45 ICI_SQ_SAME( 0, 0, 0),
48 ICI_SQ_SAME(
sizeof(
TOKEN_USER),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET_SIZE_VARIABLE ),
50 ICI_SQ_SAME(
sizeof(
TOKEN_GROUPS),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET_SIZE_VARIABLE ),
52 ICI_SQ_SAME(
sizeof(
TOKEN_PRIVILEGES),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET_SIZE_VARIABLE ),
54 ICI_SQ_SAME(
sizeof(
TOKEN_OWNER),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET | ICIF_SET_SIZE_VARIABLE ),
56 ICI_SQ_SAME(
sizeof(
TOKEN_PRIMARY_GROUP),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET | ICIF_SET_SIZE_VARIABLE ),
58 ICI_SQ_SAME(
sizeof(
TOKEN_DEFAULT_DACL),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET | ICIF_SET_SIZE_VARIABLE ),
60 ICI_SQ_SAME(
sizeof(
TOKEN_SOURCE),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET_SIZE_VARIABLE ),
62 ICI_SQ_SAME(
sizeof(
TOKEN_TYPE),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE ),
66 ICI_SQ_SAME(
sizeof(
TOKEN_STATISTICS),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE | ICIF_SET_SIZE_VARIABLE ),
68 ICI_SQ_SAME(
sizeof(
TOKEN_GROUPS),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE ),
70 ICI_SQ_SAME(
sizeof(
ULONG),
sizeof(
ULONG), ICIF_QUERY | ICIF_SET ),
74 ICI_SQ_SAME(
sizeof(
ULONG),
sizeof(
ULONG), ICIF_SET | ICIF_QUERY_SIZE_VARIABLE ),
76 ICI_SQ_SAME(
sizeof(
ULONG),
sizeof(
ULONG), ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE ),
78 ICI_SQ_SAME( 0,
sizeof(
ULONG), ICIF_QUERY | ICIF_SET | ICIF_QUERY_SIZE_VARIABLE ),
80 ICI_SQ_SAME(
sizeof(
TOKEN_ORIGIN),
sizeof(
ULONG), ICIF_QUERY | ICIF_SET | ICIF_QUERY_SIZE_VARIABLE ),
109 DPRINT1(
"SepCreateTokenLock(): Failed to allocate memory!\n");
145 ASSERT(FirstToken != SecondToken);
162 DPRINT1(
"FIXME: Pretending tokens are equal!\n");
184 if (
Token->Privileges[
Index].Luid.HighPart != 0)
216 Token->TokenFlags |= TokenFlag;
221 Token->TokenFlags &= ~TokenFlag;
233 for (
i = 0;
i <
Token->PrivilegeCount;
i++)
250 MoveCount =
Token->PrivilegeCount -
Index - 1;
260 Token->PrivilegeCount--;
301 if (OldToken == NewToken)
304 *OldAccessToken = OldToken;
312 *OldAccessToken =
NULL;
319 *OldAccessToken =
NULL;
324 *OldAccessToken = OldToken;
402 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
405 if (PrimaryGroupIndex)
409 *PrimaryGroupIndex =
Token->UserAndGroupCount;
412 if (DefaultOwnerIndex)
423 *DefaultOwnerIndex = 0;
424 DefaultOwnerIndex =
NULL;
429 *DefaultOwnerIndex =
Token->UserAndGroupCount;
438 *DefaultOwnerIndex = 0;
439 DefaultOwnerIndex =
NULL;
444 for (
i = 0;
i <
Token->UserAndGroupCount;
i++)
447 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
450 if (DefaultOwnerIndex && DefaultOwner &&
455 *DefaultOwnerIndex =
i;
456 DefaultOwnerIndex =
NULL;
459 if (PrimaryGroupIndex &&
464 *PrimaryGroupIndex =
i;
465 PrimaryGroupIndex =
NULL;
469 if (DefaultOwnerIndex)
471 if (*DefaultOwnerIndex ==
Token->UserAndGroupCount)
475 if (PrimaryGroupIndex)
477 if (*PrimaryGroupIndex ==
