turborex 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +674 -0
- data/README.md +38 -0
- data/README.rdoc +19 -0
- data/examples/alpc_client.rb +15 -0
- data/examples/alpc_server.rb +14 -0
- data/examples/com_client.rb +19 -0
- data/examples/com_finder.rb +39 -0
- data/examples/create_instance.rb +15 -0
- data/examples/cstruct.rb +19 -0
- data/examples/find_com_client_calls.rb +16 -0
- data/examples/find_rpc_security_callback.rb +12 -0
- data/examples/rpc_finder.rb +117 -0
- data/examples/scan_exports.rb +5 -0
- data/examples/scan_imports.rb +5 -0
- data/examples/tinysdk.rb +17 -0
- data/lib/turborex.rb +21 -0
- data/lib/turborex/cstruct.rb +565 -0
- data/lib/turborex/cstruct/struct_helper.rb +7 -0
- data/lib/turborex/exception.rb +65 -0
- data/lib/turborex/fuzzer.rb +204 -0
- data/lib/turborex/fuzzer/containers.rb +115 -0
- data/lib/turborex/fuzzer/coverage.rb +67 -0
- data/lib/turborex/fuzzer/mutators.rb +25 -0
- data/lib/turborex/fuzzer/seed.rb +30 -0
- data/lib/turborex/monkey.rb +11 -0
- data/lib/turborex/msrpc.rb +14 -0
- data/lib/turborex/msrpc/decompiler.rb +244 -0
- data/lib/turborex/msrpc/midl.rb +747 -0
- data/lib/turborex/msrpc/ndrtype.rb +167 -0
- data/lib/turborex/msrpc/rpcbase.rb +777 -0
- data/lib/turborex/msrpc/rpcfinder.rb +1426 -0
- data/lib/turborex/msrpc/utils.rb +70 -0
- data/lib/turborex/pefile.rb +8 -0
- data/lib/turborex/pefile/pe.rb +61 -0
- data/lib/turborex/pefile/scanner.rb +82 -0
- data/lib/turborex/utils.rb +321 -0
- data/lib/turborex/windows.rb +402 -0
- data/lib/turborex/windows/alpc.rb +844 -0
- data/lib/turborex/windows/com.rb +266 -0
- data/lib/turborex/windows/com/client.rb +84 -0
- data/lib/turborex/windows/com/com_finder.rb +330 -0
- data/lib/turborex/windows/com/com_registry.rb +100 -0
- data/lib/turborex/windows/com/interface.rb +522 -0
- data/lib/turborex/windows/com/utils.rb +210 -0
- data/lib/turborex/windows/constants.rb +82 -0
- data/lib/turborex/windows/process.rb +56 -0
- data/lib/turborex/windows/security.rb +12 -0
- data/lib/turborex/windows/security/ace.rb +76 -0
- data/lib/turborex/windows/security/acl.rb +25 -0
- data/lib/turborex/windows/security/security_descriptor.rb +118 -0
- data/lib/turborex/windows/tinysdk.rb +89 -0
- data/lib/turborex/windows/utils.rb +138 -0
- data/resources/headers/alpc/ntdef.h +72 -0
- data/resources/headers/alpc/ntlpcapi.h +1014 -0
- data/resources/headers/rpc/common.h +162 -0
- data/resources/headers/rpc/guiddef.h +191 -0
- data/resources/headers/rpc/internal_ndrtypes.h +262 -0
- data/resources/headers/rpc/rpc.h +10 -0
- data/resources/headers/rpc/rpcdce.h +266 -0
- data/resources/headers/rpc/rpcdcep.h +187 -0
- data/resources/headers/rpc/rpcndr.h +39 -0
- data/resources/headers/rpc/v4_x64/rpcinternals.h +154 -0
- data/resources/headers/rpc/wintype.h +517 -0
- data/resources/headers/tinysdk/tinysdk.h +5 -0
- data/resources/headers/tinysdk/tinysdk/comdef.h +645 -0
- data/resources/headers/tinysdk/tinysdk/dbghelp.h +118 -0
- data/resources/headers/tinysdk/tinysdk/guiddef.h +194 -0
- data/resources/headers/tinysdk/tinysdk/memoryapi.h +12 -0
- data/resources/headers/tinysdk/tinysdk/poppack.h +12 -0
- data/resources/headers/tinysdk/tinysdk/pshpack4.h +13 -0
- data/resources/headers/tinysdk/tinysdk/winnt.h +1059 -0
- data/resources/headers/tinysdk/tinysdk/wintype.h +326 -0
- metadata +290 -0
@@ -0,0 +1,118 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
#ifdef _WIN64
|
4
|
+
#ifndef _IMAGEHLP64
|
5
|
+
#define _IMAGEHLP64
|
6
|
+
#endif
|
7
|
+
#endif
|
8
|
+
|
9
|
+
|
10
|
+
typedef enum {
|
11
|
+
SymNone = 0,
|
12
|
+
SymCoff,
|
13
|
+
SymCv,
|
14
|
+
SymPdb,
|
15
|
+
SymExport,
|
16
|
+
SymDeferred,
|
17
|
+
SymSym,
|
18
|
+
SymDia,
|
19
|
+
SymVirtual,
|
20
|
+
NumSymTypes
|
21
|
+
} SYM_TYPE;
|
22
|
+
|
23
|
+
//
|
24
|
+
// module data structure
|
25
|
+
//
|
26
|
+
|
27
|
+
typedef struct _IMAGEHLP_MODULE64 {
|
28
|
+
DWORD SizeOfStruct;
|
29
|
+
DWORD64 BaseOfImage;
|
30
|
+
DWORD ImageSize;
|
31
|
+
DWORD TimeDateStamp;
|
32
|
+
DWORD CheckSum;
|
33
|
+
DWORD NumSyms;
|
34
|
+
SYM_TYPE SymType;
|
35
|
+
CHAR ModuleName[32];
|
36
|
+
CHAR ImageName[256];
|
37
|
+
CHAR LoadedImageName[256];
|
38
|
+
CHAR LoadedPdbName[256];
|
39
|
+
DWORD CVSig;
|
40
|
+
CHAR CVData[MAX_PATH * 3]; // Contents of the CV record
|
41
|
+
DWORD PdbSig; // Signature of PDB
|
42
|
+
GUID PdbSig70; // Signature of PDB (VC 7 and up)
|
43
|
+
DWORD PdbAge; // DBI age of pdb
|
44
|
+
BOOL PdbUnmatched; // loaded an unmatched pdb
|
45
|
+
BOOL DbgUnmatched; // loaded an unmatched dbg
|
46
|
+
BOOL LineNumbers; // we have line number information
|
47
|
+
BOOL GlobalSymbols; // we have internal symbol information
|
48
|
+
BOOL TypeInfo; // we have type information
|
49
|
+
BOOL SourceIndexed; // pdb supports source server
|
50
|
+
BOOL Publics; // contains public symbols
|
51
|
+
DWORD MachineType; // IMAGE_FILE_MACHINE_XXX from ntimage.h and winnt.h
|
52
|
+
DWORD Reserved; // Padding - don't remove.
