33 lParams =
lParam & (ENDSESSION_LOGOFF | ENDSESSION_CRITICAL | ENDSESSION_CLOSEAPP);
129 ERR(
"NotifyLogon(0x%lx, 0x%lx)\n",
Flags, ShutdownStatus);
140 Param = ShutdownStatus;
153 TRACE(
"\tSending %s message to Winlogon\n", Notif ==
LN_LOGOFF ?
"LN_LOGOFF" :
"LN_LOGOFF_CANCELED");
159 ERR(
"hwndSAS == NULL\n");
181 TRACE(
"UserInitiateShutdown\n");
187 ERR(
"UserInitiateShutdown: GetProcessLuid failed\n");
199 Flags &= ~EWX_CALLER_SYSTEM;
207 ERR(
"UserInitiateShutdown: Failed to get win32 thread!\n");
218 Flags &= ~EWX_CALLER_WINLOGON;
225 ERR(
"UserInitiateShutdown: Process is not attached to a desktop\n");
232 ERR(
"UserInitiateShutdown: Caller doesn't have the rights to shutdown\n");
246 ERR(
"UserInitiateShutdown: Caller doesn't have the rights to shutdown\n");
258 ERR(
"UserInitiateShutdown: Caller doesn't have the rights to logoff\n");
268 TRACE(
"UserInitiateShutdown: Notify Winlogon for shutdown\n");
274 TRACE(
"UserInitiateShutdown: Winlogon is doing a shutdown\n");
297 TRACE(
"UserEndShutdown called\n");
308 ERR(
"UserEndShutdown: GetProcessLuid failed\n");
327 TRACE(
"UserEndShutdown: Notify Winlogon for end of shutdown\n");
#define STATUS_PRIVILEGE_NOT_HELD
#define DBG_DEFAULT_CHANNEL(ch)
PEPROCESS __stdcall PsGetThreadProcess(_In_ PETHREAD Thread)
#define NT_SUCCESS(StatCode)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define UserHMGetHandle(obj)
#define ExFreePoolWithTag(_P, _T)
#define SE_SHUTDOWN_PRIVILEGE
NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted(ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess)
PVOID NTAPI PsGetProcessWin32Process(PEPROCESS Process)
HANDLE NTAPI PsGetThreadProcessId(IN PETHREAD Thread)
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
#define STATUS_INVALID_HANDLE
struct _WINSTATION_OBJECT * prpwinsta
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
#define STATUS_INVALID_DEVICE_REQUEST
#define STATUS_ACCESS_DENIED
#define EWX_SHUTDOWN_CANCELED
#define MCSR_GOODFORSHUTDOWN
#define EWX_CALLER_SYSTEM
#define MCS_QUERYENDSESSION
#define MCSR_SHUTDOWNFINISHED
#define EWX_CALLER_WINLOGON
#define MCSR_DONOTSHUTDOWN
#define LN_LOGOFF_CANCELED
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
PWND FASTCALL UserGetWindowObject(HWND hWnd)
_Must_inspect_result_ _In_ WDFCMRESLIST List
BOOL FASTCALL UserPostMessage(HWND Wnd, UINT Msg, WPARAM wParam, LPARAM lParam)
LRESULT FASTCALL co_IntSendMessage(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
NTSTATUS GetProcessLuid(IN PETHREAD Thread OPTIONAL, IN PEPROCESS Process OPTIONAL, OUT PLUID Luid)
static ULONG gdwShutdownFlags
NTSTATUS UserEndShutdown(IN PETHREAD Thread, IN NTSTATUS ShutdownStatus)
BOOLEAN HasPrivilege(IN PPRIVILEGE_SET Privilege)
NTSTATUS UserInitiateShutdown(IN PETHREAD Thread, IN OUT PULONG pFlags)
BOOL NotifyLogon(IN HWND hWndSta, IN PLUID CallerLuid, IN ULONG Flags, IN NTSTATUS ShutdownStatus)
LRESULT IntClientShutdown(IN PWND pWindow, IN WPARAM wParam, IN LPARAM lParam)
BOOL FASTCALL DestroyTimersForWindow(PTHREADINFO pti, PWND Window)
HWND *FASTCALL IntWinListChildren(PWND Window)
#define WINSTA_EXITWINDOWS
#define WM_QUERYENDSESSION
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_Must_inspect_result_ _In_ ULONG Flags
#define RtlEqualLuid(Luid1, Luid2)
#define PRIVILEGE_SET_ALL_NECESSARY