turborex 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (74) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +674 -0
  3. data/README.md +38 -0
  4. data/README.rdoc +19 -0
  5. data/examples/alpc_client.rb +15 -0
  6. data/examples/alpc_server.rb +14 -0
  7. data/examples/com_client.rb +19 -0
  8. data/examples/com_finder.rb +39 -0
  9. data/examples/create_instance.rb +15 -0
  10. data/examples/cstruct.rb +19 -0
  11. data/examples/find_com_client_calls.rb +16 -0
  12. data/examples/find_rpc_security_callback.rb +12 -0
  13. data/examples/rpc_finder.rb +117 -0
  14. data/examples/scan_exports.rb +5 -0
  15. data/examples/scan_imports.rb +5 -0
  16. data/examples/tinysdk.rb +17 -0
  17. data/lib/turborex.rb +21 -0
  18. data/lib/turborex/cstruct.rb +565 -0
  19. data/lib/turborex/cstruct/struct_helper.rb +7 -0
  20. data/lib/turborex/exception.rb +65 -0
  21. data/lib/turborex/fuzzer.rb +204 -0
  22. data/lib/turborex/fuzzer/containers.rb +115 -0
  23. data/lib/turborex/fuzzer/coverage.rb +67 -0
  24. data/lib/turborex/fuzzer/mutators.rb +25 -0
  25. data/lib/turborex/fuzzer/seed.rb +30 -0
  26. data/lib/turborex/monkey.rb +11 -0
  27. data/lib/turborex/msrpc.rb +14 -0
  28. data/lib/turborex/msrpc/decompiler.rb +244 -0
  29. data/lib/turborex/msrpc/midl.rb +747 -0
  30. data/lib/turborex/msrpc/ndrtype.rb +167 -0
  31. data/lib/turborex/msrpc/rpcbase.rb +777 -0
  32. data/lib/turborex/msrpc/rpcfinder.rb +1426 -0
  33. data/lib/turborex/msrpc/utils.rb +70 -0
  34. data/lib/turborex/pefile.rb +8 -0
  35. data/lib/turborex/pefile/pe.rb +61 -0
  36. data/lib/turborex/pefile/scanner.rb +82 -0
  37. data/lib/turborex/utils.rb +321 -0
  38. data/lib/turborex/windows.rb +402 -0
  39. data/lib/turborex/windows/alpc.rb +844 -0
  40. data/lib/turborex/windows/com.rb +266 -0
  41. data/lib/turborex/windows/com/client.rb +84 -0
  42. data/lib/turborex/windows/com/com_finder.rb +330 -0
  43. data/lib/turborex/windows/com/com_registry.rb +100 -0
  44. data/lib/turborex/windows/com/interface.rb +522 -0
  45. data/lib/turborex/windows/com/utils.rb +210 -0
  46. data/lib/turborex/windows/constants.rb +82 -0
  47. data/lib/turborex/windows/process.rb +56 -0
  48. data/lib/turborex/windows/security.rb +12 -0
  49. data/lib/turborex/windows/security/ace.rb +76 -0
  50. data/lib/turborex/windows/security/acl.rb +25 -0
  51. data/lib/turborex/windows/security/security_descriptor.rb +118 -0
  52. data/lib/turborex/windows/tinysdk.rb +89 -0
  53. data/lib/turborex/windows/utils.rb +138 -0
  54. data/resources/headers/alpc/ntdef.h +72 -0
  55. data/resources/headers/alpc/ntlpcapi.h +1014 -0
  56. data/resources/headers/rpc/common.h +162 -0
  57. data/resources/headers/rpc/guiddef.h +191 -0
  58. data/resources/headers/rpc/internal_ndrtypes.h +262 -0
  59. data/resources/headers/rpc/rpc.h +10 -0
  60. data/resources/headers/rpc/rpcdce.h +266 -0
  61. data/resources/headers/rpc/rpcdcep.h +187 -0
  62. data/resources/headers/rpc/rpcndr.h +39 -0
  63. data/resources/headers/rpc/v4_x64/rpcinternals.h +154 -0
  64. data/resources/headers/rpc/wintype.h +517 -0
  65. data/resources/headers/tinysdk/tinysdk.h +5 -0
  66. data/resources/headers/tinysdk/tinysdk/comdef.h +645 -0
  67. data/resources/headers/tinysdk/tinysdk/dbghelp.h +118 -0
  68. data/resources/headers/tinysdk/tinysdk/guiddef.h +194 -0
  69. data/resources/headers/tinysdk/tinysdk/memoryapi.h +12 -0
  70. data/resources/headers/tinysdk/tinysdk/poppack.h +12 -0
  71. data/resources/headers/tinysdk/tinysdk/pshpack4.h +13 -0
  72. data/resources/headers/tinysdk/tinysdk/winnt.h +1059 -0
  73. data/resources/headers/tinysdk/tinysdk/wintype.h +326 -0
  74. metadata +290 -0
@@ -0,0 +1,118 @@
1
+
2
+
3
+ #ifdef _WIN64
4
+ #ifndef _IMAGEHLP64
5
+ #define _IMAGEHLP64
6
+ #endif
7
+ #endif
8
+
9
+
10
+ typedef enum {
11
+ SymNone = 0,
12
+ SymCoff,
13
+ SymCv,
14
+ SymPdb,
15
+ SymExport,
16
+ SymDeferred,
17
+ SymSym,
18
+ SymDia,
19
+ SymVirtual,
20
+ NumSymTypes
21
+ } SYM_TYPE;
22
+
23
+ //
24
+ // module data structure
25
+ //
26
+
27
+ typedef struct _IMAGEHLP_MODULE64 {
28
+ DWORD SizeOfStruct;
29
+ DWORD64 BaseOfImage;
30
+ DWORD ImageSize;
31
+ DWORD TimeDateStamp;
32
+ DWORD CheckSum;
33
+ DWORD NumSyms;
34
+ SYM_TYPE SymType;
35
+ CHAR ModuleName[32];
36
+ CHAR ImageName[256];
37
+ CHAR LoadedImageName[256];
38
+ CHAR LoadedPdbName[256];
39
+ DWORD CVSig;
40
+ CHAR CVData[MAX_PATH * 3]; // Contents of the CV record
41
+ DWORD PdbSig; // Signature of PDB
42
+ GUID PdbSig70; // Signature of PDB (VC 7 and up)
43
+ DWORD PdbAge; // DBI age of pdb
44
+ BOOL PdbUnmatched; // loaded an unmatched pdb
45
+ BOOL DbgUnmatched; // loaded an unmatched dbg
46
+ BOOL LineNumbers; // we have line number information
47
+ BOOL GlobalSymbols; // we have internal symbol information
48
+ BOOL TypeInfo; // we have type information
49
+ BOOL SourceIndexed; // pdb supports source server
50
+ BOOL Publics; // contains public symbols
51
+ DWORD MachineType; // IMAGE_FILE_MACHINE_XXX from ntimage.h and winnt.h
52
+ DWORD Reserved; // Padding - don't remove.
