55 DPRINT1(
"SepCreateTokenLock(): Failed to allocate memory!\n");
113 ULONG FirstCount, SecondCount;
118 if (CountSidArray1 != CountSidArray2)
120 DPRINT(
"SepCompareSidAndAttributesFromTokens(): Index counters are not the same!\n");
125 for (FirstCount = 0; FirstCount < CountSidArray1; FirstCount++)
127 for (SecondCount = 0; SecondCount < CountSidArray2; SecondCount++)
129 FirstSidArray = &SidArrayToken1[FirstCount];
130 SecondSidArray = &SidArrayToken2[SecondCount];
140 if (SecondCount == CountSidArray2)
142 DPRINT(
"SepCompareSidAndAttributesFromTokens(): No matching elements could be found in either token!\n");
180 ULONG FirstCount, SecondCount;
185 if (CountPrivArray1 != CountPrivArray2)
187 DPRINT(
"SepComparePrivilegeAndAttributesFromTokens(): Index counters are not the same!\n");
192 for (FirstCount = 0; FirstCount < CountPrivArray1; FirstCount++)
194 for (SecondCount = 0; SecondCount < CountPrivArray2; SecondCount++)
196 FirstPrivArray = &PrivArrayToken1[FirstCount];
197 SecondPrivArray = &PrivArrayToken2[SecondCount];
207 if (SecondCount == CountPrivArray2)
209 DPRINT(
"SepComparePrivilegeAndAttributesFromTokens(): No matching elements could be found in either token!\n");
251 ASSERT(FirstToken != SecondToken);
259 FirstToken->UserAndGroupCount,
260 SecondToken->UserAndGroups,
261 SecondToken->UserAndGroupCount))
282 FirstToken->RestrictedSidCount,
283 SecondToken->RestrictedSids,
284 SecondToken->RestrictedSidCount))
292 FirstToken->PrivilegeCount,
293 SecondToken->Privileges,
294 SecondToken->PrivilegeCount))
301 DPRINT(
"SepCompareTokens(): Tokens are equal!\n");
339 PTOKEN TokenToImpersonate, ProcessToken;
340 ULONG IncludeEveryoneValueData;
351 L"EveryoneIncludesAnonymous",
353 sizeof(IncludeEveryoneValueData),
354 &IncludeEveryoneValueData);
357 DPRINT1(
"SepRegQueryHelper(): Failed to query the registry value (Status 0x%lx)\n",
Status);
361 if (IncludeEveryoneValueData == 0)
363 DPRINT(
"SepImpersonateAnonymousToken(): Assigning the token not including the Everyone Group SID...\n");
368 DPRINT(
"SepImpersonateAnonymousToken(): Assigning the token including the Everyone Group SID...\n");
382 DPRINT1(
"SepImpersonateAnonymousToken(): Couldn't be able to use the token, bail out...\n");
395 DPRINT1(
"SepImpersonateAnonymousToken(): Couldn't be able to get the process' primary token, bail out...\n");
403 DPRINT1(
"SepImpersonateAnonymousToken(): The process is restricted, can't do anything. Bail out...\n");
417 DPRINT1(
"SepImpersonateAnonymousToken(): Failed to impersonate, bail out...\n");
450 if (
Token->Privileges[
Index].Luid.HighPart != 0)
482 Token->TokenFlags |= TokenFlag;
487 Token->TokenFlags &= ~TokenFlag;
560 for (
i = 0;
i <
Token->PrivilegeCount;
i++)
590 MoveCount =
Token->PrivilegeCount -
Index - 1;
600 Token->PrivilegeCount--;
626 MoveCount =
Token->UserAndGroupCount -
Index - 1;
636 Token->UserAndGroupCount--;
664 ULONG DynamicAvailable;
669 ASSERT(DynamicCharged != 0);
679 DynamicAvailable -= DefaultDacl->AclSize;
682 return DynamicAvailable;
719 PVOID NewDynamicPart;
720 PVOID PreviousDynamicPart;
721 ULONG CurrentDynamicLength;
727 ASSERT(NewDynamicPartSize != 0);
733 CurrentDynamicLength = AccessToken->DynamicAvailable +
RtlLengthSid(AccessToken->PrimaryGroup);
734 if (AccessToken->DefaultDacl)
736 CurrentDynamicLength += AccessToken->DefaultDacl->AclSize;
744 if (CurrentDynamicLength < NewDynamicPartSize)
749 if (NewDynamicPart ==
NULL)
751 DPRINT1(
"SepRebuildDynamicPartOfToken(): Insufficient resources to allocate new dynamic part!\n");
756 PreviousDynamicPart = AccessToken->DynamicPart;
757 RtlCopyMemory(NewDynamicPart, PreviousDynamicPart, CurrentDynamicLength);
760 AccessToken->DynamicAvailable += NewDynamicPartSize - CurrentDynamicLength;
761 AccessToken->DynamicPart = NewDynamicPart;
764 AccessToken->PrimaryGroup = (
PSID)((
ULONG_PTR)AccessToken->DynamicPart +
766 if (AccessToken->DefaultDacl !=
NULL)
768 AccessToken->DefaultDacl = (
PACL)((
ULONG_PTR)AccessToken->DynamicPart +
773 DPRINT(
"SepRebuildDynamicPartOfToken(): The dynamic part has been re-built with success!\n");
866 if (OldToken == NewToken)
869 *OldAccessToken = OldToken;
877 *OldAccessToken =
NULL;
884 *OldAccessToken =
NULL;
889 *OldAccessToken = OldToken;
1021 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1024 if (PrimaryGroupIndex)
1028 *PrimaryGroupIndex =
Token->UserAndGroupCount;
1031 if (DefaultOwnerIndex)
1042 *DefaultOwnerIndex = 0;
1043 DefaultOwnerIndex =
NULL;
1048 *DefaultOwnerIndex =
Token->UserAndGroupCount;
1057 *DefaultOwnerIndex = 0;
1058 DefaultOwnerIndex =
NULL;
1063 for (
i = 0;
i <
Token->UserAndGroupCount;
i++)
1066 if (!PrimaryGroupIndex && !DefaultOwnerIndex)
1069 if (DefaultOwnerIndex && DefaultOwner &&
1074 *DefaultOwnerIndex =
i;
1075 DefaultOwnerIndex =
NULL;
1078 if (PrimaryGroupIndex &&
1083 *PrimaryGroupIndex =
i;
1084 PrimaryGroupIndex =
NULL;
1088 if (DefaultOwnerIndex)
1090 if (*DefaultOwnerIndex ==
Token->UserAndGroupCount)
1094 if (PrimaryGroupIndex)
1096 if (*PrimaryGroupIndex ==
Token->UserAndGroupCount)
1143 ParentToken->ImpersonationLevel,
1192 LUID ProcessTokenId, CallerParentId;
1203 ProcessTokenId = ProcessToken->
TokenId;
1209 CallerParentId =
Token->ParentTokenId;
1241 LUID ProcessParentId, ProcessAuthId;
1242 LUID CallerParentId, CallerAuthId;
1260 CallerParentId =
Token->ParentTokenId;
1261 CallerAuthId =
Token->AuthenticationId;
1365 DPRINT(
"SepDeleteToken()\n");
1374 DPRINT1(
"SepDeleteToken(): Failed to remove the logon session from token (Status: 0x%lx)\n",
Status);
1408 DPRINT(
"Creating Token Object Type\n");
1411 RtlZeroMemory(&ObjectTypeInitializer,
sizeof(ObjectTypeInitializer));
1413 ObjectTypeInitializer.
Length =
sizeof(ObjectTypeInitializer);
1482 TokenControl->AuthenticationId =
Token->AuthenticationId;
1483 TokenControl->TokenId =
Token->TokenId;
1484 TokenControl->TokenSource =
Token->TokenSource;
1490 TokenControl->ModifiedId =
Token->ModifiedId;
1510 ULONG GroupAttributes, OwnerAttributes;
1541 Groups[0].Attributes = OwnerAttributes;
1543 Groups[1].Attributes = GroupAttributes;
1545 Groups[2].Attributes = GroupAttributes;
1992 if (
RtlEqualLuid(&TokenToImpersonate->AuthenticationId,
2003 DPRINT(
"SeTokenCanImpersonate(): Token has an anonymous authentication ID, can't impersonate!\n");
2004 CanImpersonate =
FALSE;
2010 if (!
RtlEqualSid(ProcessToken->UserAndGroups->Sid,
2011 TokenToImpersonate->UserAndGroups->Sid))
2014 DPRINT(
"SeTokenCanImpersonate(): Tokens SIDs are not equal!\n");
2015 CanImpersonate =
FALSE;
2031 DPRINT(
"SeTokenCanImpersonate(): One token is restricted, can't continue!\n");
2032 CanImpersonate =
FALSE;
2037 DPRINT(
"SeTokenCanImpersonate(): We can impersonate.\n");
2038 CanImpersonate =
TRUE;
2045 return CanImpersonate;
2174 DPRINT1(
"NtOpenThreadTokenEx(): Failed to create a security descriptor (Status 0x%lx)\n",
Status);
2181 DPRINT1(
"NtOpenThreadTokenEx(): Failed to set a DACL to the security descriptor (Status 0x%lx)\n",
Status);
2193 DPRINT1(
"NtOpenThreadTokenEx(): Failed to duplicate the token (Status 0x%lx)\n",
Status);
2201 DPRINT1(
"NtOpenThreadTokenEx(): Failed to insert the token object (Status 0x%lx)\n",
Status);
2206 DPRINT1(
"NtOpenThreadTokenEx(): Failed to impersonate token from DACL (Status 0x%lx)\n",
Status);
2216 DPRINT1(
"NtOpenThreadTokenEx(): Failed to open the object (Status 0x%lx)\n",
Status);
2222 if (RestoreImpersonation)
2234 DPRINT1(
"NtOpenThreadTokenEx(): Failed to impersonate the client (Status 0x%lx)\n",
Status);
2316 PTOKEN FirstToken, SecondToken;
2342 (
PVOID*)&FirstToken,
2346 DPRINT1(
"ObReferenceObjectByHandle() failed (Status 0x%lx)\n",
Status);
2354 (
PVOID*)&SecondToken,
2358 DPRINT1(
"ObReferenceObjectByHandle() failed (Status 0x%lx)\n",
Status);
2363 if (FirstToken != SecondToken)
2438 DPRINT1(
"NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n",
Status);
2446 DPRINT1(
"NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n",
Status);
PTOKEN SeAnonymousLogonTokenNoEveryone
VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
const LUID SeSystemEnvironmentPrivilege
#define SepAcquireTokenLockExclusive(Token)
NTSTATUS NTAPI NtOpenThreadTokenEx(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
const LUID SeSystemtimePrivilege
#define STATUS_INSUFFICIENT_RESOURCES
#define TOKEN_SANDBOX_INERT
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
const LUID SeIncreaseQuotaPrivilege
#define PsGetCurrentThread()
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
#define THREAD_IMPERSONATE
const LUID SeCreateTokenPrivilege
const LUID SeCreatePermanentPrivilege
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
const LUID SeDebugPrivilege
const LUID SeBackupPrivilege
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define STATUS_INVALID_PARAMETER
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
#define STATUS_CANT_OPEN_ANONYMOUS
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SE_RESTORE_PRIVILEGE
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
LUID SeSystemAuthenticationId
_Out_ PBOOLEAN CopyOnOpen
NTSTATUS ExInitializeResourceLite(PULONG res)
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
PTOKEN SeAnonymousLogonToken
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
const LUID SeAssignPrimaryTokenPrivilege
#define TOKEN_IMPERSONATE
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
PSID SeAuthenticatedUsersSid
TOpcodeData Groups[17][8]
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
#define RtlMoveMemory(Destination, Source, Length)
#define SECURITY_DESCRIPTOR_REVISION
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
return STATUS_NOT_IMPLEMENTED
#define SE_PRIVILEGE_ENABLED
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
LUID SeAnonymousAuthenticationId
NTSTATUS NTAPI SepCopyProxyData(_Out_ PVOID *Dest, _In_ PVOID Src)
Copies the proxy data from the source into the destination of a token.
#define RtlEqualLuid(Luid1, Luid2)
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
#define PsGetCurrentProcess
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
#define STATUS_BAD_TOKEN_TYPE
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
const LUID SeLoadDriverPrivilege
POBJECT_TYPE SeTokenObjectType
#define SE_GROUP_ENABLED_BY_DEFAULT
const LUID SeTakeOwnershipPrivilege
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
static BOOLEAN SepCompareSidAndAttributesFromTokens(_In_ PSID_AND_ATTRIBUTES SidArrayToken1, _In_ ULONG CountSidArray1, _In_ PSID_AND_ATTRIBUTES SidArrayToken2, _In_ ULONG CountSidArray2)
Compares the elements of SID arrays provided by tokens. The elements that are being compared for equa...
NTSTATUS NTAPI ObReferenceObjectByPointer(IN PVOID Object, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSTATUS SepRebuildDynamicPartOfToken(_Inout_ PTOKEN AccessToken, _In_ ULONG NewDynamicPartSize)
Re-builds the dynamic part area of an access token during an a default DACL or primary group replacem...
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
#define ANONYMOUS_LOGON_LUID
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
UNICODE_STRING Restricted
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
#define SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
_In_ KPROCESSOR_MODE PreviousMode
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
#define STATUS_INVALID_PRIMARY_GROUP
#define TOKEN_HAS_RESTORE_PRIVILEGE
const LUID SeCreatePagefilePrivilege
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
const LUID SeRestorePrivilege
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
_In_ WDFCOLLECTION _In_ ULONG Index
#define EXCEPTION_EXECUTE_HANDLER
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define ObDereferenceObject
#define STATUS_TOKEN_ALREADY_IN_USE
#define ProbeForWriteHandle(Ptr)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
#define ProbeForWriteBoolean(Ptr)
#define STATUS_ACCESS_DENIED
static const LUID SeChangeNotifyPrivilege
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define SE_GROUP_MANDATORY
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
#define STATUS_UNSUCCESSFUL
#define ExAllocatePoolWithTag(hernya, size, tag)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
POBJECT_TYPE PsThreadType
BOOLEAN NTAPI SeTokenIsWriteRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is write restricted, that is, nobody can write anything to it.
#define TAG_SE_TOKEN_LOCK
TOKEN_SOURCE SeSystemTokenSource
#define SepReleaseTokenLock(Token)
static GENERIC_MAPPING SepTokenMapping
#define TAG_TOKEN_DYNAMIC
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
const LUID SeLockMemoryPrivilege
static BOOLEAN SepComparePrivilegeAndAttributesFromTokens(_In_ PLUID_AND_ATTRIBUTES PrivArrayToken1, _In_ ULONG CountPrivArray1, _In_ PLUID_AND_ATTRIBUTES PrivArrayToken2, _In_ ULONG CountPrivArray2)
Compares the elements of privilege arrays provided by tokens. The elements that are being compared fo...
const LUID SeProfileSingleProcessPrivilege
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
PSEP_LOGON_SESSION_REFERENCES LogonSession
const LUID SeIncreaseBasePriorityPrivilege
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
const LUID SeTcbPrivilege
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
ULONG DefaultPagedPoolCharge
#define SE_IMPERSONATE_PRIVILEGE
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN ParentToken, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
const LUID SeShutdownPrivilege
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
LONG NTAPI ExSystemExceptionFilter(VOID)
GENERIC_MAPPING GenericMapping
#define TOKEN_HAS_ADMIN_GROUP
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
#define SE_BACKUP_PRIVILEGES_CHECKED
NTSTATUS NTAPI SeQueryAuthenticationIdToken(_In_ PACCESS_TOKEN Token, _Out_ PLUID LogonId)
Queries the authentication ID of an access token.
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
#define STATUS_INVALID_OWNER
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
VOID NTAPI SepFreeProxyData(_Inout_ PVOID ProxyData)
Frees (de-allocates) the proxy data memory block of a token.
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
VOID NTAPI SepDeleteToken(_In_ PVOID ObjectBody)
Internal function that deals with access token object destruction and deletion. The function is used ...
#define SepAcquireTokenLockShared(Token)
#define ObReferenceObject
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
#define THREAD_QUERY_INFORMATION
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE
#define SE_BACKUP_PRIVILEGE
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
_In_ ACCESS_MASK _In_ BOOLEAN OpenAsSelf
#define InitializeObjectAttributes(p, n, a, r, s)
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
#define RtlCopyMemory(Destination, Source, Length)
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
#define _SEH2_EXCEPT(...)
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
#define TOKEN_HAS_BACKUP_PRIVILEGE
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
OB_DELETE_METHOD DeleteProcedure
#define ExFreePoolWithTag(_P, _T)
#define TOKEN_SESSION_NOT_REFERENCED
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
const LUID SeAuditPrivilege
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
PACL SeSystemAnonymousLogonDacl
VOID NTAPI SeAssignPrimaryToken(_In_ PEPROCESS Process, _In_ PTOKEN Token)
Assigns a primary access token to a given process.
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)