|
53
|
+
} IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
|
54
|
+
|
55
|
+
typedef struct _IMAGEHLP_MODULEW64 {
|
56
|
+
DWORD SizeOfStruct;
|
57
|
+
DWORD64 BaseOfImage;
|
58
|
+
DWORD ImageSize;
|
59
|
+
DWORD TimeDateStamp;
|
60
|
+
DWORD CheckSum;
|
61
|
+
DWORD NumSyms;
|
62
|
+
SYM_TYPE SymType; // type of symbols loaded
|
63
|
+
WCHAR ModuleName[32]; // module name
|
64
|
+
WCHAR ImageName[256]; // image name
|
65
|
+
WCHAR LoadedImageName[256]; // symbol file name
|
66
|
+
WCHAR LoadedPdbName[256]; // pdb file name
|
67
|
+
DWORD CVSig; // Signature of the CV record in the debug directories
|
68
|
+
WCHAR CVData[MAX_PATH * 3]; // Contents of the CV record
|
69
|
+
DWORD PdbSig; // Signature of PDB
|
70
|
+
GUID PdbSig70; // Signature of PDB (VC 7 and up)
|
71
|
+
DWORD PdbAge; // DBI age of pdb
|
72
|
+
BOOL PdbUnmatched; // loaded an unmatched pdb
|
73
|
+
BOOL DbgUnmatched;
|
74
|
+
BOOL LineNumbers;
|
75
|
+
BOOL GlobalSymbols;
|
76
|
+
BOOL TypeInfo;
|
77
|
+
BOOL SourceIndexed;
|
78
|
+
BOOL Publics;
|
79
|
+
DWORD MachineType;
|
80
|
+
DWORD Reserved;
|
81
|
+
} IMAGEHLP_MODULEW64, *PIMAGEHLP_MODULEW64;
|
82
|
+
|
83
|
+
|
84
|
+
#if !defined(_IMAGEHLP_SOURCE_) && defined(_IMAGEHLP64)
|
85
|
+
#define IMAGEHLP_MODULE IMAGEHLP_MODULE64
|
86
|
+
#define PIMAGEHLP_MODULE PIMAGEHLP_MODULE64
|
87
|
+
#define IMAGEHLP_MODULEW IMAGEHLP_MODULEW64
|
88
|
+
#define PIMAGEHLP_MODULEW PIMAGEHLP_MODULEW64
|
89
|
+
#else
|
90
|
+
typedef struct _IMAGEHLP_MODULE {
|
91
|
+
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
92
|
+
DWORD BaseOfImage; // base load address of module
|
93
|
+
DWORD ImageSize; // virtual size of the loaded module
|
94
|
+
DWORD TimeDateStamp; // date/time stamp from pe header
|
95
|
+
DWORD CheckSum; // checksum from the pe header
|
96
|
+
DWORD NumSyms; // number of symbols in the symbol table
|
97
|
+
SYM_TYPE SymType; // type of symbols loaded
|
98
|
+
CHAR ModuleName[32]; // module name
|
99
|
+
CHAR ImageName[256]; // image name
|
100
|
+
CHAR LoadedImageName[256]; // symbol file name
|
101
|
+
} IMAGEHLP_MODULE, *PIMAGEHLP_MODULE;
|
102
|
+
|
103
|
+
typedef struct _IMAGEHLP_MODULEW {
|
104
|
+
DWORD SizeOfStruct; // set to sizeof(IMAGEHLP_MODULE)
|
105
|
+
DWORD BaseOfImage; // base load address of module
|
106
|
+
DWORD ImageSize; // virtual size of the loaded module
|
107
|
+
DWORD TimeDateStamp; // date/time stamp from pe header
|
108
|
+
DWORD CheckSum; // checksum from the pe header
|
109
|
+
DWORD NumSyms; // number of symbols in the symbol table
|
110
|
+
SYM_TYPE SymType; // type of symbols loaded
|
111
|
+
WCHAR ModuleName[32]; // module name
|
112
|
+
WCHAR ImageName[256]; // image name
|
113
|
+
WCHAR LoadedImageName[256]; // symbol file name
|
114
|
+
} IMAGEHLP_MODULEW, *PIMAGEHLP_MODULEW;
|
115
|
+
#endif
|
116
|
+
|
117
|
+
|
118
|
+
|
@@ -0,0 +1,194 @@
|
|
1
|
+
#ifndef GUID_DEFINED
|
2
|
+
#define GUID_DEFINED
|
3
|
+
#if defined(__midl)
|
4
|
+
typedef struct {
|
5
|
+
unsigned long Data1;
|
6
|
+
unsigned short Data2;
|
7
|
+
unsigned short Data3;
|
8
|
+
byte Data4[ 8 ];
|
9
|
+
} GUID;
|
10
|
+
#else
|
11
|
+
typedef struct _GUID {
|
12
|
+
unsigned long Data1;
|
13
|
+
unsigned short Data2;
|
14
|
+
unsigned short Data3;
|
15
|
+
unsigned char Data4[ 8 ];
|
16
|
+
} GUID;
|
17
|
+
#endif
|
18
|
+
#endif
|
19
|
+
|
20
|
+
#ifndef FAR
|
21
|
+
#ifdef _WIN32
|
22
|
+
#define FAR
|
23
|
+
#else
|
24
|
+
#define FAR _far
|
25
|
+
#endif
|
26
|
+
#endif
|
27
|
+
|
28
|
+
#ifndef DECLSPEC_SELECTANY
|
29
|
+
#if (_MSC_VER >= 1100)
|
30
|
+
#define DECLSPEC_SELECTANY __declspec(selectany)
|
31
|
+
#else
|
32
|
+
#define DECLSPEC_SELECTANY
|
33
|
+
#endif
|
34
|
+
#endif
|
35
|
+
|
36
|
+
#ifndef EXTERN_C
|
37
|
+
#ifdef __cplusplus
|
38
|
+
#define EXTERN_C extern "C"
|
39
|
+
#else
|
40
|
+
#define EXTERN_C extern
|
41
|
+
#endif
|
42
|
+
#endif
|
43
|
+
|
44
|
+
#ifdef DEFINE_GUID
|
45
|
+
#undef DEFINE_GUID
|
46
|
+
#endif
|
47
|
+
|
48
|
+
#ifdef INITGUID
|
49
|
+
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
|
50
|
+
EXTERN_C const GUID DECLSPEC_SELECTANY name \
|
51
|
+
= { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
|
52
|
+
#else
|
53
|
+
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \
|
54
|
+
EXTERN_C const GUID FAR name
|
55
|
+
#endif // INITGUID
|
56
|
+
|
57
|
+
#define DEFINE_OLEGUID(name, l, w1, w2) DEFINE_GUID(name, l, w1, w2, 0xC0,0,0,0,0,0,0,0x46)
|
58
|
+
|
59
|
+