Token->UserAndGroupCount)
500 ULONG VariableLength;
506 VariableLength =
Token->VariableLength;
517 (
PVOID*)&AccessToken);
530 AccessToken->ImpersonationLevel =
Level;
541 RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
542 &
Token->TokenSource.SourceIdentifier);
544 Token->TokenSource.SourceName,
545 sizeof(
Token->TokenSource.SourceName));
547 AccessToken->AuthenticationId =
Token->AuthenticationId;
548 AccessToken->ParentTokenId =
Token->ParentTokenId;
549 AccessToken->ExpirationTime =
Token->ExpirationTime;
550 AccessToken->OriginatingLogonSession =
Token->OriginatingLogonSession;
555 AccessToken->SessionId =
Token->SessionId;
566 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
573 AccessToken->VariableLength = VariableLength;
574 EndMem = (
PVOID)&AccessToken->VariablePart;
577 AccessToken->PrivilegeCount = 0;
578 AccessToken->Privileges =
NULL;
584 ASSERT(VariableLength >= PrivilegesLength);
586 AccessToken->PrivilegeCount =
Token->PrivilegeCount;
587 AccessToken->Privileges = EndMem;
589 VariableLength -= PrivilegesLength;
597 AccessToken->UserAndGroupCount = 0;
598 AccessToken->UserAndGroups =
NULL;
599 if (
Token->UserAndGroups && (
Token->UserAndGroupCount > 0))
601 AccessToken->UserAndGroupCount =
Token->UserAndGroupCount;
602 AccessToken->UserAndGroups = EndMem;
603 EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
607 Token->UserAndGroups,
609 AccessToken->UserAndGroups,
615 DPRINT1(
"RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n",
Status);
622 ULONG PrimaryGroupIndex;
632 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
635 AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
640 AccessToken->DefaultOwnerIndex =
Token->DefaultOwnerIndex;
643 AccessToken->RestrictedSidCount = 0;
644 AccessToken->RestrictedSids =
NULL;
645 if (
Token->RestrictedSids && (
Token->RestrictedSidCount > 0))
647 AccessToken->RestrictedSidCount =
Token->RestrictedSidCount;
648 AccessToken->RestrictedSids = EndMem;
649 EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
653 Token->RestrictedSids,
655 AccessToken->RestrictedSids,
661 DPRINT1(
"RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n",
Status);
681 AccessToken->DynamicAvailable = 0;
682 AccessToken->DynamicPart =
NULL;
686 Token->DefaultDacl->AclSize,
688 if (AccessToken->DynamicPart ==
NULL)
693 EndMem = (
PVOID)AccessToken->DynamicPart;
695 AccessToken->DefaultDacl = EndMem;
699 Token->DefaultDacl->AclSize);
706 *NewAccessToken = AccessToken;
739 ParentToken->ImpersonationLevel,
772 LUID ProcessTokenId, CallerParentId;
783 ProcessTokenId = ProcessToken->
TokenId;
789 CallerParentId =
Token->ParentTokenId;
805 LUID ProcessParentId, ProcessAuthId;
806 LUID CallerParentId, CallerAuthId;
824 CallerParentId =
Token->ParentTokenId;
825 CallerAuthId =
Token->AuthenticationId;
873 DPRINT(
"SepDeleteToken()\n");
897 DPRINT(
"Creating Token Object Type\n");
900 RtlZeroMemory(&ObjectTypeInitializer,
sizeof(ObjectTypeInitializer));
902 ObjectTypeInitializer.
Length =
sizeof(ObjectTypeInitializer);
959 ULONG TokenFlags = 0;
960 ULONG PrimaryGroupIndex, DefaultOwnerIndex;
964 ULONG PrivilegesLength;
965 ULONG UserGroupsLength;
966 ULONG VariableLength;
973 for (
i = 0;
i < GroupCount;
i++)
1003 for (
i = 0;
i < GroupCount;
i++)
1012 VariableLength = PrivilegesLength + UserGroupsLength;
1023 (
PVOID*)&AccessToken);
1026 DPRINT1(
"ObCreateObject() failed (Status 0x%lx)\n",
Status);
1043 RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
1049 AccessToken->ExpirationTime = *ExpirationTime;
1050 RtlCopyLuid(&AccessToken->ModifiedId, &ModifiedId);
1055 RtlCopyLuid(&AccessToken->AuthenticationId, AuthenticationId);
1060 DPRINT1(
"SepRmReferenceLogonSession() failed (Status 0x%lx)\n",
Status);
1067 AccessToken->VariableLength = VariableLength;
1068 EndMem = (
PVOID)&AccessToken->VariablePart;
1071 AccessToken->PrivilegeCount = PrivilegeCount;
1072 AccessToken->Privileges =
NULL;
1073 if (PrivilegeCount > 0)
1075 AccessToken->Privileges = EndMem;
1077 VariableLength -= PrivilegesLength;
1108 AccessToken->UserAndGroupCount = 1 + GroupCount;
1109 AccessToken->UserAndGroups = EndMem;
1110 EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
1116 &AccessToken->UserAndGroups[0],
1126 &AccessToken->UserAndGroups[1],
1138 &DefaultOwnerIndex);
1141 DPRINT1(
"SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n",
Status);
1145 AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
1146 AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
1149 AccessToken->DynamicAvailable = 0;
1150 AccessToken->DynamicPart =
NULL;
1151 if (DefaultDacl !=
NULL)
1154 DefaultDacl->AclSize,
1156 if (AccessToken->DynamicPart ==
NULL)
1161 EndMem = (
PVOID)AccessToken->DynamicPart;
1163 AccessToken->DefaultDacl = EndMem;
1167 DefaultDacl->AclSize);
1181 DPRINT1(
"ObInsertObject() failed (Status 0x%lx)\n",
Status);
1205 ULONG GroupAttributes, OwnerAttributes;
1236 Groups[0].Attributes = OwnerAttributes;
1238 Groups[1].Attributes = GroupAttributes;
1240 Groups[2].Attributes = GroupAttributes;
1395 DPRINT(
"SeQueryInformationToken(TokenUser)\n");
1408 &
Token->UserAndGroups[0],
1416 *TokenInformation = tu;
1427 DPRINT(
"SeQueryInformationToken(TokenGroups)\n");
1447 &
Token->UserAndGroups[1],
1455 *TokenInformation = tg;
1464 DPRINT(
"SeQueryInformationToken(TokenPrivileges)\n");
1476 tp->PrivilegeCount =
Token->PrivilegeCount;
1479 &
tp->Privileges[0]);
1482 *TokenInformation =
tp;
1492 DPRINT(
"SeQueryInformationToken(TokenOwner)\n");
1507 Token->UserAndGroups[
Token->DefaultOwnerIndex].Sid);
1510 *TokenInformation = to;
1520 DPRINT(
"SeQueryInformationToken(TokenPrimaryGroup)\n");
1535 Token->PrimaryGroup);
1538 *TokenInformation = tpg;
1547 DPRINT(
"SeQueryInformationToken(TokenDefaultDacl)\n");
1566 Token->DefaultDacl->AclSize);
1574 *TokenInformation = tdd;
1583 DPRINT(
"SeQueryInformationToken(TokenSource)\n");
1597 *TokenInformation =
ts;
1606 DPRINT(
"SeQueryInformationToken(TokenType)\n");
1617 *tt =
Token->TokenType;
1620 *TokenInformation = tt;
1629 DPRINT(
"SeQueryInformationToken(TokenImpersonationLevel)\n");
1647 *sil =
Token->ImpersonationLevel;
1650 *TokenInformation = sil;
1659 DPRINT(
"SeQueryInformationToken(TokenStatistics)\n");
1671 ts->AuthenticationId =
Token->AuthenticationId;
1672 ts->ExpirationTime =
Token->ExpirationTime;
1673 ts->TokenType =
Token->TokenType;
1674 ts->ImpersonationLevel =
Token->ImpersonationLevel;
1675 ts->DynamicCharged =
Token->DynamicCharged;
1676 ts->DynamicAvailable =
Token->DynamicAvailable;
1677 ts->GroupCount =
Token->UserAndGroupCount - 1;
1678 ts->PrivilegeCount =
Token->PrivilegeCount;
1679 ts->ModifiedId =
Token->ModifiedId;
1682 *TokenInformation =
ts;
1696 DPRINT(
"SeQueryInformationToken(TokenOrigin)\n");
1708 &
Token->AuthenticationId);
1711 *TokenInformation = to;
1717 DPRINT1(
"SeQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n");
1727 DPRINT(
"SeQueryInformationToken(TokenRestrictedSids)\n");