53
+ } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
54
+
55
+ typedef struct _IMAGEHLP_MODULEW64 {
56
+ DWORD SizeOfStruct;
57
+ DWORD64 BaseOfImage;
58
+ DWORD ImageSize;
59
+ DWORD TimeDateStamp;
60
+ DWORD CheckSum;
61
+ DWORD NumSyms;
62
+ SYM_TYPE SymType; // type of symbols loaded
63
+ WCHAR ModuleName[32]; // module name
64
+ WCHAR ImageName[256]; // image name
65
+ WCHAR LoadedImageName[256]; // symbol file name
66
+ WCHAR LoadedPdbName[256]; // pdb file name
67
+ DWORD CVSig; // Signature of the CV record in the debug directories
68
+ WCHAR CVData[MAX_PATH * 3]; // Contents of the CV record
69
+ DWORD PdbSig; // Signature of PDB
70
+ GUID PdbSig70; // Signature of PDB (VC 7 and up)
71
+ DWORD PdbAge; // DBI age of pdb
72
+ BOOL PdbUnmatched; // loaded an unmatched pdb
73
+ BOOL DbgUnmatched;
74
+ BOOL LineNumbers;
75
+ BOOL GlobalSymbols;
76
+ BOOL TypeInfo;
77
+ BOOL SourceIndexed;
78
+ BOOL Publics;
79
+ DWORD MachineType;
80
+ DWORD Reserved;
81
+ } IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
82
+
83
+
84
+ #if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
85
+ #define IMAGEHLP_MODULE IMAGEHLP_MODULE64
86
+ #define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
87
+ #define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
88
+ #define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
89
+ #else
90
+ typedef struct _IMAGEHLP_MODULE {
91
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
92
+ DWORD BaseOfImage; // base load address of module
93
+ DWORD ImageSize; // virtual size of the loaded module
94
+ DWORD TimeDateStamp; // date/time stamp from pe header
95
+ DWORD CheckSum; // checksum from the pe header
96
+ DWORD NumSyms; // number of symbols in the symbol table
97
+ SYM_TYPE SymType; // type of symbols loaded
98
+ CHAR ModuleName[32]; // module name
99
+ CHAR ImageName[256]; // image name
100
+ CHAR LoadedImageName[256]; // symbol file name
101
+ } IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
102
+
103
+ typedef struct _IMAGEHLP_MODULEW {
104
+ DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
105
+ DWORD BaseOfImage; // base load address of module
106
+ DWORD ImageSize; // virtual size of the loaded module
107
+ DWORD TimeDateStamp; // date/time stamp from pe header
108
+ DWORD CheckSum; // checksum from the pe header
109
+ DWORD NumSyms; // number of symbols in the symbol table
110
+ SYM_TYPE SymType; // type of symbols loaded
111
+ WCHAR ModuleName[32]; // module name
112
+ WCHAR ImageName[256]; // image name
113
+ WCHAR LoadedImageName[256]; // symbol file name
114
+ } IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
115
+ #endif
116
+
117
+
118
+
@@ -0,0 +1,194 @@
1
+ #ifndef GUID_DEFINED
2
+ #define GUID_DEFINED
3
+ #if defined(__midl)
4
+ typedef struct {
5
+ unsigned long Data1;
6
+ unsigned short Data2;
7
+ unsigned short Data3;
8
+ byte Data4[ 8 ];
9
+ } GUID;
10
+ #else
11
+ typedef struct _GUID {
12
+ unsigned long Data1;
13
+ unsigned short Data2;
14
+ unsigned short Data3;
15
+ unsigned char Data4[ 8 ];
16
+ } GUID;
17
+ #endif
18
+ #endif
19
+
20
+ #ifndef FAR
21
+ #ifdef _WIN32
22
+ #define FAR
23
+ #else
24
+ #define FAR _far
25
+ #endif
26
+ #endif
27
+
28
+ #ifndef DECLSPEC_SELECTANY
29
+ #if (_MSC_VER >= 1100)
30
+ #define DECLSPEC_SELECTANY __declspec(selectany)
31
+ #else
32
+ #define DECLSPEC_SELECTANY
33
+ #endif
34
+ #endif
35
+
36
+ #ifndef EXTERN_C
37
+ #ifdef __cplusplus
38
+ #define EXTERN_C extern "C"
39
+ #else
40
+ #define EXTERN_C extern
41
+ #endif
42
+ #endif
43
+
44
+ #ifdef DEFINE_GUID
45
+ #undef DEFINE_GUID
46
+ #endif
47
+
48
+ #ifdef INITGUID
49
+ #define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
50
+ EXTERN_C const GUID DECLSPEC_SELECTANY name \
51
+ = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
52
+ #else
53
+ #define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
54
+ EXTERN_C const GUID FAR name
55
+ #endif // INITGUID
56
+
57
+ #define DEFINE_OLEGUID(name, l, w1, w2) DEFINE_GUID(name, l, w1, w2, 0xC0,0,0,0,0,0,0,0x46)
58
+
59
+ #ifndef _GUIDDEF_H_
60
+ #define _GUIDDEF_H_
61
+
62
+ #ifndef __LPGUID_DEFINED__
63
+ #define __LPGUID_DEFINED__
64
+ typedef GUID *LPGUID;
65
+ #endif
66
+
67
+ #ifndef __LPCGUID_DEFINED__
68
+ #define __LPCGUID_DEFINED__
69
+ typedef const GUID *LPCGUID;
70
+ #endif
71
+
72
+ #ifndef __IID_DEFINED__
73
+ #define __IID_DEFINED__
74
+
75
+ typedef GUID IID;
76
+ typedef IID *LPIID;
77
+ #define IID_NULL GUID_NULL
78
+ #define IsEqualIID(riid1, riid2) IsEqualGUID(riid1, riid2)
79
+ typedef GUID CLSID;
80
+ typedef CLSID *LPCLSID;
81
+ #define CLSID_NULL GUID_NULL
82
+ #define IsEqualCLSID(rclsid1, rclsid2) IsEqualGUID(rclsid1, rclsid2)
83
+ typedef GUID FMTID;
84
+ typedef FMTID *LPFMTID;
85
+ #define FMTID_NULL GUID_NULL
86
+ #define IsEqualFMTID(rfmtid1, rfmtid2) IsEqualGUID(rfmtid1, rfmtid2)
87
+
88
+ #ifdef __midl_proxy
89
+ #define __MIDL_CONST
90
+ #else
91
+ #define __MIDL_CONST const
92
+ #endif
93
+
94
+ #ifndef _REFGUID_DEFINED
95
+ #define _REFGUID_DEFINED
96
+ #ifdef __cplusplus
97
+ #define REFGUID const GUID &
98
+ #else
99
+ #define REFGUID const GUID * __MIDL_CONST
100
+ #endif
101
+ #endif
102
+
103
+ #ifndef _REFIID_DEFINED
104
+ #define _REFIID_DEFINED
105
+ #ifdef __cplusplus
106
+ #define REFIID const IID &
107
+ #else
108
+ #define REFIID const IID * __MIDL_CONST
109
+ #endif
110
+ #endif
111
+
112
+ #ifndef _REFCLSID_DEFINED
113
+ #define _REFCLSID_DEFINED
114
+ #ifdef __cplusplus
115
+ #define REFCLSID const IID &
116
+ #else
117
+ #define REFCLSID const IID * __MIDL_CONST
118
+ #endif
119
+ #endif
120
+
121
+ #ifndef _REFFMTID_DEFINED
122
+ #define _REFFMTID_DEFINED
123
+ #ifdef __cplusplus
124
+ #define REFFMTID const IID &
125
+ #else
126
+ #define REFFMTID const IID * __MIDL_CONST
127
+ #endif
128
+ #endif
129
+
130
+ #endif // !__IID_DEFINED__
131
+
132
+ #if !defined (__midl)
133
+ #if !defined (_SYS_GUID_OPERATORS_)
134
+ #define _SYS_GUID_OPERATORS_
135
+ //#include <string.h>
136
+
137
+ // Faster (but makes code fatter) inline version...use sparingly
138
+ #ifdef __cplusplus
139
+ __inline int InlineIsEqualGUID(REFGUID rguid1, REFGUID rguid2)
140
+ {
141
+ return (
142
+ ((unsigned long *) &rguid1)[0] == ((unsigned long *) &rguid2)[0] &&
143
+ ((unsigned long *) &rguid1)[1] == ((unsigned long *) &rguid2)[1] &&
144
+ ((unsigned long *) &rguid1)[2] == ((unsigned long *) &rguid2)[2] &&
145
+ ((unsigned long *) &rguid1)[3] == ((unsigned long *) &rguid2)[3]);
146
+ }
147
+
148
+ __inline int IsEqualGUID(REFGUID rguid1, REFGUID rguid2)
149
+ {
150
+ return !memcmp(&rguid1, &rguid2, sizeof(GUID));
151
+ }
152
+
153
+ #else // ! __cplusplus
154
+
155
+ #define InlineIsEqualGUID(rguid1, rguid2) \
156
+ (((unsigned long *) rguid1)[0] == ((unsigned long *) rguid2)[0] && \
157
+ ((unsigned long *) rguid1)[1] == ((unsigned long *) rguid2)[1] && \
158
+ ((unsigned long *) rguid1)[2] == ((unsigned long *) rguid2)[2] && \
159
+ ((unsigned long *) rguid1)[3] == ((unsigned long *) rguid2)[3])
160
+
161
+ #define IsEqualGUID(rguid1, rguid2) (!memcmp(rguid1, rguid2, sizeof(GUID)))
162
+
163
+ #endif // __cplusplus
164
+
165
+ #ifdef __INLINE_ISEQUAL_GUID
166
+ #undef IsEqualGUID
167
+ #define IsEqualGUID(rguid1, rguid2) InlineIsEqualGUID(rguid1, rguid2)
168
+ #endif
169
+
170
+ // Same type, different name
171
+
172
+ #define IsEqualIID(riid1, riid2) IsEqualGUID(riid1, riid2)
173
+ #define IsEqualCLSID(rclsid1, rclsid2) IsEqualGUID(rclsid1, rclsid2)
174
+
175
+
176
+ #if !defined _SYS_GUID_OPERATOR_EQ_ && !defined _NO_SYS_GUID_OPERATOR_EQ_
177
+ #define _SYS_GUID_OPERATOR_EQ_
178
+ // A couple of C++ helpers
179
+
180
+ #ifdef __cplusplus
181
+ __inline bool operator==(REFGUID guidOne, REFGUID guidOther)
182
+ {
183
+ return !!IsEqualGUID(guidOne,guidOther);
184
+ }
185
+
186
+ __inline bool operator!=(REFGUID guidOne, REFGUID guidOther)
187
+ {
188
+ return !(guidOne == guidOther);
189
+ }
190
+ #endif
191
+ #endif
192
+ #endif
193
+ #endif
194
+ #endif
@@ -0,0 +1,12 @@
1
+ #define FILE_MAP_WRITE SECTION_MAP_WRITE
2
+ #define FILE_MAP_READ SECTION_MAP_READ
3
+ #define FILE_MAP_ALL_ACCESS SECTION_ALL_ACCESS
4
+
5
+ #define FILE_MAP_EXECUTE SECTION_MAP_EXECUTE_EXPLICIT // not included in FILE_MAP_ALL_ACCESS
6
+
7
+ #define FILE_MAP_COPY 0x00000001
8
+
9
+ #define FILE_MAP_RESERVE 0x80000000
10
+ #define FILE_MAP_TARGETS_INVALID 0x40000000
11
+ #define FILE_MAP_LARGE_PAGES 0x20000000
12
+
@@ -0,0 +1,12 @@
1
+ #if ! (defined(lint) || defined(RC_INVOKED))
2
+ #if ( _MSC_VER >= 800 && !defined(_M_I86)) || defined(_PUSHPOP_SUPPORTED)
3
+ #pragma warning(disable:4103)
4
+ #if !(defined( MIDL_PASS )) || defined( __midl )
5
+ #pragma pack(pop)
6
+ #else
7
+ #pragma pack()
8
+ #endif
9
+ #else
10
+ #pragma pack()
11
+ #endif
12
+ #endif
@@ -0,0 +1,13 @@
1
+
2
+ #if ! (defined(lint) || defined(RC_INVOKED))
3
+ #if ( _MSC_VER >= 800 && !defined(_M_I86)) || defined(_PUSHPOP_SUPPORTED)
4
+ #pragma warning(disable:4103)
5
+ #if !(defined( MIDL_PASS )) || defined( __midl )
6
+ #pragma pack(push,4)
7
+ #else
8
+ #pragma pack(4)
9
+ #endif
10
+ #else
11
+ #pragma pack(4)
12
+ #endif
13
+ #endif
@@ -0,0 +1,1059 @@
1
+ #define ANYSIZE_ARRAY 1
2
+ #include <guiddef.h>
3
+
4
+ #if (defined(_M_IX86) || defined(_M_IA64) || defined(_M_AMD64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined(MIDL_PASS)
5
+ #define DECLSPEC_IMPORT __declspec(dllimport)
6
+ #else
7
+ #define DECLSPEC_IMPORT
8
+ #endif
9
+
10
+
11
+ #if !defined(_NTSYSTEM_)
12
+ #define NTSYSAPI DECLSPEC_IMPORT
13
+ #define NTSYSCALLAPI DECLSPEC_IMPORT
14
+ #else
15
+ #define NTSYSAPI
16
+ #if defined(_NTDLLBUILD_)
17
+ #define NTSYSCALLAPI
18
+ #else
19
+ #define NTSYSCALLAPI DECLSPEC_ADDRSAFE
20
+ #endif
21
+ #endif
22
+
23
+
24
+ #if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
25
+ #define NTAPI __stdcall
26
+ #else
27
+ #define _cdecl
28
+ #define __cdecl
29
+ #define NTAPI
30
+ #endif
31
+
32
+
33
+ typedef struct _LUID {
34
+ DWORD LowPart;
35
+ LONG HighPart;
36
+ } LUID, *PLUID;
37
+
38
+ typedef unsigned char SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
39
+ typedef enum _SECURITY_IMPERSONATION_LEVEL {
40
+ SecurityAnonymous,
41
+ SecurityIdentification,
42
+ SecurityImpersonation,
43
+ SecurityDelegation
44
+ } SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
45
+ typedef struct _SECURITY_QUALITY_OF_SERVICE {
46
+ DWORD Length;
47
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
48
+ SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
49
+ BOOLEAN EffectiveOnly;
50
+ } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
51
+
52
+ /*
53
+ typedef struct _SID_IDENTIFIER_AUTHORITY {
54
+ BYTE Value[6];
55
+ } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
56
+
57
+ typedef DWORD ACCESS_MASK;
58
+ typedef ACCESS_MASK* PACCESS_MASK;
59
+ typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
60
+ typedef struct _SID {
61
+ BYTE Revision;
62
+ BYTE SubAuthorityCount;
63
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
64
+ #ifdef MIDL_PASS
65
+ DWORD SubAuthority[*];
66
+ #else // MIDL_PASS
67
+ DWORD SubAuthority[ANYSIZE_ARRAY];
68
+ #endif // MIDL_PASS
69
+ } SID, *PSID, *PISID;
70
+
71
+
72
+ typedef struct _SECURITY_DESCRIPTOR {
73
+ BYTE Revision;
74
+ BYTE Sbz1;
75
+ SECURITY_DESCRIPTOR_CONTROL Control;
76
+ PSID Owner;
77
+ PSID Group;
78
+ PACL Sacl;
79
+ PACL Dacl;
80
+ } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
81
+ */
82
+
83
+
84
+ typedef PVOID PACCESS_TOKEN;
85
+ typedef PVOID PSECURITY_DESCRIPTOR;
86
+ typedef PVOID PSID;
87
+ typedef PVOID PCLAIMS_BLOB;
88
+
89
+
90
+
91
+ typedef DWORD ACCESS_MASK;
92
+ typedef ACCESS_MASK *PACCESS_MASK;
93
+
94
+ #define DELETE (0x00010000L)
95
+ #define READ_CONTROL (0x00020000L)
96
+ #define WRITE_DAC (0x00040000L)
97
+ #define WRITE_OWNER (0x00080000L)
98
+ #define SYNCHRONIZE (0x00100000L)
99
+
100
+ #define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
101
+
102
+ #define STANDARD_RIGHTS_READ (READ_CONTROL)
103
+ #define STANDARD_RIGHTS_WRITE (READ_CONTROL)
104
+ #define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
105
+
106
+ #define STANDARD_RIGHTS_ALL (0x001F0000L)
107
+
108
+ #define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
109
+
110
+
111
+ #define ACCESS_SYSTEM_SECURITY (0x01000000L)
112
+
113
+
114
+ #define MAXIMUM_ALLOWED (0x02000000L)
115
+
116
+
117
+ #define GENERIC_READ (0x80000000L)
118
+ #define GENERIC_WRITE (0x40000000L)
119
+ #define GENERIC_EXECUTE (0x20000000L)
120
+ #define GENERIC_ALL (0x10000000L)
121
+
122
+ #define SECTION_QUERY 0x0001
123
+ #define SECTION_MAP_WRITE 0x0002
124
+ #define SECTION_MAP_READ 0x0004
125
+ #define SECTION_MAP_EXECUTE 0x0008
126
+ #define SECTION_EXTEND_SIZE 0x0010
127
+ #define SECTION_MAP_EXECUTE_EXPLICIT 0x0020 // not included in SECTION_ALL_ACCESS
128
+
129
+ #define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
130
+ SECTION_MAP_WRITE | \
131
+ SECTION_MAP_READ | \
132
+ SECTION_MAP_EXECUTE | \
133
+ SECTION_EXTEND_SIZE)
134
+
135
+
136
+ typedef struct _GENERIC_MAPPING {
137
+ ACCESS_MASK GenericRead;
138
+ ACCESS_MASK GenericWrite;
139
+ ACCESS_MASK GenericExecute;
140
+ ACCESS_MASK GenericAll;
141
+ } GENERIC_MAPPING;
142
+ typedef GENERIC_MAPPING *PGENERIC_MAPPING;
143
+
144
+
145
+ #include <pshpack4.h>
146
+
147
+ typedef struct _LUID_AND_ATTRIBUTES {
148
+ LUID Luid;
149
+ DWORD Attributes;
150
+ } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
151
+ typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
152
+ typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
153
+
154
+ #include <poppack.h>
155
+
156
+
157
+ #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
158
+ #define SID_IDENTIFIER_AUTHORITY_DEFINED
159
+ typedef struct _SID_IDENTIFIER_AUTHORITY {
160
+ BYTE Value[6];
161
+ } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
162
+ #endif
163
+
164
+ #ifndef SID_DEFINED
165
+ #define SID_DEFINED
166
+ typedef struct _SID {
167
+ BYTE Revision;
168
+ BYTE SubAuthorityCount;
169
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
170
+ #ifdef MIDL_PASS
171
+ [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
172
+ #else // MIDL_PASS
173
+ DWORD SubAuthority[ANYSIZE_ARRAY];
174
+ #endif // MIDL_PASS
175
+ } SID, *PISID;
176
+ #endif
177
+
178
+ #define SID_REVISION (1)
179
+ #define SID_MAX_SUB_AUTHORITIES (15)
180
+ #define SID_RECOMMENDED_SUB_AUTHORITIES (1)
181
+
182
+ #ifndef MIDL_PASS
183
+ #define SECURITY_MAX_SID_SIZE \
184
+ (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
185
+
186
+ #define SECURITY_SID_SIZE(SubAuthorityCount_) (sizeof(SID) - sizeof(DWORD) + \
187
+ (SubAuthorityCount_) * sizeof(DWORD))
188
+
189
+
190
+ #define SECURITY_MAX_SID_STRING_CHARACTERS \
191
+ (2 + 4 + 15 + (11 * SID_MAX_SUB_AUTHORITIES) + 1)
192
+
193
+
194
+ typedef union _SE_SID {
195
+ SID Sid;
196
+ BYTE Buffer[SECURITY_MAX_SID_SIZE];
197
+ } SE_SID, *PSE_SID;
198
+
199
+ #endif
200
+
201
+
202
+ typedef enum _SID_NAME_USE {
203
+ SidTypeUser = 1,
204
+ SidTypeGroup,
205
+ SidTypeDomain,
206
+ SidTypeAlias,
207
+ SidTypeWellKnownGroup,
208
+ SidTypeDeletedAccount,
209
+ SidTypeInvalid,
210
+ SidTypeUnknown,
211
+ SidTypeComputer,
212
+ SidTypeLabel,
213
+ SidTypeLogonSession
214
+ } SID_NAME_USE, *PSID_NAME_USE;
215
+
216
+ typedef struct _SID_AND_ATTRIBUTES {
217
+ #ifdef MIDL_PASS
218
+ PISID Sid;
219
+ #else // MIDL_PASS
220
+ PSID Sid;
221
+ #endif // MIDL_PASS
222
+ DWORD Attributes;
223
+ } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
224
+
225
+ typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
226
+ typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
227
+
228
+ #define SID_HASH_SIZE 32
229
+ typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
230
+
231
+ typedef struct _SID_AND_ATTRIBUTES_HASH {
232
+ DWORD SidCount;
233
+ PSID_AND_ATTRIBUTES SidAttr;
234
+ SID_HASH_ENTRY Hash[SID_HASH_SIZE];
235
+ } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
236
+
237
+
238
+
239
+ #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
240
+ #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
241
+ #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
242
+ #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
243
+ #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
244
+ #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
245
+
246
+
247
+ #define SECURITY_NULL_RID (0x00000000L)
248
+ #define SECURITY_WORLD_RID (0x00000000L)
249
+ #define SECURITY_LOCAL_RID (0x00000000L)
250
+ #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
251
+
252
+ #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
253
+ #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
254
+
255
+ #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
256
+ #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
257
+
258
+ #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
259
+
260
+
261
+
262
+ #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
263
+
264
+ #define SECURITY_DIALUP_RID (0x00000001L)
265
+ #define SECURITY_NETWORK_RID (0x00000002L)
266
+ #define SECURITY_BATCH_RID (0x00000003L)
267
+ #define SECURITY_INTERACTIVE_RID (0x00000004L)
268
+ #define SECURITY_LOGON_IDS_RID (0x00000005L)
269
+ #define SECURITY_LOGON_IDS_RID_COUNT (3L)
270
+ #define SECURITY_SERVICE_RID (0x00000006L)
271
+ #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
272
+ #define SECURITY_PROXY_RID (0x00000008L)
273
+ #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
274
+ #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
275
+ #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
276
+ #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
277
+ #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
278
+ #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
279
+ #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
280
+ #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
281
+ #define SECURITY_IUSER_RID (0x00000011L)
282
+ #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
283
+ #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
284
+ #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
285
+
286
+ #define SECURITY_NT_NON_UNIQUE (0x00000015L)
287
+ #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
288
+
289
+ #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
290
+
291
+ #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
292
+ #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
293
+
294
+
295
+ #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
296
+ #define SECURITY_PACKAGE_RID_COUNT (2L)
297
+ #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
298
+ #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
299
+ #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
300
+
301
+ #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
302
+ #define SECURITY_CRED_TYPE_RID_COUNT (2L)
303
+ #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
304
+
305
+ #define SECURITY_MIN_BASE_RID (0x00000050L)
306
+
307
+ #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
308
+ #define SECURITY_SERVICE_ID_RID_COUNT (6L)
309
+
310
+ #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
311
+
312
+ #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
313
+ #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
314
+
315
+ #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
316
+ #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
317
+
318
+ #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
319
+ #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
320
+
321
+ #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
322
+ #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
323
+
324
+ #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
325
+ #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
326
+
327
+ #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
328
+
329
+ #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
330
+
331
+ #define SECURITY_COM_ID_BASE_RID (0x00000059L)
332
+
333
+ #define SECURITY_WINDOW_MANAGER_BASE_RID (0x0000005AL)
334
+
335
+ #define SECURITY_RDV_GFX_BASE_RID (0x0000005BL)
336
+
337
+ #define SECURITY_DASHOST_ID_BASE_RID (0x0000005CL)
338
+ #define SECURITY_DASHOST_ID_RID_COUNT (6L)
339
+
340
+ #define SECURITY_USERMANAGER_ID_BASE_RID (0x0000005DL)
341
+ #define SECURITY_USERMANAGER_ID_RID_COUNT (6L)
342
+
343
+ #define SECURITY_WINRM_ID_BASE_RID (0x0000005EL)
344
+ #define SECURITY_WINRM_ID_RID_COUNT (6L)
345
+
346
+ #define SECURITY_CCG_ID_BASE_RID (0x0000005FL)
347
+ #define SECURITY_UMFD_BASE_RID (0x00000060L)
348
+
349
+ #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
350
+
351
+
352
+ #define SECURITY_MAX_BASE_RID (0x0000006FL)
353
+ #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
354
+ #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
355
+
356
+ #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
357
+
358
+
359
+ #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
360
+
361
+
362
+ #define SECURITY_INSTALLER_GROUP_CAPABILITY_BASE (0x20)
363
+ #define SECURITY_INSTALLER_GROUP_CAPABILITY_RID_COUNT (9)
364
+
365
+
366
+ #define SECURITY_INSTALLER_CAPABILITY_RID_COUNT (10)
367
+
368
+
369
+ #define SECURITY_LOCAL_ACCOUNT_RID (0x00000071L)
370
+ #define SECURITY_LOCAL_ACCOUNT_AND_ADMIN_RID (0x00000072L)
371
+
372
+
373
+ #define DOMAIN_GROUP_RID_AUTHORIZATION_DATA_IS_COMPOUNDED (0x000001F0L)
374
+ #define DOMAIN_GROUP_RID_AUTHORIZATION_DATA_CONTAINS_CLAIMS (0x000001F1L)
375
+ #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
376
+
377
+ #define FOREST_USER_RID_MAX (0x000001F3L)
378
+
379
+
380
+ #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
381
+ #define DOMAIN_USER_RID_GUEST (0x000001F5L)
382
+ #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
383
+ #define DOMAIN_USER_RID_DEFAULT_ACCOUNT (0x000001F7L)
384
+ #define DOMAIN_USER_RID_WDAG_ACCOUNT (0x000001F8L)
385
+
386
+ #define DOMAIN_USER_RID_MAX (0x000003E7L)
387
+
388
+
389
+
390
+ #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
391
+ #define DOMAIN_GROUP_RID_USERS (0x00000201L)
392
+ #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
393
+ #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
394
+ #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
395
+ #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
396
+ #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
397
+ #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
398
+ #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
399
+ #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
400
+ #define DOMAIN_GROUP_RID_CLONEABLE_CONTROLLERS (0x0000020AL)
401
+ #define DOMAIN_GROUP_RID_CDC_RESERVED (0x0000020CL)
402
+ #define DOMAIN_GROUP_RID_PROTECTED_USERS (0x0000020DL)
403
+ #define DOMAIN_GROUP_RID_KEY_ADMINS (0x0000020EL)
404
+ #define DOMAIN_GROUP_RID_ENTERPRISE_KEY_ADMINS (0x0000020FL)
405
+
406
+
407
+ #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
408
+ #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
409
+ #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
410
+ #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
411
+
412
+ #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
413
+ #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
414
+ #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
415
+ #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
416
+
417
+ #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
418
+ #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
419
+ #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
420
+ #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
421
+ #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
422
+ #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
423
+
424
+ #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
425
+ #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
426
+ #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
427
+ #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
428
+ #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
429
+ #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
430
+ #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
431
+ #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
432
+ #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
433
+ #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
434
+ #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
435
+ #define DOMAIN_ALIAS_RID_RDS_REMOTE_ACCESS_SERVERS (0x0000023FL)
436
+ #define DOMAIN_ALIAS_RID_RDS_ENDPOINT_SERVERS (0x00000240L)
437
+ #define DOMAIN_ALIAS_RID_RDS_MANAGEMENT_SERVERS (0x00000241L)
438
+ #define DOMAIN_ALIAS_RID_HYPER_V_ADMINS (0x00000242L)
439
+ #define DOMAIN_ALIAS_RID_ACCESS_CONTROL_ASSISTANCE_OPS (0x00000243L)
440
+ #define DOMAIN_ALIAS_RID_REMOTE_MANAGEMENT_USERS (0x00000244L)
441
+ #define DOMAIN_ALIAS_RID_DEFAULT_ACCOUNT (0x00000245L)
442
+ #define DOMAIN_ALIAS_RID_STORAGE_REPLICA_ADMINS (0x00000246L)
443
+ #define DOMAIN_ALIAS_RID_DEVICE_OWNERS (0x00000247L)
444
+
445
+
446
+ #define SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15}
447
+
448
+ #define SECURITY_APP_PACKAGE_BASE_RID (0x00000002L)
449
+ #define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT (2L)
450
+ #define SECURITY_APP_PACKAGE_RID_COUNT (8L)
451
+ #define SECURITY_CAPABILITY_BASE_RID (0x00000003L)
452
+ #define SECURITY_CAPABILITY_APP_RID (0x000000400)
453
+ #define SECURITY_BUILTIN_CAPABILITY_RID_COUNT (2L)
454
+ #define SECURITY_CAPABILITY_RID_COUNT (5L)
455
+ #define SECURITY_PARENT_PACKAGE_RID_COUNT (SECURITY_APP_PACKAGE_RID_COUNT)
456
+ #define SECURITY_CHILD_PACKAGE_RID_COUNT (12L)
457
+
458
+
459
+
460
+ #define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE (0x00000001L)
461
+ #define SECURITY_BUILTIN_PACKAGE_ANY_RESTRICTED_PACKAGE (0x00000002L)
462
+
463
+
464
+
465
+ #define SECURITY_CAPABILITY_INTERNET_CLIENT (0x00000001L)
466
+ #define SECURITY_CAPABILITY_INTERNET_CLIENT_SERVER (0x00000002L)
467
+ #define SECURITY_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER (0x00000003L)
468
+ #define SECURITY_CAPABILITY_PICTURES_LIBRARY (0x00000004L)
469
+ #define SECURITY_CAPABILITY_VIDEOS_LIBRARY (0x00000005L)
470
+ #define SECURITY_CAPABILITY_MUSIC_LIBRARY (0x00000006L)
471
+ #define SECURITY_CAPABILITY_DOCUMENTS_LIBRARY (0x00000007L)
472
+ #define SECURITY_CAPABILITY_ENTERPRISE_AUTHENTICATION (0x00000008L)
473
+ #define SECURITY_CAPABILITY_SHARED_USER_CERTIFICATES (0x00000009L)
474
+ #define SECURITY_CAPABILITY_REMOVABLE_STORAGE (0x0000000AL)
475
+ #define SECURITY_CAPABILITY_APPOINTMENTS (0x0000000BL)
476
+ #define SECURITY_CAPABILITY_CONTACTS (0x0000000CL)
477
+
478
+ #define SECURITY_CAPABILITY_INTERNET_EXPLORER (0x00001000L)
479
+
480
+
481
+
482
+ #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
483
+ #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
484
+ #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
485
+ #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
486
+ #define SECURITY_MANDATORY_MEDIUM_PLUS_RID (SECURITY_MANDATORY_MEDIUM_RID + 0x100)
487
+ #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
488
+ #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
489
+ #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
490
+
491
+
492
+
493
+ #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
494
+
495
+ #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
496
+
497
+ #define SECURITY_SCOPED_POLICY_ID_AUTHORITY {0,0,0,0,0,17}
498
+
499
+
500
+
501
+ #define SECURITY_AUTHENTICATION_AUTHORITY {0,0,0,0,0,18}
502
+ #define SECURITY_AUTHENTICATION_AUTHORITY_RID_COUNT (1L)
503
+ #define SECURITY_AUTHENTICATION_AUTHORITY_ASSERTED_RID (0x00000001L)
504
+ #define SECURITY_AUTHENTICATION_SERVICE_ASSERTED_RID (0x00000002L)
505
+ #define SECURITY_AUTHENTICATION_FRESH_KEY_AUTH_RID (0x00000003L)
506
+ #define SECURITY_AUTHENTICATION_KEY_TRUST_RID (0x00000004L)
507
+ #define SECURITY_AUTHENTICATION_KEY_PROPERTY_MFA_RID (0x00000005L)
508
+ #define SECURITY_AUTHENTICATION_KEY_PROPERTY_ATTESTATION_RID (0x00000006L)
509
+
510
+ #define SECURITY_PROCESS_TRUST_AUTHORITY {0,0,0,0,0,19}
511
+ #define SECURITY_PROCESS_TRUST_AUTHORITY_RID_COUNT (2L)
512
+
513
+ #define SECURITY_PROCESS_PROTECTION_TYPE_FULL_RID (0x00000400L)
514
+ #define SECURITY_PROCESS_PROTECTION_TYPE_LITE_RID (0x00000200L)
515
+ #define SECURITY_PROCESS_PROTECTION_TYPE_NONE_RID (0x00000000L)
516
+
517
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_WINTCB_RID (0x00002000L)
518
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_WINDOWS_RID (0x00001000L)
519
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_APP_RID (0x00000800L)
520
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_ANTIMALWARE_RID (0x00000600L)
521
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_AUTHENTICODE_RID (0x00000400L)
522
+ #define SECURITY_PROCESS_PROTECTION_LEVEL_NONE_RID (0x00000000L)
523
+
524
+
525
+
526
+ #define SECURITY_TRUSTED_INSTALLER_RID1 956008885
527
+ #define SECURITY_TRUSTED_INSTALLER_RID2 3418522649
528
+ #define SECURITY_TRUSTED_INSTALLER_RID3 1831038044
529
+ #define SECURITY_TRUSTED_INSTALLER_RID4 1853292631
530
+ #define SECURITY_TRUSTED_INSTALLER_RID5 2271478464
531
+
532
+
533
+
534
+
535
+
536
+ typedef enum {
537
+
538
+ WinNullSid = 0,
539
+ WinWorldSid = 1,
540
+ WinLocalSid = 2,
541
+ WinCreatorOwnerSid = 3,
542
+ WinCreatorGroupSid = 4,
543
+ WinCreatorOwnerServerSid = 5,
544
+ WinCreatorGroupServerSid = 6,
545
+ WinNtAuthoritySid = 7,
546
+ WinDialupSid = 8,
547
+ WinNetworkSid = 9,
548
+ WinBatchSid = 10,
549
+ WinInteractiveSid = 11,
550
+ WinServiceSid = 12,
551
+ WinAnonymousSid = 13,
552
+ WinProxySid = 14,
553
+ WinEnterpriseControllersSid = 15,
554
+ WinSelfSid = 16,
555
+ WinAuthenticatedUserSid = 17,
556
+ WinRestrictedCodeSid = 18,
557
+ WinTerminalServerSid = 19,
558
+ WinRemoteLogonIdSid = 20,
559
+ WinLogonIdsSid = 21,
560
+ WinLocalSystemSid = 22,
561
+ WinLocalServiceSid = 23,
562
+ WinNetworkServiceSid = 24,
563
+ WinBuiltinDomainSid = 25,
564
+ WinBuiltinAdministratorsSid = 26,
565
+ WinBuiltinUsersSid = 27,
566
+ WinBuiltinGuestsSid = 28,
567
+ WinBuiltinPowerUsersSid = 29,
568
+ WinBuiltinAccountOperatorsSid = 30,
569
+ WinBuiltinSystemOperatorsSid = 31,
570
+ WinBuiltinPrintOperatorsSid = 32,
571
+ WinBuiltinBackupOperatorsSid = 33,
572
+ WinBuiltinReplicatorSid = 34,
573
+ WinBuiltinPreWindows2000CompatibleAccessSid = 35,
574
+ WinBuiltinRemoteDesktopUsersSid = 36,
575
+ WinBuiltinNetworkConfigurationOperatorsSid = 37,
576
+ WinAccountAdministratorSid = 38,
577
+ WinAccountGuestSid = 39,
578
+ WinAccountKrbtgtSid = 40,
579
+ WinAccountDomainAdminsSid = 41,
580
+ WinAccountDomainUsersSid = 42,
581
+ WinAccountDomainGuestsSid = 43,
582
+ WinAccountComputersSid = 44,
583
+ WinAccountControllersSid = 45,
584
+ WinAccountCertAdminsSid = 46,
585
+ WinAccountSchemaAdminsSid = 47,
586
+ WinAccountEnterpriseAdminsSid = 48,
587
+ WinAccountPolicyAdminsSid = 49,
588
+ WinAccountRasAndIasServersSid = 50,
589
+ WinNTLMAuthenticationSid = 51,
590
+ WinDigestAuthenticationSid = 52,
591
+ WinSChannelAuthenticationSid = 53,
592
+ WinThisOrganizationSid = 54,
593
+ WinOtherOrganizationSid = 55,
594
+ WinBuiltinIncomingForestTrustBuildersSid = 56,
595
+ WinBuiltinPerfMonitoringUsersSid = 57,
596
+ WinBuiltinPerfLoggingUsersSid = 58,
597
+ WinBuiltinAuthorizationAccessSid = 59,
598
+ WinBuiltinTerminalServerLicenseServersSid = 60,
599
+ WinBuiltinDCOMUsersSid = 61,
600
+ WinBuiltinIUsersSid = 62,
601
+ WinIUserSid = 63,
602
+ WinBuiltinCryptoOperatorsSid = 64,
603
+ WinUntrustedLabelSid = 65,
604
+ WinLowLabelSid = 66,
605
+ WinMediumLabelSid = 67,
606
+ WinHighLabelSid = 68,
607
+ WinSystemLabelSid = 69,
608
+ WinWriteRestrictedCodeSid = 70,
609
+ WinCreatorOwnerRightsSid = 71,
610
+ WinCacheablePrincipalsGroupSid = 72,
611
+ WinNonCacheablePrincipalsGroupSid = 73,
612
+ WinEnterpriseReadonlyControllersSid = 74,
613
+ WinAccountReadonlyControllersSid = 75,
614
+ WinBuiltinEventLogReadersGroup = 76,
615
+ WinNewEnterpriseReadonlyControllersSid = 77,
616
+ WinBuiltinCertSvcDComAccessGroup = 78,
617
+ WinMediumPlusLabelSid = 79,
618
+ WinLocalLogonSid = 80,
619
+ WinConsoleLogonSid = 81,
620
+ WinThisOrganizationCertificateSid = 82,
621
+ WinApplicationPackageAuthoritySid = 83,
622
+ WinBuiltinAnyPackageSid = 84,
623
+ WinCapabilityInternetClientSid = 85,
624
+ WinCapabilityInternetClientServerSid = 86,
625
+ WinCapabilityPrivateNetworkClientServerSid = 87,
626
+ WinCapabilityPicturesLibrarySid = 88,
627
+ WinCapabilityVideosLibrarySid = 89,
628
+ WinCapabilityMusicLibrarySid = 90,
629
+ WinCapabilityDocumentsLibrarySid = 91,
630
+ WinCapabilitySharedUserCertificatesSid = 92,
631
+ WinCapabilityEnterpriseAuthenticationSid = 93,
632
+ WinCapabilityRemovableStorageSid = 94,
633
+ WinBuiltinRDSRemoteAccessServersSid = 95,
634
+ WinBuiltinRDSEndpointServersSid = 96,
635
+ WinBuiltinRDSManagementServersSid = 97,
636
+ WinUserModeDriversSid = 98,
637
+ WinBuiltinHyperVAdminsSid = 99,
638
+ WinAccountCloneableControllersSid = 100,
639
+ WinBuiltinAccessControlAssistanceOperatorsSid = 101,
640
+ WinBuiltinRemoteManagementUsersSid = 102,