#ifndef _GUIDDEF_H_
|
60
|
+
#define _GUIDDEF_H_
|
61
|
+
|
62
|
+
#ifndef __LPGUID_DEFINED__
|
63
|
+
#define __LPGUID_DEFINED__
|
64
|
+
typedef GUID *LPGUID;
|
65
|
+
#endif
|
66
|
+
|
67
|
+
#ifndef __LPCGUID_DEFINED__
|
68
|
+
#define __LPCGUID_DEFINED__
|
69
|
+
typedef const GUID *LPCGUID;
|
70
|
+
#endif
|
71
|
+
|
72
|
+
#ifndef __IID_DEFINED__
|
73
|
+
#define __IID_DEFINED__
|
74
|
+
|
75
|
+
typedef GUID IID;
|
76
|
+
typedef IID *LPIID;
|
77
|
+
#define IID_NULL GUID_NULL
|
78
|
+
#define IsEqualIID(riid1, riid2) IsEqualGUID(riid1, riid2)
|
79
|
+
typedef GUID CLSID;
|
80
|
+
typedef CLSID *LPCLSID;
|
81
|
+
#define CLSID_NULL GUID_NULL
|
82
|
+
#define IsEqualCLSID(rclsid1, rclsid2) IsEqualGUID(rclsid1, rclsid2)
|
83
|
+
typedef GUID FMTID;
|
84
|
+
typedef FMTID *LPFMTID;
|
85
|
+
#define FMTID_NULL GUID_NULL
|
86
|
+
#define IsEqualFMTID(rfmtid1, rfmtid2) IsEqualGUID(rfmtid1, rfmtid2)
|
87
|
+
|
88
|
+
#ifdef __midl_proxy
|
89
|
+
#define __MIDL_CONST
|
90
|
+
#else
|
91
|
+
#define __MIDL_CONST const
|
92
|
+
#endif
|
93
|
+
|
94
|
+
#ifndef _REFGUID_DEFINED
|
95
|
+
#define _REFGUID_DEFINED
|
96
|
+
#ifdef __cplusplus
|
97
|
+
#define REFGUID const GUID &
|
98
|
+
#else
|
99
|
+
#define REFGUID const GUID * __MIDL_CONST
|
100
|
+
#endif
|
101
|
+
#endif
|
102
|
+
|
103
|
+
#ifndef _REFIID_DEFINED
|
104
|
+
#define _REFIID_DEFINED
|
105
|
+
#ifdef __cplusplus
|
106
|
+
#define REFIID const IID &
|
107
|
+
#else
|
108
|
+
#define REFIID const IID * __MIDL_CONST
|
109
|
+
#endif
|
110
|
+
#endif
|
111
|
+
|
112
|
+
#ifndef _REFCLSID_DEFINED
|
113
|
+
#define _REFCLSID_DEFINED
|
114
|
+
#ifdef __cplusplus
|
115
|
+
#define REFCLSID const IID &
|
116
|
+
#else
|
117
|
+
#define REFCLSID const IID * __MIDL_CONST
|
118
|
+
#endif
|
119
|
+
#endif
|
120
|
+
|
121
|
+
#ifndef _REFFMTID_DEFINED
|
122
|
+
#define _REFFMTID_DEFINED
|
123
|
+
#ifdef __cplusplus
|
124
|
+
#define REFFMTID const IID &
|
125
|
+
#else
|
126
|
+
#define REFFMTID const IID * __MIDL_CONST
|
127
|
+
#endif
|
128
|
+
#endif
|
129
|
+
|
130
|
+
#endif // !__IID_DEFINED__
|
131
|
+
|
132
|
+
#if !defined (__midl)
|
133
|
+
#if !defined (_SYS_GUID_OPERATORS_)
|
134
|
+
#define _SYS_GUID_OPERATORS_
|
135
|
+
//#include <string.h>
|
136
|
+
|
137
|
+
// Faster (but makes code fatter) inline version...use sparingly
|
138
|
+
#ifdef __cplusplus
|
139
|
+
__inline int InlineIsEqualGUID(REFGUID rguid1, REFGUID rguid2)
|
140
|
+
{
|
141
|
+
return (
|
142
|
+
((unsigned long *) &rguid1)[0] == ((unsigned long *) &rguid2)[0] &&
|
143
|
+
((unsigned long *) &rguid1)[1] == ((unsigned long *) &rguid2)[1] &&
|
144
|
+
((unsigned long *) &rguid1)[2] == ((unsigned long *) &rguid2)[2] &&
|
145
|
+
((unsigned long *) &rguid1)[3] == ((unsigned long *) &rguid2)[3]);
|
146
|
+
}
|
147
|
+
|
148
|
+
__inline int IsEqualGUID(REFGUID rguid1, REFGUID rguid2)
|
149
|
+
{
|
150
|
+
return !memcmp(&rguid1, &rguid2, sizeof(GUID));
|
151
|
+
}
|
152
|
+
|
153
|
+
#else // ! __cplusplus
|
154
|
+
|
155
|
+
#define InlineIsEqualGUID(rguid1, rguid2) \
|
156
|
+
(((unsigned long *) rguid1)[0] == ((unsigned long *) rguid2)[0] && \
|
157
|
+
((unsigned long *) rguid1)[1] == ((unsigned long *) rguid2)[1] && \
|
158
|
+
((unsigned long *) rguid1)[2] == ((unsigned long *) rguid2)[2] && \
|
159
|
+
((unsigned long *) rguid1)[3] == ((unsigned long *) rguid2)[3])
|
160
|
+
|
161
|
+
#define IsEqualGUID(rguid1, rguid2) (!memcmp(rguid1, rguid2, sizeof(GUID)))
|
162
|
+
|
163
|
+
#endif // __cplusplus
|
164
|
+
|
165
|
+
#ifdef __INLINE_ISEQUAL_GUID
|
166
|
+
#undef IsEqualGUID
|
167
|
+
#define IsEqualGUID(rguid1, rguid2) InlineIsEqualGUID(rguid1, rguid2)
|
168
|
+
#endif
|
169
|
+
|
170
|
+
// Same type, different name
|
171
|
+
|
172
|
+
#define IsEqualIID(riid1, riid2) IsEqualGUID(riid1, riid2)
|
173
|
+
#define IsEqualCLSID(rclsid1, rclsid2) IsEqualGUID(rclsid1, rclsid2)
|
174
|
+
|
175
|
+
|
176
|
+
#if !defined _SYS_GUID_OPERATOR_EQ_ && !defined _NO_SYS_GUID_OPERATOR_EQ_
|
177
|
+
#define _SYS_GUID_OPERATOR_EQ_
|
178
|
+
// A couple of C++ helpers
|
179
|
+
|
180
|
+
#ifdef __cplusplus
|
181
|
+
__inline bool operator==(REFGUID guidOne, REFGUID guidOther)
|
182
|
+
{
|
183
|
+
return !!IsEqualGUID(guidOne,guidOther);
|
184
|
+
}
|
185
|
+
|
186
|
+
__inline bool operator!=(REFGUID guidOne, REFGUID guidOther)
|
187
|
+
{
|
188
|
+
return !(guidOne == guidOther);
|
189
|
+
}
|
190
|
+
#endif
|
191
|
+
#endif
|
192
|
+
#endif
|
193
|
+
#endif
|
194
|
+
#endif
|
@@ -0,0 +1,12 @@
|
|
1
|
+
#define FILE_MAP_WRITE SECTION_MAP_WRITE
|
2
|
+
#define FILE_MAP_READ SECTION_MAP_READ
|
3
|
+
#define FILE_MAP_ALL_ACCESS SECTION_ALL_ACCESS
|
4
|
+
|
5
|
+
#define FILE_MAP_EXECUTE SECTION_MAP_EXECUTE_EXPLICIT // not included in FILE_MAP_ALL_ACCESS
|
6
|
+
|
7
|
+
#define FILE_MAP_COPY 0x00000001
|
8
|
+
|
9
|
+
#define FILE_MAP_RESERVE 0x80000000
|
10
|
+
#define FILE_MAP_TARGETS_INVALID 0x40000000
|
11
|
+
#define FILE_MAP_LARGE_PAGES 0x20000000
|
12
|
+
|
@@ -0,0 +1,12 @@
|
|
1
|
+
#if ! (defined(lint) || defined(RC_INVOKED))
|
2
|
+
#if ( _MSC_VER >= 800 && !defined(_M_I86)) || defined(_PUSHPOP_SUPPORTED)
|
3
|
+
#pragma warning(disable:4103)
|
4
|
+
#if !(defined( MIDL_PASS )) || defined( __midl )
|
5
|
+
#pragma pack(pop)
|
6
|
+
#else
|
7
|
+
#pragma pack()
|
8
|
+
#endif
|
9
|
+
#else
|
10
|
+
#pragma pack()
|
11
|
+
#endif
|
12
|
+
#endif
|
@@ -0,0 +1,13 @@
|
|
1
|
+
|
2
|
+
#if ! (defined(lint) || defined(RC_INVOKED))
|
3
|
+
#if ( _MSC_VER >= 800 && !defined(_M_I86)) || defined(_PUSHPOP_SUPPORTED)
|
4
|
+
#pragma warning(disable:4103)
|
5
|
+
#if !(defined( MIDL_PASS )) || defined( __midl )
|
6
|
+
#pragma pack(push,4)
|
7
|
+
#else
|
8
|
+
#pragma pack(4)
|
9
|
+
#endif
|
10
|
+
#else
|
11
|
+
#pragma pack(4)
|
12
|
+
#endif
|
13
|
+
#endif
|
@@ -0,0 +1,1059 @@
|
|
1
|
+
#define ANYSIZE_ARRAY 1
|
2
|
+
#include <guiddef.h>
|
3
|
+
|
4
|
+
#if (defined(_M_IX86) || defined(_M_IA64) || defined(_M_AMD64) || defined(_M_ARM) || defined(_M_ARM64)) && !defined(MIDL_PASS)
|
5
|
+
#define DECLSPEC_IMPORT __declspec(dllimport)
|
6
|
+
#else
|
7
|
+
#define DECLSPEC_IMPORT
|
8
|
+
#endif
|
9
|
+
|
10
|
+
|
11
|
+
#if !defined(_NTSYSTEM_)
|
12
|
+
#define NTSYSAPI DECLSPEC_IMPORT
|
13
|
+
#define NTSYSCALLAPI DECLSPEC_IMPORT
|
14
|
+
#else
|
15
|
+
#define NTSYSAPI
|
16
|
+
#if defined(_NTDLLBUILD_)
|
17
|
+
#define NTSYSCALLAPI
|
18
|
+
#else
|
19
|
+
#define NTSYSCALLAPI DECLSPEC_ADDRSAFE
|
20
|
+
#endif
|
21
|
+
#endif
|
22
|
+
|
23
|
+
|
24
|
+
#if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
|
25
|
+
#define NTAPI __stdcall
|
26
|
+
#else
|
27
|
+
#define _cdecl
|
28
|
+
#define __cdecl
|
29
|
+
#define NTAPI
|
30
|
+
#endif
|
31
|
+
|
32
|
+
|
33
|
+
typedef struct _LUID {
|
34
|
+
DWORD LowPart;
|
35
|
+
LONG HighPart;
|
36
|
+
} LUID, *PLUID;
|
37
|
+
|
38
|
+
typedef unsigned char SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
|
39
|
+
typedef enum _SECURITY_IMPERSONATION_LEVEL {
|
40
|
+
SecurityAnonymous,
|
41
|
+
SecurityIdentification,
|
42
|
+
SecurityImpersonation,
|
43
|
+
SecurityDelegation
|
44
|
+
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
45
|
+
typedef struct _SECURITY_QUALITY_OF_SERVICE {
|
46
|
+
DWORD Length;
|
47
|
+
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
48
|
+
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
|
49
|
+
BOOLEAN EffectiveOnly;
|
50
|
+
} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
|
51
|
+
|
52
|
+
/*
|
53
|
+
typedef struct _SID_IDENTIFIER_AUTHORITY {
|
54
|
+
BYTE Value[6];
|
55
|
+
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
|
56
|
+
|
57
|
+
typedef DWORD ACCESS_MASK;
|
58
|
+
typedef ACCESS_MASK* PACCESS_MASK;
|
59
|
+
typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
60
|
+
typedef struct _SID {
|
61
|
+
BYTE Revision;
|
62
|
+
BYTE SubAuthorityCount;
|
63
|
+
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
64
|
+
#ifdef MIDL_PASS
|
65
|
+
DWORD SubAuthority[*];
|
66
|
+
#else // MIDL_PASS
|
67
|
+
DWORD SubAuthority[ANYSIZE_ARRAY];
|
68
|
+
#endif // MIDL_PASS
|
69
|
+
} SID, *PSID, *PISID;
|
70
|
+
|
71
|
+
|
72
|
+
typedef struct _SECURITY_DESCRIPTOR {
|
73
|
+
BYTE Revision;
|
74
|
+
BYTE Sbz1;
|
75
|
+
SECURITY_DESCRIPTOR_CONTROL Control;
|
76
|
+
PSID Owner;
|
77
|
+
PSID Group;
|
78
|
+
PACL Sacl;
|
79
|
+
PACL Dacl;
|
80
|
+
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
|
81
|
+
*/
|
82
|
+
|
83
|
+
|
84
|
+
typedef PVOID PACCESS_TOKEN;
|
85
|
+
typedef PVOID PSECURITY_DESCRIPTOR;
|
86
|
+
typedef PVOID PSID;
|
87
|
+
typedef PVOID PCLAIMS_BLOB;
|
88
|
+
|
89
|
+
|
90
|
+
|
91
|
+
typedef DWORD ACCESS_MASK;
|
92
|
+
typedef ACCESS_MASK *PACCESS_MASK;
|
93
|
+
|
94
|
+
#define DELETE (0x00010000L)
|
95
|
+
#define READ_CONTROL (0x00020000L)
|
96
|
+
#define WRITE_DAC (0x00040000L)
|
97
|
+
#define WRITE_OWNER (0x00080000L)
|
98
|
+
#define SYNCHRONIZE (0x00100000L)
|
99
|
+
|
100
