32 static const PCSTR AceTypes[] =
58 return "UNKNOWN TYPE";
70#define ACE_FLAG_PRINT(x) \
111 DbgPrint(
"SepDumpAces(): Failed to find the next ACE, stop dumping info...\n");
115 DbgPrint(
"================== %lu# ACE DUMP INFO ==================\n",
AceIndex);
118 DbgPrint(
"Ace->Header.AceType -> %s\n", SepGetAceTypeString(
Ace->Header.AceType));
119 DbgPrint(
"Ace->AccessMask -> 0x%08lx\n",
Ace->AccessMask);
124 DbgPrint(
"Ace SID -> %wZ\n", &SidString);
127 DbgPrint(
"Ace->Header.AceSize -> %u\n",
Ace->Header.AceSize);
128 DbgPrint(
"Ace->Header.AceFlags:\n");
129 SepDumpAceFlags(
Ace->Header.AceFlags);
144 DbgPrint(
"================== %s DUMP INFO ==================\n", IsSacl ?
"SACL" :
"DACL");
145 DbgPrint(
"Acl->AclRevision -> %u\n", Acl->AclRevision);
146 DbgPrint(
"Acl->AclSize -> %u\n", Acl->AclSize);
147 DbgPrint(
"Acl->AceCount -> %u\n", Acl->AceCount);
162#define SD_CONTROL_PRINT(x) \
184#undef SD_CONTROL_PRINT
201 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
204 DbgPrint(
"%lu# %wZ\n", SidIndex, &SidString);
222 PSID OwnerSid, GroupSid;
239 DbgPrint(
"================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
242 DbgPrint(
"SecurityDescriptor->Control:\n");
249 DbgPrint(
"SD Owner SID -> %wZ\n", &SidString);
257 DbgPrint(
"SD Group SID -> %wZ\n", &SidString);
295 DbgPrint(
"================== ACCESS TOKEN DUMP INFO ==================\n");
297 DbgPrint(
"Token->ImageFileName -> %s\n",
Token->ImageFileName);
298 DbgPrint(
"Token->TokenSource.SourceName -> \"%-.*s\"\n",
300 Token->TokenSource.SourceName);
301 DbgPrint(
"Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
302 Token->TokenSource.SourceIdentifier.HighPart,
303 Token->TokenSource.SourceIdentifier.LowPart);
306 DbgPrint(
"Token primary group SID -> %wZ\n", &SidString);
309 DbgPrint(
"Token user and groups SIDs:\n");
310 SepDumpSidsOfToken(
Token->UserAndGroups,
Token->UserAndGroupCount);
314 DbgPrint(
"Token restricted SIDs:\n");
315 SepDumpSidsOfToken(
Token->RestrictedSids,
Token->RestrictedSidCount);
334 if (!AccessRights->RemainingAccessRights)
340 DbgPrint(
"================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
341 DbgPrint(
"Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
342 DbgPrint(
"Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
343 DbgPrint(
"Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
361 ULONG ResultListIndex;
362 ULONG ObjectTypeIndex;
363 ULONG ResultListLength;
365 DbgPrint(
"================== ACCESS & STATUS OBJECT TYPE LIST STATISTICS ==================\n");
366 ResultListLength = IsResultList ? ObjectTypeListLength : 1;
367 for (ResultListIndex = 0; ResultListIndex < ResultListLength; ResultListIndex++)
369 DbgPrint(
"Result Index #%lu, Granted access rights -> 0x%08lx, Access status -> 0x%08lx\n",
370 ResultListIndex, GrantedAccessList[ResultListIndex], AccessStatusList[ResultListIndex]);
373 for (ObjectTypeIndex = 0; ObjectTypeIndex < ObjectTypeListLength; ObjectTypeIndex++)
375 DbgPrint(
"================== #%lu OBJECT ACCESS RIGHTS ==================\n", ObjectTypeIndex);
376 DbgPrint(
"Remaining access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.RemainingAccessRights);
377 DbgPrint(
"Granted access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.GrantedAccessRights);
378 DbgPrint(
"Denied access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.DeniedAccessRights);
#define NT_SUCCESS(StatCode)
static const ACEFLAG AceFlags[]
static const ACEFLAG AceType[]
WORD SECURITY_DESCRIPTOR_CONTROL
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
ACCESS_MASK * PACCESS_MASK
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
PSID NTAPI SepGetSidFromAce(_In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
VOID SepDumpTokenDebugInfo(_In_opt_ PTOKEN Token)
Dumps debug information of an access token to the debugger.
VOID SepDumpAccessAndStatusList(_In_ PACCESS_MASK GrantedAccessList, _In_ PNTSTATUS AccessStatusList, _In_ BOOLEAN IsResultList, _In_ POBJECT_TYPE_LIST_INTERNAL ObjectTypeList, _In_ ULONG ObjectTypeListLength)
Dumps access and status values of each object type in the result list.
VOID SepDumpAccessRightsStats(_In_ PACCESS_CHECK_RIGHTS AccessRights)
Dumps security access rights to the debugger.
VOID SepDumpSdDebugInfo(_In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
Dumps debug information of a security descriptor to the debugger.
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define CONTAINER_INHERIT_ACE
#define SE_OWNER_DEFAULTED
#define ACCESS_DENIED_CALLBACK_ACE_TYPE
#define SE_SACL_PROTECTED
#define SE_DACL_DEFAULTED
#define SE_DACL_PROTECTED
#define SE_DACL_AUTO_INHERITED
#define SE_SERVER_SECURITY
#define ACCESS_DENIED_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
#define SE_DACL_AUTO_INHERIT_REQ
#define SE_SACL_DEFAULTED
#define SE_SACL_AUTO_INHERITED
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
#define OBJECT_INHERIT_ACE
#define SE_DACL_UNTRUSTED
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
#define NO_PROPAGATE_INHERIT_ACE
#define ACCESS_DENIED_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SE_SACL_AUTO_INHERIT_REQ
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE
#define SE_GROUP_DEFAULTED
#define SYSTEM_ALARM_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE
#define SE_RM_CONTROL_VALID
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE