60 if (ImpersonationInfo)
75 PTOKEN NewToken, ParentToken;
142 if ((
Thread == CurrentThread) ||
162 if (
Thread != CurrentThread)
253 if (!IsChildOrSibling)
265 if (!IsChildOrSibling)
658 sizeof(*Impersonation),
671 Impersonation = OldData;
682 ImpersonationToken =
Token;
710 ImpersonationToken = NewToken;
717 Job =
Thread->ThreadsProcess->Job;
748 OldToken = Impersonation->
Token;
760 Impersonation->
Token = ImpersonationToken;
882 #undef PsDereferenceImpersonationToken 896 #undef PsDereferencePrimaryToken 949 if (Impersonation)
return TRUE;
1015 IN HANDLE ThreadToImpersonateHandle,
1026 "Threads: %p %p\n", ThreadHandle, ThreadToImpersonateHandle);
1040 SafeServiceQoS = *SecurityQualityOfService;
1041 SecurityQualityOfService = &SafeServiceQoS;
1065 (
PVOID*)&ThreadToImpersonate,
1071 SecurityQualityOfService,
NTSTATUS NTAPI NtImpersonateThread(IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonateHandle, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService)
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
_In_ HANDLE _In_opt_ HANDLE _Out_opt_ PHANDLE _In_ ACCESS_MASK _In_ ULONG HandleAttributes
#define STATUS_PRIVILEGE_NOT_HELD
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
NTSTATUS NTAPI PspSetPrimaryToken(IN PEPROCESS Process, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN Token OPTIONAL)
#define STATUS_INSUFFICIENT_RESOURCES
FORCEINLINE VOID PspUnlockThreadSecurityExclusive(IN PETHREAD Thread)
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState
FORCEINLINE VOID PspLockThreadSecurityShared(IN PETHREAD Thread)
NTSTATUS NTAPI NtOpenProcessTokenEx(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle)
#define PsGetCurrentThread()
#define PspClearCrossThreadFlag(Thread, Flag)
#define PROCESS_QUERY_INFORMATION
#define THREAD_IMPERSONATE
FORCEINLINE VOID PspLockProcessSecurityExclusive(IN PEPROCESS Process)
PTOKEN PspBootAccessToken
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
NTKERNELAPI VOID FASTCALL ExReleaseRundownProtection(_Inout_ PEX_RUNDOWN_REF RunRef)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
VOID NTAPI PsRevertThreadToSelf(IN PETHREAD Thread)
enum _TOKEN_TYPE * PTOKEN_TYPE
NTSTATUS NTAPI PspInitializeProcessSecurity(IN PEPROCESS Process, IN PEPROCESS Parent OPTIONAL)
#define JOB_OBJECT_SECURITY_RESTRICTED_TOKEN
#define KeGetPreviousMode()
ULONG ImpersonationLocale
EX_RUNDOWN_REF RundownProtect
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define ExAcquireRundownProtection
PVOID FASTCALL ObFastReferenceObject(IN PEX_FAST_REF FastRef)
_Out_ PBOOLEAN CopyOnOpen
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
#define TOKEN_ASSIGN_PRIMARY
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
const LUID SeAssignPrimaryTokenPrivilege
#define TOKEN_IMPERSONATE
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel(_In_ PACCESS_TOKEN Token)
Gathers the security impersonation level of an access token.
NTSTATUS NTAPI ObOpenObjectByPointer(IN PVOID Object, IN ULONG HandleAttributes, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PHANDLE Handle)
#define JOB_OBJECT_SECURITY_NO_ADMIN
#define PROCESS_CREATE_THREAD
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
PPS_IMPERSONATION_INFORMATION ImpersonationInfo
VOID NTAPI KeStackAttachProcess(IN PKPROCESS Process, OUT PRKAPC_STATE ApcState)
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
#define PROCESS_DUP_HANDLE
NTSTATUS NTAPI PsOpenTokenOfProcess(IN HANDLE ProcessHandle, OUT PACCESS_TOKEN *Token)
#define InterlockedCompareExchangePointer
FORCEINLINE VOID PspUnlockProcessSecurityShared(IN PEPROCESS Process)
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
VOID NTAPI PsRestoreImpersonation(IN PETHREAD Thread, IN PSE_IMPERSONATION_STATE ImpersonationState)
#define STATUS_BAD_TOKEN_TYPE
POBJECT_TYPE SeTokenObjectType
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity(IN PETHREAD Thread, IN PSECURITY_QUALITY_OF_SERVICE QualityOfService, IN BOOLEAN RemoteClient, OUT PSECURITY_CLIENT_CONTEXT ClientContext)
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
BOOLEAN NTAPI SeTokenIsAdmin(_In_ PACCESS_TOKEN Token)
Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS...