|
+
#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
|
101
|
+
|
102
|
+
#define STANDARD_RIGHTS_READ (READ_CONTROL)
|
103
|
+
#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
|
104
|
+
#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
|
105
|
+
|
106
|
+
#define STANDARD_RIGHTS_ALL (0x001F0000L)
|
107
|
+
|
108
|
+
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
|
109
|
+
|
110
|
+
|
111
|
+
#define ACCESS_SYSTEM_SECURITY (0x01000000L)
|
112
|
+
|
113
|
+
|
114
|
+
#define MAXIMUM_ALLOWED (0x02000000L)
|
115
|
+
|
116
|
+
|
117
|
+
#define GENERIC_READ (0x80000000L)
|
118
|
+
#define GENERIC_WRITE (0x40000000L)
|
119
|
+
#define GENERIC_EXECUTE (0x20000000L)
|
120
|
+
#define GENERIC_ALL (0x10000000L)
|
121
|
+
|
122
|
+
#define SECTION_QUERY 0x0001
|
123
|
+
#define SECTION_MAP_WRITE 0x0002
|
124
|
+
#define SECTION_MAP_READ 0x0004
|
125
|
+
#define SECTION_MAP_EXECUTE 0x0008
|
126
|
+
#define SECTION_EXTEND_SIZE 0x0010
|
127
|
+
#define SECTION_MAP_EXECUTE_EXPLICIT 0x0020 // not included in SECTION_ALL_ACCESS
|
128
|
+
|
129
|
+
#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
|
130
|
+
SECTION_MAP_WRITE | \
|
131
|
+
SECTION_MAP_READ | \
|
132
|
+
SECTION_MAP_EXECUTE | \
|
133
|
+
SECTION_EXTEND_SIZE)
|
134
|
+
|
135
|
+
|
136
|
+
typedef struct _GENERIC_MAPPING {
|
137
|
+
ACCESS_MASK GenericRead;
|
138
|
+
ACCESS_MASK GenericWrite;
|
139
|
+
ACCESS_MASK GenericExecute;
|
140
|
+
ACCESS_MASK GenericAll;
|
141
|
+
} GENERIC_MAPPING;
|
142
|
+
typedef GENERIC_MAPPING *PGENERIC_MAPPING;
|
143
|
+
|
144
|
+
|
145
|
+
#include <pshpack4.h>
|
146
|
+
|
147
|
+
typedef struct _LUID_AND_ATTRIBUTES {
|
148
|
+
LUID Luid;
|
149
|
+
DWORD Attributes;
|
150
|
+
} LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;
|
151
|
+
typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
152
|
+
typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
|
153
|
+
|
154
|
+
#include <poppack.h>
|
155
|
+
|
156
|
+
|
157
|
+
#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
|
158
|
+
#define SID_IDENTIFIER_AUTHORITY_DEFINED
|
159
|
+
typedef struct _SID_IDENTIFIER_AUTHORITY {
|
160
|
+
BYTE Value[6];
|
161
|
+
} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
|
162
|
+
#endif
|
163
|
+
|
164
|
+
#ifndef SID_DEFINED
|
165
|
+
#define SID_DEFINED
|
166
|
+
typedef struct _SID {
|
167
|
+
BYTE Revision;
|
168
|
+
BYTE SubAuthorityCount;
|
169
|
+
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
|
170
|
+
#ifdef MIDL_PASS
|
171
|
+
[size_is(SubAuthorityCount)] DWORD SubAuthority[*];
|
172
|
+
#else // MIDL_PASS
|
173
|
+
DWORD SubAuthority[ANYSIZE_ARRAY];
|
174
|
+
#endif // MIDL_PASS
|
175
|
+
} SID, *PISID;
|
176
|
+
#endif
|
177
|
+
|
178
|
+
#define SID_REVISION (1)
|
179
|
+
#define SID_MAX_SUB_AUTHORITIES (15)
|
180
|
+
#define SID_RECOMMENDED_SUB_AUTHORITIES (1)
|
181
|
+
|
182
|
+
#ifndef MIDL_PASS
|
183
|
+
#define SECURITY_MAX_SID_SIZE \
|
184
|
+
(sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
|
185
|
+
|
186
|
+
#define SECURITY_SID_SIZE(SubAuthorityCount_) (sizeof(SID) - sizeof(DWORD) + \
|
187
|
+
(SubAuthorityCount_) * sizeof(DWORD))
|
188
|
+
|
189
|
+
|
190
|
+
#define SECURITY_MAX_SID_STRING_CHARACTERS \
|
191
|
+
(2 + 4 + 15 + (11 * SID_MAX_SUB_AUTHORITIES) + 1)
|
192
|
+
|
193
|
+
|
194
|
+
typedef union _SE_SID {
|
195
|
+
SID Sid;
|
196
|
+
BYTE Buffer[SECURITY_MAX_SID_SIZE];
|
197
|
+
} SE_SID, *PSE_SID;
|
198
|
+
|
199
|
+
#endif
|
200
|
+
|
201
|
+
|
202
|
+
typedef enum _SID_NAME_USE {
|
203
|
+
SidTypeUser = 1,
|
204
|
+
SidTypeGroup,
|
205
|
+
SidTypeDomain,
|
206
|
+
SidTypeAlias,
|
207
|
+
SidTypeWellKnownGroup,
|
208
|
+
SidTypeDeletedAccount,
|
209
|
+
SidTypeInvalid,
|
210
|
+
SidTypeUnknown,
|
211
|
+
SidTypeComputer,
|
212
|
+
SidTypeLabel,
|
213
|
+
SidTypeLogonSession
|
214
|
+
} SID_NAME_USE, *PSID_NAME_USE;
|
215
|
+
|
216
|
+
typedef struct _SID_AND_ATTRIBUTES {
|
217
|
+
#ifdef MIDL_PASS
|
218
|
+
PISID Sid;
|
219
|
+
#else // MIDL_PASS
|
220
|
+
PSID Sid;
|
221
|
+
#endif // MIDL_PASS
|
222
|
+
DWORD Attributes;
|
223
|
+
} SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
|
224
|
+
|
225
|
+
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
|
226
|
+
typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
|
227
|
+
|
228
|
+
#define SID_HASH_SIZE 32
|
229
|
+
typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
|
230
|
+
|
231
|
+
typedef struct _SID_AND_ATTRIBUTES_HASH {
|
232
|
+
