#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
◆ ACE_FLAG_PRINT
Value: { \
}
GLint GLint GLint GLint GLint x
static const ACEFLAG AceFlags[]
◆ NDEBUG
◆ SD_CONTROL_PRINT
Value: { \
}
GLint GLint GLint GLint GLint x
◆ TOSTR
◆ SepDumpAccessRightsStats()
Dumps security access rights to the debugger.
Definition at line 315 of file debug.c.
324 DbgPrint(
"================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
325 DbgPrint(
"Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
326 DbgPrint(
"Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
327 DbgPrint(
"Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
ULONG DbgPrint(PCCH Format,...)
Referenced by SepAccessCheck().
◆ SepDumpAceFlags()
Dumps the ACE flags to the debugger output.
Definition at line 66 of file debug.c.
69 #define ACE_FLAG_PRINT(x) \ #define NO_PROPAGATE_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
#define ACE_FLAG_PRINT(x)
#define OBJECT_INHERIT_ACE
Referenced by SepDumpAces().
◆ SepDumpAces()
Iterates and dumps each ACE debug info in an ACL.
Definition at line 89 of file debug.c.
110 DbgPrint(
"SepDumpAces(): Failed to find the next ACE, stop dumping info...\n");
114 DbgPrint(
"================== %lu# ACE DUMP INFO ==================\n",
AceIndex);
118 DbgPrint(
"Ace->AccessMask -> 0x%08lx\n",
Ace->AccessMask);
123 DbgPrint(
"Ace SID -> %wZ\n", &SidString);
126 DbgPrint(
"Ace->Header.AceSize -> %u\n",
Ace->Header.AceSize);
127 DbgPrint(
"Ace->Header.AceFlags:\n");
ULONG DbgPrint(PCCH Format,...)
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
static VOID SepDumpAceFlags(_In_ UCHAR AceFlags)
Dumps the ACE flags to the debugger output.
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
#define NT_SUCCESS(StatCode)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
static PCSTR SepGetAceTypeString(_In_ UCHAR AceType)
Converts an Access Control Entry (ACE) type to a string.
Referenced by SepDumpAclInfo().
◆ SepDumpAclInfo()
Dumps debug info of an Access Control List (ACL).
Definition at line 138 of file debug.c.
143 DbgPrint(
"================== %s DUMP INFO ==================\n", IsSacl ?
"SACL" :
"DACL");
144 DbgPrint(
"Acl->AclRevision -> %u\n", Acl->AclRevision);
145 DbgPrint(
"Acl->AclSize -> %u\n", Acl->AclSize);
146 DbgPrint(
"Acl->AceCount -> %u\n", Acl->AceCount);
ULONG DbgPrint(PCCH Format,...)
static VOID SepDumpAces(_In_ PACL Acl)
Iterates and dumps each ACE debug info in an ACL.
Referenced by SepDumpSdDebugInfo().
◆ SepDumpSdControlInfo()
Dumps control flags of a security descriptor to the debugger.
Definition at line 158 of file debug.c.
161 #define SD_CONTROL_PRINT(x) \ 183 #undef SD_CONTROL_PRINT
#define SE_DACL_AUTO_INHERITED
#define SE_OWNER_DEFAULTED
#define SE_DACL_DEFAULTED
#define SE_SACL_AUTO_INHERIT_REQ
#define SE_DACL_PROTECTED
#define SE_SACL_PROTECTED
#define SE_GROUP_DEFAULTED
#define SE_SERVER_SECURITY
#define SE_DACL_UNTRUSTED
#define SE_SACL_AUTO_INHERITED
#define SD_CONTROL_PRINT(x)
#define SE_RM_CONTROL_VALID
#define SE_DACL_AUTO_INHERIT_REQ
#define SE_SACL_DEFAULTED
Referenced by SepDumpSdDebugInfo().
◆ SepDumpSdDebugInfo()
Dumps debug information of a security descriptor to the debugger.
Definition at line 215 of file debug.c.
219 PSID OwnerSid, GroupSid;
234 DbgPrint(
"================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
237 DbgPrint(
"SecurityDescriptor->Control:\n");
244 DbgPrint(
"SD Owner SID -> %wZ\n", &SidString);
252 DbgPrint(
"SD Group SID -> %wZ\n", &SidString);
ULONG DbgPrint(PCCH Format,...)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
static VOID SepDumpSdControlInfo(_In_ SECURITY_DESCRIPTOR_CONTROL SdControl)
Dumps control flags of a security descriptor to the debugger.
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
static VOID SepDumpAclInfo(_In_ PACL Acl, _In_ BOOLEAN IsSacl)
Dumps debug info of an Access Control List (ACL).
Referenced by SepAccessCheck().
◆ SepDumpSidsOfToken()
Dumps each security identifier (SID) of an access token to debugger.
Definition at line 192 of file debug.c.
200 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
203 DbgPrint(
"%lu# %wZ\n", SidIndex, &SidString);
ULONG DbgPrint(PCCH Format,...)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
Referenced by SepDumpTokenDebugInfo().
◆ SepDumpTokenDebugInfo()
Dumps debug information of an access token to the debugger.
Definition at line 274 of file debug.c.
286 DbgPrint(
"================== ACCESS TOKEN DUMP INFO ==================\n");
288 DbgPrint(
"Token->ImageFileName -> %s\n",
Token->ImageFileName);
289 DbgPrint(
"Token->TokenSource.SourceName -> \"%-.*s\"\n",
291 Token->TokenSource.SourceName);
292 DbgPrint(
"Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
293 Token->TokenSource.SourceIdentifier.HighPart,
294 Token->TokenSource.SourceIdentifier.LowPart);
297 DbgPrint(
"Token primary group SID -> %wZ\n", &SidString);
300 DbgPrint(
"Token user and groups SIDs:\n");
305 DbgPrint(
"Token restricted SIDs:\n");
ULONG DbgPrint(PCCH Format,...)
static VOID SepDumpSidsOfToken(_In_ PSID_AND_ATTRIBUTES Sids, _In_ ULONG SidCount)
Dumps each security identifier (SID) of an access token to debugger.
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Referenced by SepAccessCheck().
◆ SepGetAceTypeString()
Converts an Access Control Entry (ACE) type to a string.
- Returns
- Returns a converted ACE type strings. If no known ACE type is found, it will return UNKNOWN TYPE.
Definition at line 27 of file debug.c.
31 static const PCSTR AceTypes[] =
57 return "UNKNOWN TYPE";
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
#define ACCESS_DENIED_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
static const ACEFLAG AceType[]
#define SYSTEM_ALARM_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_ACE_TYPE
#define SYSTEM_ALARM_OBJECT_ACE_TYPE
Referenced by SepDumpAces().