
452  _In_ HANDLE ClientToken,
453  _In_ PPRIVILEGE_SET RequiredPrivileges,
454  _In_ PBOOLEAN Result);
455 
456 NTSYSAPI
457 NTSTATUS
458 NTAPI
459 ZwPrivilegedServiceAuditAlarm(
460  _In_ PUNICODE_STRING SubsystemName,
461  _In_ PUNICODE_STRING ServiceName,
462  _In_ HANDLE ClientToken,
463  _In_ PPRIVILEGE_SET Privileges,
464  _In_ BOOLEAN AccessGranted);
465 
466 NTSYSAPI
467 NTSTATUS
468 NTAPI
469 ZwPrivilegeObjectAuditAlarm(
470  _In_ PUNICODE_STRING SubsystemName,
471  _In_ PVOID HandleId,
472  _In_ HANDLE ClientToken,
473  _In_ ULONG DesiredAccess,
474  _In_ PPRIVILEGE_SET Privileges,
475  _In_ BOOLEAN AccessGranted);
476 
477 _IRQL_requires_max_(PASSIVE_LEVEL)
478 NTSYSAPI
479 NTSTATUS
480 NTAPI
481 ZwQueryInformationToken(
482  _In_ HANDLE TokenHandle,
483  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
484  _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
485  _In_ ULONG Length,
486  _Out_ PULONG ResultLength);
487 
488 NTSYSAPI
489 NTSTATUS
490 NTAPI
491 ZwSetInformationToken(
492  _In_ HANDLE TokenHandle,
493  _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
494  _Out_ PVOID TokenInformation,
495  _In_ ULONG TokenInformationLength);
496 
497 #endif
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
ZwAccessCheck
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
HandleAttributes
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
Definition: obfuncs.h:429
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_TOKEN_DEFAULT_DACL
Definition: setypes.h:1031
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_In_range_
#define _In_range_(lb, ub)
Definition: ms_sal.h:571
_In_opt_
#define _In_opt_
Definition: ms_sal.h:309
_Inout_
#define _Inout_
Definition: ms_sal.h:378
_TOKEN_GROUPS
Definition: setypes.h:1009
_SID
Definition: ms-dtyp.idl:198
_Out_
#define _Out_
Definition: ms_sal.h:345
_At_
#define _At_(target, annos)
Definition: ms_sal.h:244
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:312
_TOKEN_PRIVILEGES
Definition: setypes.h:1018
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:1027
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ZwOpenProcessTokenEx
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_PRIVILEGE_SET
Definition: setypes.h:85
SeDeleteAccessState
NTKERNELAPI VOID NTAPI SeDeleteAccessState(_In_ PACCESS_STATE AccessState)
Deletes an allocated access state from the memory.
Definition: access.c:671
NTSYSCALLAPI
#define NTSYSCALLAPI
Definition: ntbasedef.h:204
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_TOKEN_ACCESS_INFORMATION
Definition: setypes.h:1163
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:12
GenericMapping
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
Definition: sefuncs.h:13
NtPrivilegedServiceAuditAlarm
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NtCreateToken
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Creates an access token.
Definition: token.c:5895
ZwAllocateUuids
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids(_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
SeTokenImpersonationLevel
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
Definition: token.c:3412
NtPrivilegeObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
NtCompareTokens
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:6425
ZwAdjustPrivilegesToken
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
_LUID
Definition: devicetopology.idl:136
_In_reads_bytes_
_In_reads_bytes_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
NtAccessCheck
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
ZwOpenObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
ZwSetInformationToken
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
NtAccessCheckByType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access could be granted or not on an object by the requestor who wants su...
Definition: accesschk.c:1447
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
NtOpenProcessTokenEx
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: token.c:3652
ObjectAttributes
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
Definition: sefuncs.h:401
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_In_
#define _In_
Definition: ms_sal.h:308
NTKERNELAPI
#define NTKERNELAPI
NtAllocateUuids
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids(_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
_When_
_When_(TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
_ULARGE_INTEGER
Definition: ms-dtyp.idl:184
ZwAllocateLocallyUniqueId
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: token.c:4812
NtAllocateLocallyUniqueId
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId(_Out_ LUID *LocallyUniqueId)
_TOKEN_OWNER
Definition: setypes.h:1023
TokenHandle
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
Definition: sefuncs.h:436
_ACCESS_STATE
Definition: setypes.h:224
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ServiceName
LPTSTR ServiceName
Definition: ServiceMain.c:15
__kernel_entry
#define __kernel_entry
Definition: specstrings.h:355
_GENERIC_MAPPING
Definition: nt_native.h:564
_OBJECT_TYPE_LIST
Definition: setypes.h:852
POOL_TYPE
INT POOL_TYPE
Definition: typedefs.h:78
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
SeCreateAccessState
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState(_In_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
TOKEN_INFORMATION_CLASS
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ZwPrivilegedServiceAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_TOKEN_USER
Definition: setypes.h:1005
NtAdjustGroupsToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
PBOOLEAN
char * PBOOLEAN
Definition: retypes.h:11
_IRQL_requires_max_
_IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
Queries information details about a security descriptor.
Definition: Messaging.c:64
_Out_writes_bytes_to_opt_
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ZwPrivilegeObjectAuditAlarm
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
SeReleaseSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
NtFilterToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: token.c:6573
SeCaptureSecurityDescriptor
NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
ZwPrivilegeCheck
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck(_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
tagRange
Definition: range.c:39
PASSIVE_LEVEL
#define PASSIVE_LEVEL
Definition: env_spec_w32.h:693
_Must_inspect_result_
#define _Must_inspect_result_
Definition: ms_sal.h:558
TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE
ZwAdjustGroupsToken
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
_TOKEN_SOURCE
Definition: imports.h:277
ZwImpersonateAnonymousToken
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken(_In_ HANDLE Thread)
NtPrivilegeCheck
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck(_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
_UNICODE_STRING
Definition: env_spec_w32.h:368
_AUX_ACCESS_DATA
Definition: setypes.h:256
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: token.c:4253
ReturnLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
Definition: sefuncs.h:312
ZwOpenProcessToken
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
NtAccessCheckByTypeResultList
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access could be granted or not on an object by the requestor who wants su...
Definition: accesschk.c:1509
_Out_opt_
#define _Out_opt_
Definition: ms_sal.h:346
NtAccessCheckAndAuditAlarm
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when a caller attempts to access an object and determine if the access ...
Definition: audit.c:2226
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
NtOpenObjectAuditAlarm
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1723
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
ProcessHandle
_In_ HANDLE ProcessHandle
Definition: mmfuncs.h:403
ZwCreateToken
NTSYSAPI NTSTATUS NTAPI ZwCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
Time
static PLARGE_INTEGER Time
Definition: time.c:105
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:310
PreviousState
_In_ WDF_POWER_DEVICE_STATE PreviousState
Definition: wdfdevice.h:829
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
NtImpersonateAnonymousToken
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:6814