1745 tg->GroupCount =
Token->RestrictedSidCount;
1747 Token->RestrictedSids,
1755 *TokenInformation = tg;
1761 DPRINT1(
"SeQueryInformationToken(TokenSandboxInert) not implemented\n");
1769 DPRINT(
"SeQueryInformationToken(TokenSessionId)\n");
1900 PVOID TokenInformation,
1929 DPRINT(
"NtQueryInformationToken() failed, Status: 0x%x\n",
Status);
1950 DPRINT(
"NtQueryInformationToken(TokenUser)\n");
1959 &
Token->UserAndGroups[0],
1989 DPRINT(
"NtQueryInformationToken(TokenGroups)\n");
2004 &
Token->UserAndGroups[1],
2034 DPRINT(
"NtQueryInformationToken(TokenPrivileges)\n");
2042 tp->PrivilegeCount =
Token->PrivilegeCount;
2045 &
tp->Privileges[0]);
2071 DPRINT(
"NtQueryInformationToken(TokenOwner)\n");
2082 Token->UserAndGroups[
Token->DefaultOwnerIndex].Sid);
2108 DPRINT(
"NtQueryInformationToken(TokenPrimaryGroup)\n");
2119 Token->PrimaryGroup);
2144 DPRINT(
"NtQueryInformationToken(TokenDefaultDacl)\n");
2159 Token->DefaultDacl->AclSize);
2189 DPRINT(
"NtQueryInformationToken(TokenSource)\n");
2221 DPRINT(
"NtQueryInformationToken(TokenType)\n");
2228 *tt =
Token->TokenType;
2253 DPRINT(
"NtQueryInformationToken(TokenImpersonationLevel)\n");
2268 *sil =
Token->ImpersonationLevel;
2293 DPRINT(
"NtQueryInformationToken(TokenStatistics)\n");
2301 ts->AuthenticationId =
Token->AuthenticationId;
2302 ts->ExpirationTime =
Token->ExpirationTime;
2303 ts->TokenType =
Token->TokenType;
2304 ts->ImpersonationLevel =
Token->ImpersonationLevel;
2305 ts->DynamicCharged =
Token->DynamicCharged;
2306 ts->DynamicAvailable =
Token->DynamicAvailable;
2307 ts->GroupCount =
Token->UserAndGroupCount - 1;
2308 ts->PrivilegeCount =
Token->PrivilegeCount;
2309 ts->ModifiedId =
Token->ModifiedId;
2334 DPRINT(
"NtQueryInformationToken(TokenOrigin)\n");
2342 &
Token->AuthenticationId);
2364 DPRINT1(
"NtQueryInformationToken(TokenGroupsAndPrivileges) not implemented\n");
2372 DPRINT(
"NtQueryInformationToken(TokenRestrictedSids)\n");
2387 Token->RestrictedSids,
2414 DPRINT1(
"NtQueryInformationToken(TokenSandboxInert) not implemented\n");
2422 DPRINT(
"NtQueryInformationToken(TokenSessionId)\n");
2495 DPRINT(
"NtSetInformationToken() failed, Status: 0x%x\n",
Status);
2520 ULONG DefaultOwnerIndex;
2524 InputSid = to->
Owner;
2548 &DefaultOwnerIndex);
2552 Token->DefaultOwnerIndex = DefaultOwnerIndex;
2577 ULONG PrimaryGroupIndex;
2609 Token->PrimaryGroup =
Token->UserAndGroups[PrimaryGroupIndex].Sid;
2646 if (InputAcl !=
NULL)
2658 ULONG DynamicLength;
2670 DynamicLength =
Token->DynamicAvailable;
2672 if (
Token->DefaultDacl)
2673 DynamicLength +=
Token->DefaultDacl->AclSize;
2677 if ((DynamicLength < CapturedAcl->AclSize) ||
2680 PVOID NewDynamicPart;
2685 if (NewDynamicPart ==
NULL)
2696 Token->DynamicPart = NewDynamicPart;
2697 Token->DynamicAvailable = 0;
2702 Token->DynamicAvailable = DynamicLength - CapturedAcl->
AclSize;
2730 Token->DynamicAvailable +=
Token->DefaultDacl->AclSize;
2785 ULONG SessionReference;
2790 SessionReference = *(
PULONG)TokenInformation;
2807 if (SessionReference == 0)
2809 ULONG OldTokenFlags;
2822 if (OldTokenFlags ==
Token->TokenFlags)
2830 if (SessionReference == 0)
2854 switch (PolicyInformation->
Policies[
i].Category)
2912 Token->AuditPolicy = AuditPolicy;
2951 Token->OriginatingLogonSession =
2965 DPRINT1(
"Invalid TokenInformationClass: 0x%lx\n",
2977 DPRINT1(
"NtSetInformationToken failed with Status 0x%lx\n",
Status);
3043 &CapturedSecurityQualityOfService,
3047 DPRINT1(
"NtDuplicateToken() failed to capture QoS! Status: 0x%x\n",
Status);
3059 DPRINT1(
"Failed to reference token (Status 0x%lx)\n",
Status);
3164 ULONG i,
j, PrivilegeCount, ChangeCount, NewAttributes;
3169 *ChangesMade =
FALSE;
3172 for (
i = 0;
i <
Token->PrivilegeCount;
i++)
3175 if (DisableAllPrivileges)
3183 for (
j = 0;
j < NewStateCount;
j++)
3188 DPRINT(
"Found privilege\n");
3191 NewAttributes = NewState[
j].Attributes;
3201 if (
j == NewStateCount)
3212 if (
Token->Privileges[