DWORD SidCount;
|
233
|
+
PSID_AND_ATTRIBUTES SidAttr;
|
234
|
+
SID_HASH_ENTRY Hash[SID_HASH_SIZE];
|
235
|
+
} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
|
236
|
+
|
237
|
+
|
238
|
+
|
239
|
+
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
|
240
|
+
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
|
241
|
+
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
|
242
|
+
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
|
243
|
+
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
|
244
|
+
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
|
245
|
+
|
246
|
+
|
247
|
+
#define SECURITY_NULL_RID (0x00000000L)
|
248
|
+
#define SECURITY_WORLD_RID (0x00000000L)
|
249
|
+
#define SECURITY_LOCAL_RID (0x00000000L)
|
250
|
+
#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
|
251
|
+
|
252
|
+
#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
|
253
|
+
#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
|
254
|
+
|
255
|
+
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
|
256
|
+
#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
|
257
|
+
|
258
|
+
#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
|
259
|
+
|
260
|
+
|
261
|
+
|
262
|
+
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
|
263
|
+
|
264
|
+
#define SECURITY_DIALUP_RID (0x00000001L)
|
265
|
+
#define SECURITY_NETWORK_RID (0x00000002L)
|
266
|
+
#define SECURITY_BATCH_RID (0x00000003L)
|
267
|
+
#define SECURITY_INTERACTIVE_RID (0x00000004L)
|
268
|
+
#define SECURITY_LOGON_IDS_RID (0x00000005L)
|
269
|
+
#define SECURITY_LOGON_IDS_RID_COUNT (3L)
|
270
|
+
#define SECURITY_SERVICE_RID (0x00000006L)
|
271
|
+
#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
|
272
|
+
#define SECURITY_PROXY_RID (0x00000008L)
|
273
|
+
#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
|
274
|
+
#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
|
275
|
+
#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
|
276
|
+
#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
|
277
|
+
#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
|
278
|
+
#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
|
279
|
+
#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
|
280
|
+
#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
|
281
|
+
#define SECURITY_IUSER_RID (0x00000011L)
|
282
|
+
#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
|
283
|
+
#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
|
284
|
+
#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
|
285
|
+
|
286
|
+
#define SECURITY_NT_NON_UNIQUE (0x00000015L)
|
287
|
+
#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
|
288
|
+
|
289
|
+
#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
|
290
|
+
|
291
|
+
#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
|
292
|
+
#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
|
293
|
+
|
294
|
+
|
295
|
+
#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
|
296
|
+
#define SECURITY_PACKAGE_RID_COUNT (2L)
|
297
|
+
#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
|
298
|
+
#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
|
299
|
+
#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
|
300
|
+
|
301
|
+
#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
|
302
|
+
#define SECURITY_CRED_TYPE_RID_COUNT (2L)
|
303
|
+
#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
|
304
|
+
|
305
|
+
#define SECURITY_MIN_BASE_RID (0x00000050L)
|
306
|
+
|
307
|
+
#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
|
308
|
+
#define SECURITY_SERVICE_ID_RID_COUNT (6L)
|
309
|
+
|
310
|
+
#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
|
311
|
+
|
312
|
+
#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
|
313
|
+
#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
|
314
|
+
|
315
|
+
#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
|
316
|
+
#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
|
317
|
+
|
318
|
+
#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
|
319
|
+
#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
|
320
|
+
|
321
|
+
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
|
322
|
+
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
|
323
|
+
|
324
|
+
#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
|
325
|
+
#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
|
326
|
+
|
327
|
+
#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
|
328
|
+
|
329