#define PROCESS_SET_QUOTA
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
BOOLEAN NTAPI PsDisableImpersonation(IN PETHREAD Thread, OUT PSE_IMPERSONATION_STATE ImpersonationState)
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(IN PACCESS_TOKEN Token)
_In_ KPROCESSOR_MODE PreviousMode
#define NT_SUCCESS(StatCode)
#define EXCEPTION_EXECUTE_HANDLER
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
#define ObDereferenceObject
#define ProbeForWriteHandle(Ptr)
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
#define STATUS_ACCESS_DENIED
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define PS_SECURITY_DEBUG
#define PROCESS_CREATE_PROCESS
ULONG ActiveImpersonationInfo
#define STATUS_UNSUCCESSFUL
#define ExAllocatePoolWithTag(hernya, size, tag)
NTSTATUS NTAPI PspAssignPrimaryToken(IN PEPROCESS Process, IN HANDLE Token, IN PACCESS_TOKEN AccessToken OPTIONAL)
POBJECT_TYPE PsThreadType
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
#define PspSetCrossThreadFlag(Thread, Flag)
PPS_JOB_TOKEN_FILTER Filter
NTSTATUS NTAPI PsAssignImpersonationToken(IN PETHREAD Thread, IN HANDLE TokenHandle)
FORCEINLINE VOID PspUnlockThreadSecurityShared(IN PETHREAD Thread)
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
OBJECT_TYPE_INITIALIZER TypeInfo
VOID NTAPI ObDereferenceDeviceMap(IN PEPROCESS Process)
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
FORCEINLINE ULONG ObpValidateAttributes(IN ULONG Attributes, IN KPROCESSOR_MODE PreviousMode)
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
NTKERNELAPI VOID NTAPI SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext, IN PETHREAD ServerThread OPTIONAL)
GENERIC_MAPPING GenericMapping
#define STANDARD_RIGHTS_ALL
#define PROCESS_TERMINATE
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
VOID NTAPI KeUnstackDetachProcess(IN PRKAPC_STATE ApcState)
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
_Out_ PKAPC_STATE ApcState
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
VOID NTAPI PspDeleteProcessSecurity(IN PEPROCESS Process)
FORCEINLINE VOID PspLockProcessSecurityShared(IN PEPROCESS Process)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
#define ObReferenceObject
VOID NTAPI SeAssignPrimaryToken(IN PEPROCESS Process, IN PTOKEN Token)
PVOID FASTCALL ObFastReferenceObjectLocked(IN PEX_FAST_REF FastRef)
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
#define PROCESS_VM_OPERATION
FORCEINLINE VOID PspUnlockProcessSecurityExclusive(IN PEPROCESS Process)
#define PROCESS_SET_INFORMATION
#define THREAD_DIRECT_IMPERSONATION
#define PSTRACE(x, fmt,...)
#define _SEH2_EXCEPT(...)
FORCEINLINE VOID PspLockThreadSecurityExclusive(IN PETHREAD Thread)
#define _SEH2_GetExceptionCode()
#define _SEH2_YIELD(__stmt)
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
#define TAG_PS_IMPERSONATION
_In_ HANDLE ProcessHandle
NTSTATUS NTAPI PspWriteTebImpersonationInfo(IN PETHREAD Thread, IN PETHREAD CurrentThread)
#define ExFreePoolWithTag(_P, _T)
ULONG NTAPI ObIsLUIDDeviceMapsEnabled(VOID)
POBJECT_TYPE PsProcessType
VOID NTAPI PspDeleteThreadSecurity(IN PETHREAD Thread)
VOID NTAPI PsRevertToSelf(VOID)
SECURITY_IMPERSONATION_LEVEL Level
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
PULONG MinorVersion OPTIONAL
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
1.8.15