i].Attributes != NewAttributes)
3234 *ChangesMade =
TRUE;
3242 Token->Privileges[
i].Attributes = NewAttributes;
3244 *ChangesMade =
TRUE;
3257 *ChangedPrivileges = ChangeCount;
3260 if (!DisableAllPrivileges && (PrivilegeCount < NewStateCount))
3289 ULONG CapturedCount = 0;
3290 ULONG CapturedLength = 0;
3291 ULONG NewStateSize = 0;
3298 DPRINT(
"NtAdjustPrivilegesToken() called\n");
3301 if (DisableAllPrivileges ==
FALSE && NewState ==
NULL)
3310 if (DisableAllPrivileges ==
FALSE)
3315 CapturedCount = NewState->PrivilegeCount;
3338 if (DisableAllPrivileges ==
FALSE)
3339 CapturedCount = NewState->PrivilegeCount;
3343 if (DisableAllPrivileges ==
FALSE)
3355 &CapturedPrivileges,
3378 DPRINT1(
"Failed to reference token (Status 0x%lx)\n",
Status);
3381 if (CapturedPrivileges !=
NULL)
3396 DisableAllPrivileges,
3436 DisableAllPrivileges,
3463 if (CapturedPrivileges !=
NULL)
3470 DPRINT (
"NtAdjustPrivilegesToken() done\n");
3494 ULONG PrivilegeCount, GroupCount;
3495 PSID OwnerSid, PrimaryGroupSid;
3498 LUID LocalAuthenticationId;
3505 PSID CapturedPrimaryGroupSid =
NULL;
3507 ULONG PrivilegesLength, UserLength, GroupsLength;
3531 LocalAuthenticationId = *AuthenticationId;
3594 LocalAuthenticationId = *AuthenticationId;
3595 LocalExpirationTime = *ExpirationTime;
3655 &CapturedPrivileges,
3681 &CapturedPrimaryGroupSid);
3688 if (DefaultDacl !=
NULL)
3694 &CapturedDefaultDacl);
3708 &LocalAuthenticationId,
3709 &LocalExpirationTime,
3717 CapturedPrimaryGroupSid,
3718 CapturedDefaultDacl,
3877 if (RestoreImpersonation)
3934 PTOKEN FirstToken, SecondToken;
3960 (
PVOID*)&FirstToken,
3969 (
PVOID*)&SecondToken,
3977 if (FirstToken != SecondToken)
const LUID SeSystemEnvironmentPrivilege
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
#define SepAcquireTokenLockExclusive(Token)
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
NTSTATUS NTAPI NtImpersonateAnonymousToken(IN HANDLE Thread)
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define STATUS_NOT_ALL_ASSIGNED
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
_Must_inspect_result_ typedef _In_ PVOID Unused
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
#define STATUS_PRIVILEGE_NOT_HELD
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
#define THREAD_ALL_ACCESS
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
#define _Must_inspect_result_
#define STATUS_BAD_IMPERSONATION_LEVEL
UCHAR DirectoryServiceAccess
const LUID SeSystemtimePrivilege
#define STATUS_INSUFFICIENT_RESOURCES
NTSTATUS NTAPI SeFilterToken(IN PACCESS_TOKEN ExistingToken, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PACCESS_TOKEN *FilteredToken)
#define STATUS_INFO_LENGTH_MISMATCH
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
NTSTATUS NTAPI NtFilterToken(IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PHANDLE NewTokenHandle)
NTSTATUS NTAPI SeIsTokenChild(IN PTOKEN Token, OUT PBOOLEAN IsChild)
#define _In_reads_bytes_(s)
const LUID SeIncreaseQuotaPrivilege
#define PsGetCurrentThread()
const LUID SeCreateTokenPrivilege
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
const LUID SeCreatePermanentPrivilege
const LUID SeDebugPrivilege
NTSTATUS NTAPI SepCopyProxyData(PVOID *Dest, PVOID Src)
const LUID SeBackupPrivilege
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define STATUS_INVALID_PARAMETER
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
BOOL ApplyChanges(HWND hwndDlg)
enum _TOKEN_TYPE * PTOKEN_TYPE
NTSTATUS NTAPI SeQuerySessionIdToken(IN PACCESS_TOKEN Token, IN PULONG pSessionId)
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
#define KeGetPreviousMode()
#define STATUS_CANT_OPEN_ANONYMOUS
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
#define SE_RESTORE_PRIVILEGE
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
NTSTATUS NTAPI NtOpenThreadTokenEx(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
LUID SeSystemAuthenticationId
_Out_ PBOOLEAN CopyOnOpen
NTSTATUS ExInitializeResourceLite(PULONG res)