|
+
#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
|
330
|
+
|
331
|
+
#define SECURITY_COM_ID_BASE_RID (0x00000059L)
|
332
|
+
|
333
|
+
#define SECURITY_WINDOW_MANAGER_BASE_RID (0x0000005AL)
|
334
|
+
|
335
|
+
#define SECURITY_RDV_GFX_BASE_RID (0x0000005BL)
|
336
|
+
|
337
|
+
#define SECURITY_DASHOST_ID_BASE_RID (0x0000005CL)
|
338
|
+
#define SECURITY_DASHOST_ID_RID_COUNT (6L)
|
339
|
+
|
340
|
+
#define SECURITY_USERMANAGER_ID_BASE_RID (0x0000005DL)
|
341
|
+
#define SECURITY_USERMANAGER_ID_RID_COUNT (6L)
|
342
|
+
|
343
|
+
#define SECURITY_WINRM_ID_BASE_RID (0x0000005EL)
|
344
|
+
#define SECURITY_WINRM_ID_RID_COUNT (6L)
|
345
|
+
|
346
|
+
#define SECURITY_CCG_ID_BASE_RID (0x0000005FL)
|
347
|
+
#define SECURITY_UMFD_BASE_RID (0x00000060L)
|
348
|
+
|
349
|
+
#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
|
350
|
+
|
351
|
+
|
352
|
+
#define SECURITY_MAX_BASE_RID (0x0000006FL)
|
353
|
+
#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
|
354
|
+
#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
|
355
|
+
|
356
|
+
#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
|
357
|
+
|
358
|
+
|
359
|
+
#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
|
360
|
+
|
361
|
+
|
362
|
+
#define SECURITY_INSTALLER_GROUP_CAPABILITY_BASE (0x20)
|
363
|
+
#define SECURITY_INSTALLER_GROUP_CAPABILITY_RID_COUNT (9)
|
364
|
+
|
365
|
+
|
366
|
+
#define SECURITY_INSTALLER_CAPABILITY_RID_COUNT (10)
|
367
|
+
|
368
|
+
|
369
|
+
#define SECURITY_LOCAL_ACCOUNT_RID (0x00000071L)
|
370
|
+
#define SECURITY_LOCAL_ACCOUNT_AND_ADMIN_RID (0x00000072L)
|
371
|
+
|
372
|
+
|
373
|
+
#define DOMAIN_GROUP_RID_AUTHORIZATION_DATA_IS_COMPOUNDED (0x000001F0L)
|
374
|
+
#define DOMAIN_GROUP_RID_AUTHORIZATION_DATA_CONTAINS_CLAIMS (0x000001F1L)
|
375
|
+
#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
|
376
|
+
|
377
|
+
#define FOREST_USER_RID_MAX (0x000001F3L)
|
378
|
+
|
379
|
+
|
380
|
+
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
|
381
|
+
#define DOMAIN_USER_RID_GUEST (0x000001F5L)
|
382
|
+
#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
|
383
|
+
#define DOMAIN_USER_RID_DEFAULT_ACCOUNT (0x000001F7L)
|
384
|
+
#define DOMAIN_USER_RID_WDAG_ACCOUNT (0x000001F8L)
|
385
|
+
|
386
|
+
#define DOMAIN_USER_RID_MAX (0x000003E7L)
|
387
|
+
|
388
|
+
|
389
|
+
|
390
|
+
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
|
391
|
+
#define DOMAIN_GROUP_RID_USERS (0x00000201L)
|
392
|
+
#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
|
393
|
+
#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
|
394
|
+
#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
|
395
|
+
#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
|
396
|
+
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
|
397
|
+
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
|
398
|
+
#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
|
399
|
+
#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
|
400
|
+
#define DOMAIN_GROUP_RID_CLONEABLE_CONTROLLERS (0x0000020AL)
|
401
|
+
#define DOMAIN_GROUP_RID_CDC_RESERVED (0x0000020CL)
|
402
|
+
#define DOMAIN_GROUP_RID_PROTECTED_USERS (0x0000020DL)
|
403
|
+
#define DOMAIN_GROUP_RID_KEY_ADMINS (0x0000020EL)
|
404
|
+
#define DOMAIN_GROUP_RID_ENTERPRISE_KEY_ADMINS (0x0000020FL)
|
405
|
+
|
406
|
+
|
407
|
+
#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
|
408
|
+
#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
|
409
|
+
#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
|
410
|
+
#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
|
411
|
+
|
412
|
+
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
|
413
|
+
#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
|
414
|
+
#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
|
415
|
+
#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
|
416
|
+
|
417
|
+
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
|
418
|
+
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
|
419
|
+
#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
|
420
|
+
#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
|
421
|
+
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
|
422
|
+
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
|
423
|
+
|
424
|
+
#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
|
425
|
+
#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
|
426
|
+
#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
|
427
|
+