641
+ WinAuthenticationAuthorityAssertedSid = 103,
642
+ WinAuthenticationServiceAssertedSid = 104,
643
+ WinLocalAccountSid = 105,
644
+ WinLocalAccountAndAdministratorSid = 106,
645
+ WinAccountProtectedUsersSid = 107,
646
+ WinCapabilityAppointmentsSid = 108,
647
+ WinCapabilityContactsSid = 109,
648
+ WinAccountDefaultSystemManagedSid = 110,
649
+ WinBuiltinDefaultSystemManagedGroupSid = 111,
650
+ WinBuiltinStorageReplicaAdminsSid = 112,
651
+ WinAccountKeyAdminsSid = 113,
652
+ WinAccountEnterpriseKeyAdminsSid = 114,
653
+ WinAuthenticationKeyTrustSid = 115,
654
+ WinAuthenticationKeyPropertyMFASid = 116,
655
+ WinAuthenticationKeyPropertyAttestationSid = 117,
656
+ WinAuthenticationFreshKeyAuthSid = 118,
657
+ WinBuiltinDeviceOwnersSid = 119,
658
+ } WELL_KNOWN_SID_TYPE;
659
+
660
+
661
+
662
+ #define SYSTEM_LUID { 0x3e7, 0x0 }
663
+ #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
664
+ #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
665
+ #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
666
+ #define IUSER_LUID { 0x3e3, 0x0 }
667
+ #define PROTECTED_TO_SYSTEM_LUID { 0x3e2, 0x0 }
668
+
669
+
670
+
671
+ #define SE_GROUP_MANDATORY (0x00000001L)
672
+ #define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
673
+ #define SE_GROUP_ENABLED (0x00000004L)
674
+ #define SE_GROUP_OWNER (0x00000008L)
675
+ #define SE_GROUP_USE_FOR_DENY_ONLY (0x00000010L)
676
+ #define SE_GROUP_INTEGRITY (0x00000020L)
677
+ #define SE_GROUP_INTEGRITY_ENABLED (0x00000040L)
678
+ #define SE_GROUP_LOGON_ID (0xC0000000L)
679
+ #define SE_GROUP_RESOURCE (0x20000000L)
680
+
681
+ #define SE_GROUP_VALID_ATTRIBUTES (SE_GROUP_MANDATORY | \
682
+ SE_GROUP_ENABLED_BY_DEFAULT | \
683
+ SE_GROUP_ENABLED | \
684
+ SE_GROUP_OWNER | \
685
+ SE_GROUP_USE_FOR_DENY_ONLY | \
686
+ SE_GROUP_LOGON_ID | \
687
+ SE_GROUP_RESOURCE | \
688
+ SE_GROUP_INTEGRITY | \
689
+ SE_GROUP_INTEGRITY_ENABLED)
690
+
691
+
692
+
693
+
694
+ #define ACL_REVISION (2)
695
+ #define ACL_REVISION_DS (4)
696
+
697
+
698
+ #define ACL_REVISION1 (1)
699
+ #define MIN_ACL_REVISION ACL_REVISION2
700
+ #define ACL_REVISION2 (2)
701
+ #define ACL_REVISION3 (3)
702
+ #define ACL_REVISION4 (4)
703
+ #define MAX_ACL_REVISION ACL_REVISION4
704
+
705
+ typedef struct _ACL {
706
+ BYTE AclRevision;
707
+ BYTE Sbz1;
708
+ WORD AclSize;
709
+ WORD AceCount;
710
+ WORD Sbz2;
711
+ } ACL;
712
+ typedef ACL *PACL;
713
+
714
+
715
+
716
+ typedef struct _ACE_HEADER {
717
+ BYTE AceType;
718
+ BYTE AceFlags;
719
+ WORD AceSize;
720
+ } ACE_HEADER;
721
+ typedef ACE_HEADER *PACE_HEADER;
722
+
723
+ #define ACCESS_MIN_MS_ACE_TYPE (0x0)
724
+ #define ACCESS_ALLOWED_ACE_TYPE (0x0)
725
+ #define ACCESS_DENIED_ACE_TYPE (0x1)
726
+ #define SYSTEM_AUDIT_ACE_TYPE (0x2)
727
+ #define SYSTEM_ALARM_ACE_TYPE (0x3)
728
+ #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
729
+
730
+ #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
731
+ #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
732
+
733
+ #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
734
+ #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
735
+ #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
736
+ #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
737
+ #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
738
+ #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
739
+
740
+ #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
741
+ #define ACCESS_MAX_MS_ACE_TYPE (0x8)
742
+
743
+ #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
744
+ #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
745
+ #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
746
+ #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
747
+ #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
748
+ #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
749
+ #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
750
+ #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
751
+
752
+ #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
753
+ #define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE (0x12)
754
+ #define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE (0x13)
755
+ #define SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE (0x14)
756
+ #define SYSTEM_ACCESS_FILTER_ACE_TYPE (0x15)
757
+ #define ACCESS_MAX_MS_V5_ACE_TYPE (0x15)
758
+
759
+
760
+
761
+ #define OBJECT_INHERIT_ACE (0x1)
762
+ #define CONTAINER_INHERIT_ACE (0x2)
763
+ #define NO_PROPAGATE_INHERIT_ACE (0x4)
764
+ #define INHERIT_ONLY_ACE (0x8)
765
+ #define INHERITED_ACE (0x10)
766
+ #define VALID_INHERIT_FLAGS (0x1F)
767
+
768
+
769
+
770
+
771
+ #define CRITICAL_ACE_FLAG (0x20)
772
+
773
+
774
+ #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
775
+ #define FAILED_ACCESS_ACE_FLAG (0x80)
776
+
777
+
778
+
779
+ #define TRUST_PROTECTED_FILTER_ACE_FLAG (0x40)
780
+
781
+
782
+
783
+ typedef struct _ACCESS_ALLOWED_ACE {
784
+ ACE_HEADER Header;
785
+ ACCESS_MASK Mask;
786
+ DWORD SidStart;
787
+ } ACCESS_ALLOWED_ACE;
788
+
789
+ typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
790
+
791
+ typedef struct _ACCESS_DENIED_ACE {
792
+ ACE_HEADER Header;
793
+ ACCESS_MASK Mask;
794
+ DWORD SidStart;
795
+ } ACCESS_DENIED_ACE;
796
+ typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
797
+
798
+ typedef struct _SYSTEM_AUDIT_ACE {
799
+ ACE_HEADER Header;
800
+ ACCESS_MASK Mask;
801
+ DWORD SidStart;
802
+ } SYSTEM_AUDIT_ACE;
803
+ typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
804
+
805
+ typedef struct _SYSTEM_ALARM_ACE {
806
+ ACE_HEADER Header;
807
+ ACCESS_MASK Mask;
808
+ DWORD SidStart;
809
+ } SYSTEM_ALARM_ACE;
810
+ typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
811
+
812
+ typedef struct _SYSTEM_RESOURCE_ATTRIBUTE_ACE {
813
+ ACE_HEADER Header;
814
+ ACCESS_MASK Mask;
815
+ DWORD SidStart;
816
+ } SYSTEM_RESOURCE_ATTRIBUTE_ACE, *PSYSTEM_RESOURCE_ATTRIBUTE_ACE;
817
+
818
+ typedef struct _SYSTEM_SCOPED_POLICY_ID_ACE {
819
+ ACE_HEADER Header;
820
+ ACCESS_MASK Mask;
821
+ DWORD SidStart;
822
+ } SYSTEM_SCOPED_POLICY_ID_ACE, *PSYSTEM_SCOPED_POLICY_ID_ACE;
823
+
824
+ typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
825
+ ACE_HEADER Header;
826
+ ACCESS_MASK Mask;
827
+ DWORD SidStart;
828
+ } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
829
+
830
+ typedef struct _SYSTEM_PROCESS_TRUST_LABEL_ACE {
831
+ ACE_HEADER Header;
832
+ ACCESS_MASK Mask;
833
+ DWORD SidStart;
834
+ } SYSTEM_PROCESS_TRUST_LABEL_ACE, *PSYSTEM_PROCESS_TRUST_LABEL_ACE;
835
+
836
+ typedef struct _SYSTEM_ACCESS_FILTER_ACE {
837
+ ACE_HEADER Header;
838
+ ACCESS_MASK Mask;
839