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
#define SE_PRIVILEGE_REMOVED
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
const LUID SeAssignPrimaryTokenPrivilege
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
PSID SeAuthenticatedUsersSid
TOpcodeData Groups[17][8]
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
static VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _TOKEN_USER TOKEN_USER
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
BOOLEAN NTAPI SeTokenIsRestricted(IN PACCESS_TOKEN Token)
#define RtlMoveMemory(Destination, Source, Length)
#define STATUS_BUFFER_TOO_SMALL
#define SECURITY_DESCRIPTOR_REVISION
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
NTSTATUS NTAPI SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token, OUT PLUID LogonId)
NTSTATUS NTAPI NtCompareTokens(IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN Equal)
return STATUS_NOT_IMPLEMENTED
#define SE_PRIVILEGE_ENABLED
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define _Out_writes_bytes_to_opt_(s, c)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
LUID SeAnonymousAuthenticationId
#define RtlEqualLuid(Luid1, Luid2)
static VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
#define PsGetCurrentProcess
#define EXCEPTION_EXECUTE_HANDLER
NTSTATUS NTAPI NtAdjustGroupsToken(IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength)
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
static const char * ts(int t)
#define STATUS_BAD_TOKEN_TYPE
const LUID SeLoadDriverPrivilege
POBJECT_TYPE SeTokenObjectType
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
#define SE_GROUP_ENABLED_BY_DEFAULT
const LUID SeTakeOwnershipPrivilege
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
#define TOKEN_ADJUST_DEFAULT
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
struct _TOKEN_GROUPS * PTOKEN_GROUPS
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
LUID OriginatingLogonSession
#define ANONYMOUS_LOGON_LUID
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
UNICODE_STRING Restricted
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
#define SE_CHANGE_NOTIFY_PRIVILEGE
struct _SID_AND_ATTRIBUTES * PSID_AND_ATTRIBUTES
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
_In_ KPROCESSOR_MODE PreviousMode
static NTSTATUS SepAdjustPrivileges(_Inout_ PTOKEN Token, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PLUID_AND_ATTRIBUTES NewState, _In_ ULONG NewStateCount, _Out_opt_ PTOKEN_PRIVILEGES PreviousState, _In_ BOOLEAN ApplyChanges, _Out_ PULONG ChangedPrivileges, _Out_ PBOOLEAN ChangesMade)
#define STATUS_INVALID_PRIMARY_GROUP
#define TOKEN_HAS_RESTORE_PRIVILEGE
_Must_inspect_result_ _In_ ULONG Flags
const LUID SeCreatePagefilePrivilege
struct _TOKEN_SOURCE * PTOKEN_SOURCE
#define _SEH2_YIELD(STMT_)
const LUID SeRestorePrivilege
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
struct _TOKEN_OWNER TOKEN_OWNER
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
struct _TOKEN_SOURCE TOKEN_SOURCE
_In_ WDFCOLLECTION _In_ ULONG Index
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define ObDereferenceObject
#define STATUS_TOKEN_ALREADY_IN_USE
VOID NTAPI SepFreeProxyData(PVOID ProxyData)
#define ProbeForWriteHandle(Ptr)
#define RtlIsZeroLuid(_L1)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
#define TOKEN_QUERY_SOURCE
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
NTSTATUS NTAPI SeIsTokenSibling(IN PTOKEN Token, OUT PBOOLEAN IsSibling)
#define ProbeForWriteBoolean(Ptr)
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
static const LUID SeChangeNotifyPrivilege
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define SE_GROUP_MANDATORY
#define ProbeForReadLargeInteger(Ptr)
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
VOID NTAPI SepInitializeTokenImplementation(VOID)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
NTSTATUS NTAPI SeSubProcessToken(IN PTOKEN ParentToken, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
#define STATUS_UNSUCCESSFUL
#define ExAllocatePoolWithTag(hernya, size, tag)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
struct _TOKEN_OWNER * PTOKEN_OWNER
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
POBJECT_TYPE PsThreadType
#define TAG_SE_TOKEN_LOCK
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
#define STATUS_INVALID_INFO_CLASS
TOKEN_SOURCE SeSystemTokenSource
#define SepReleaseTokenLock(Token)
__kernel_entry NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
static GENERIC_MAPPING SepTokenMapping
#define TAG_TOKEN_DYNAMIC
static __inline NTSTATUS DefaultQueryInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength, PULONG_PTR ReturnLengthPtr, KPROCESSOR_MODE PreviousMode)
VOID NTAPI SeDeassignPrimaryToken(PEPROCESS Process)
const LUID SeLockMemoryPrivilege
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
const LUID SeProfileSingleProcessPrivilege
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
static const WCHAR Cleanup[]
const LUID SeIncreaseBasePriorityPrivilege
enum _TOKEN_TYPE TOKEN_TYPE
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
const LUID SeTcbPrivilege
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
ULONG DefaultPagedPoolCharge
static VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
#define SE_IMPERSONATE_PRIVILEGE
static VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
const LUID SeShutdownPrivilege
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
LONG NTAPI ExSystemExceptionFilter(VOID)
GENERIC_MAPPING GenericMapping
#define TOKEN_HAS_ADMIN_GROUP
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSTATUS NTAPI SeQueryInformationToken(IN PACCESS_TOKEN AccessToken, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID *TokenInformation)
VOID NTAPI SepDeleteToken(PVOID ObjectBody)
#define SE_BACKUP_PRIVILEGES_CHECKED
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
#define FIELD_OFFSET(t, f)
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_In_ ULONG _Out_opt_ PULONG RequiredLength
BOOLEAN NTAPI SeTokenIsAdmin(IN PACCESS_TOKEN Token)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
#define STATUS_INVALID_OWNER
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
#define RtlInterlockedSetBits(Flags, Flag)
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
#define SepAcquireTokenLockShared(Token)
#define ObReferenceObject
static NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
#define THREAD_QUERY_INFORMATION
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
struct _TOKEN_USER * PTOKEN_USER
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
#define ALIGN_UP_BY(size, align)
#define InitializeObjectAttributes(p, n, a, r, s)
#define RtlCopyMemory(Destination, Source, Length)
static ULONG RtlLengthSidAndAttributes(ULONG Count, PSID_AND_ATTRIBUTES Src)
static NTSTATUS SepCompareTokens(IN PTOKEN FirstToken, IN PTOKEN SecondToken, OUT PBOOLEAN Equal)
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
#define _SEH2_EXCEPT(...)
#define ExFreePoolWithTag(_P, _T)
#define _SEH2_GetExceptionCode()
#define TOKEN_HAS_BACKUP_PRIVILEGE
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
struct _TOKEN_STATISTICS TOKEN_STATISTICS
OB_DELETE_METHOD DeleteProcedure
#define TOKEN_ADJUST_SESSIONID
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
#define TOKEN_ADJUST_PRIVILEGES
#define TOKEN_SESSION_NOT_REFERENCED
BOOLEAN NTAPI SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
const LUID SeAuditPrivilege
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
NTSTATUS NTAPI SeCopyClientToken(IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
struct _TOKEN_ORIGIN TOKEN_ORIGIN
_In_ WDF_POWER_DEVICE_STATE PreviousState
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
#define TOKEN_IS_RESTRICTED
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
PULONG MinorVersion OPTIONAL
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)