+ DWORD SidStart;
840
+ } SYSTEM_ACCESS_FILTER_ACE, *PSYSTEM_ACCESS_FILTER_ACE;
841
+
842
+ #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
843
+ #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
844
+ #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
845
+
846
+ #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
847
+ SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
848
+ SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
849
+
850
+ #define SYSTEM_PROCESS_TRUST_LABEL_VALID_MASK 0x00ffffff
851
+ #define SYSTEM_PROCESS_TRUST_NOCONSTRAINT_MASK 0xffffffff
852
+ #define SYSTEM_ACCESS_FILTER_VALID_MASK 0x00ffffff
853
+ #define SYSTEM_ACCESS_FILTER_NOCONSTRAINT_MASK 0xffffffff
854
+
855
+
856
+ typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
857
+ ACE_HEADER Header;
858
+ ACCESS_MASK Mask;
859
+ DWORD Flags;
860
+ GUID ObjectType;
861
+ GUID InheritedObjectType;
862
+ DWORD SidStart;
863
+ } ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
864
+
865
+ typedef struct _ACCESS_DENIED_OBJECT_ACE {
866
+ ACE_HEADER Header;
867
+ ACCESS_MASK Mask;
868
+ DWORD Flags;
869
+ GUID ObjectType;
870
+ GUID InheritedObjectType;
871
+ DWORD SidStart;
872
+ } ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
873
+
874
+ typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
875
+ ACE_HEADER Header;
876
+ ACCESS_MASK Mask;
877
+ DWORD Flags;
878
+ GUID ObjectType;
879
+ GUID InheritedObjectType;
880
+ DWORD SidStart;
881
+ } SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
882
+
883
+ typedef struct _SYSTEM_ALARM_OBJECT_ACE {
884
+ ACE_HEADER Header;
885
+ ACCESS_MASK Mask;
886
+ DWORD Flags;
887
+ GUID ObjectType;
888
+ GUID InheritedObjectType;
889
+ DWORD SidStart;
890
+ } SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
891
+
892
+
893
+
894
+ typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
895
+ ACE_HEADER Header;
896
+ ACCESS_MASK Mask;
897
+ DWORD SidStart;
898
+ } ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
899
+
900
+ typedef struct _ACCESS_DENIED_CALLBACK_ACE {
901
+ ACE_HEADER Header;
902
+ ACCESS_MASK Mask;
903
+ DWORD SidStart;
904
+ } ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
905
+
906
+ typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
907
+ ACE_HEADER Header;
908
+ ACCESS_MASK Mask;
909
+ DWORD SidStart;
910
+ } SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
911
+
912
+ typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
913
+ ACE_HEADER Header;
914
+ ACCESS_MASK Mask;
915
+ DWORD SidStart;
916
+ } SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
917
+
918
+ typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
919
+ ACE_HEADER Header;
920
+ ACCESS_MASK Mask;
921
+ DWORD Flags;
922
+ GUID ObjectType;
923
+ GUID InheritedObjectType;
924
+ DWORD SidStart;
925
+ } ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
926
+
927
+ typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
928
+ ACE_HEADER Header;
929
+ ACCESS_MASK Mask;
930
+ DWORD Flags;
931
+ GUID ObjectType;
932
+ GUID InheritedObjectType;
933
+ DWORD SidStart;
934
+ } ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
935
+
936
+ typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
937
+ ACE_HEADER Header;
938
+ ACCESS_MASK Mask;
939
+ DWORD Flags;
940
+ GUID ObjectType;
941
+ GUID InheritedObjectType;
942
+ DWORD SidStart;
943
+ } SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
944
+
945
+ typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
946
+ ACE_HEADER Header;
947
+ ACCESS_MASK Mask;
948
+ DWORD Flags;
949
+ GUID ObjectType;
950
+ GUID InheritedObjectType;
951
+ DWORD SidStart;
952
+ } SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
953
+
954
+
955
+ #define ACE_OBJECT_TYPE_PRESENT 0x1
956
+ #define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
957
+
958
+
959
+
960
+ typedef enum _ACL_INFORMATION_CLASS {
961
+ AclRevisionInformation = 1,
962
+ AclSizeInformation
963
+ } ACL_INFORMATION_CLASS;
964
+
965
+
966
+ typedef struct _ACL_REVISION_INFORMATION {
967
+ DWORD AclRevision;
968
+ } ACL_REVISION_INFORMATION;
969
+ typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
970
+
971
+
972
+ typedef struct _ACL_SIZE_INFORMATION {
973
+ DWORD AceCount;
974
+ DWORD AclBytesInUse;
975
+ DWORD AclBytesFree;
976
+ } ACL_SIZE_INFORMATION;
977
+ typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
978
+
979
+
980
+ #define SECURITY_DESCRIPTOR_REVISION (1)
981
+ #define SECURITY_DESCRIPTOR_REVISION1 (1)
982
+
983
+ #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
984
+
985
+
986
+ typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
987
+
988
+ #define SE_OWNER_DEFAULTED (0x0001)
989
+ #define SE_GROUP_DEFAULTED (0x0002)
990
+ #define SE_DACL_PRESENT (0x0004)
991
+ #define SE_DACL_DEFAULTED (0x0008)
992
+ #define SE_SACL_PRESENT (0x0010)
993
+ #define SE_SACL_DEFAULTED (0x0020)
994
+ #define SE_DACL_AUTO_INHERIT_REQ (0x0100)
995
+ #define SE_SACL_AUTO_INHERIT_REQ (0x0200)
996
+ #define SE_DACL_AUTO_INHERITED (0x0400)
997
+ #define SE_SACL_AUTO_INHERITED (0x0800)
998
+ #define SE_DACL_PROTECTED (0x1000)
999
+ #define SE_SACL_PROTECTED (0x2000)
1000
+ #define SE_RM_CONTROL_VALID (0x4000)
1001
+ #define SE_SELF_RELATIVE (0x8000)
1002
+
1003
+
1004
+ typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
1005
+ BYTE Revision;
1006
+ BYTE Sbz1;
1007
+ SECURITY_DESCRIPTOR_CONTROL Control;
1008
+ DWORD Owner;
1009
+ DWORD Group;
1010
+ DWORD Sacl;
1011
+ DWORD Dacl;
1012
+ } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
1013
+
1014
+ typedef struct _SECURITY_DESCRIPTOR {
1015
+ BYTE Revision;
1016
+ BYTE Sbz1;
1017
+ SECURITY_DESCRIPTOR_CONTROL Control;
1018
+ PSID Owner;
1019
+ PSID Group;
1020
+ PACL Sacl;
1021
+ PACL Dacl;
1022
+
1023
+ } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
1024
+
1025
+
1026
+ typedef struct _SECURITY_OBJECT_AI_PARAMS {
1027
+ DWORD Size;
1028
+ DWORD ConstraintMask;
1029
+ } SECURITY_OBJECT_AI_PARAMS, *PSECURITY_OBJECT_AI_PARAMS;
1030
+
1031
+
1032
+ typedef union _LARGE_INTEGER {
1033
+ struct {
1034
+ DWORD LowPart;
1035
+ LONG HighPart;
1036
+ } DUMMYSTRUCTNAME;
1037
+ struct {
1038
+ DWORD LowPart;
1039
+ LONG HighPart;
1040
+ } u;
1041
+ LONGLONG QuadPart;
1042
+ } LARGE_INTEGER;
1043
+
1044
+ typedef LARGE_INTEGER *PLARGE_INTEGER;
1045
+
1046
+ typedef union _ULARGE_INTEGER {
1047
+ struct {
1048
+ DWORD LowPart;
1049
+ DWORD HighPart;
1050
+ } DUMMYSTRUCTNAME;
1051
+ struct {
1052
+ DWORD LowPart;
1053
+ DWORD HighPart;
1054
+ } u;
1055
+ ULONGLONG QuadPart;
1056
+ } ULARGE_INTEGER;
1057
+
1058
+ typedef ULARGE_INTEGER *PULARGE_INTEGER;
1059
+