#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
|
428
|
+
#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
|
429
|
+
#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
|
430
|
+
#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
|
431
|
+
#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
|
432
|
+
#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
|
433
|
+
#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
|
434
|
+
#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
|
435
|
+
#define DOMAIN_ALIAS_RID_RDS_REMOTE_ACCESS_SERVERS (0x0000023FL)
|
436
|
+
#define DOMAIN_ALIAS_RID_RDS_ENDPOINT_SERVERS (0x00000240L)
|
437
|
+
#define DOMAIN_ALIAS_RID_RDS_MANAGEMENT_SERVERS (0x00000241L)
|
438
|
+
#define DOMAIN_ALIAS_RID_HYPER_V_ADMINS (0x00000242L)
|
439
|
+
#define DOMAIN_ALIAS_RID_ACCESS_CONTROL_ASSISTANCE_OPS (0x00000243L)
|
440
|
+
#define DOMAIN_ALIAS_RID_REMOTE_MANAGEMENT_USERS (0x00000244L)
|
441
|
+
#define DOMAIN_ALIAS_RID_DEFAULT_ACCOUNT (0x00000245L)
|
442
|
+
#define DOMAIN_ALIAS_RID_STORAGE_REPLICA_ADMINS (0x00000246L)
|
443
|
+
#define DOMAIN_ALIAS_RID_DEVICE_OWNERS (0x00000247L)
|
444
|
+
|
445
|
+
|
446
|
+
#define SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15}
|
447
|
+
|
448
|
+
#define SECURITY_APP_PACKAGE_BASE_RID (0x00000002L)
|
449
|
+
#define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT (2L)
|
450
|
+
#define SECURITY_APP_PACKAGE_RID_COUNT (8L)
|
451
|
+
#define SECURITY_CAPABILITY_BASE_RID (0x00000003L)
|
452
|
+
#define SECURITY_CAPABILITY_APP_RID (0x000000400)
|
453
|
+
#define SECURITY_BUILTIN_CAPABILITY_RID_COUNT (2L)
|
454
|
+
#define SECURITY_CAPABILITY_RID_COUNT (5L)
|
455
|
+
#define SECURITY_PARENT_PACKAGE_RID_COUNT (SECURITY_APP_PACKAGE_RID_COUNT)
|
456
|
+
#define SECURITY_CHILD_PACKAGE_RID_COUNT (12L)
|
457
|
+
|
458
|
+
|
459
|
+
|
460
|
+
#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE (0x00000001L)
|
461
|
+
#define SECURITY_BUILTIN_PACKAGE_ANY_RESTRICTED_PACKAGE (0x00000002L)
|
462
|
+
|
463
|
+
|
464
|
+
|
465
|
+
#define SECURITY_CAPABILITY_INTERNET_CLIENT (0x00000001L)
|
466
|
+
#define SECURITY_CAPABILITY_INTERNET_CLIENT_SERVER (0x00000002L)
|
467
|
+
#define SECURITY_CAPABILITY_PRIVATE_NETWORK_CLIENT_SERVER (0x00000003L)
|
468
|
+
#define SECURITY_CAPABILITY_PICTURES_LIBRARY (0x00000004L)
|
469
|
+
#define SECURITY_CAPABILITY_VIDEOS_LIBRARY (0x00000005L)
|
470
|
+
#define SECURITY_CAPABILITY_MUSIC_LIBRARY (0x00000006L)
|
471
|
+
#define SECURITY_CAPABILITY_DOCUMENTS_LIBRARY (0x00000007L)
|
472
|
+
#define SECURITY_CAPABILITY_ENTERPRISE_AUTHENTICATION (0x00000008L)
|
473
|
+
#define SECURITY_CAPABILITY_SHARED_USER_CERTIFICATES (0x00000009L)
|
474
|
+
#define SECURITY_CAPABILITY_REMOVABLE_STORAGE (0x0000000AL)
|
475
|
+
#define SECURITY_CAPABILITY_APPOINTMENTS (0x0000000BL)
|
476
|
+
#define SECURITY_CAPABILITY_CONTACTS (0x0000000CL)
|
477
|
+
|
478
|
+
#define SECURITY_CAPABILITY_INTERNET_EXPLORER (0x00001000L)
|
479
|
+
|
480
|
+
|
481
|
+
|
482
|
+
#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
|
483
|
+
#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
|
484
|
+
#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
|
485
|
+
#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
|
486
|
+
#define SECURITY_MANDATORY_MEDIUM_PLUS_RID (SECURITY_MANDATORY_MEDIUM_RID + 0x100)
|
487
|
+
#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
|
488
|
+
#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
|
489
|
+
#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
|
490
|
+
|
491
|
+
|
492
|
+
|
493
|
+
#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
|
494
|
+
|
495
|
+
#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
|
496
|
+
|
497
|
+
#define SECURITY_SCOPED_POLICY_ID_AUTHORITY {0,0,0,0,0,17}
|
498
|
+
|
499
|
+
|
500
|
+
|
501
|
+
#define SECURITY_AUTHENTICATION_AUTHORITY {0,0,0,0,0,18}
|
502
|
+
#define SECURITY_AUTHENTICATION_AUTHORITY_RID_COUNT (1L)
|
503
|
+
#define SECURITY_AUTHENTICATION_AUTHORITY_ASSERTED_RID (0x00000001L)
|
504
|
+
#define SECURITY_AUTHENTICATION_SERVICE_ASSERTED_RID (0x00000002L)
|
505
|
+
#define SECURITY_AUTHENTICATION_FRESH_KEY_AUTH_RID (0x00000003L)
|
506
|
+
#define SECURITY_AUTHENTICATION_KEY_TRUST_RID (0x00000004L)
|
507
|
+
#define SECURITY_AUTHENTICATION_KEY_PROPERTY_MFA_RID (0x00000005L)
|
508
|
+
#define SECURITY_AUTHENTICATION_KEY_PROPERTY_ATTESTATION_RID (0x00000006L)
|
509
|
+
|
510
|
+
#define SECURITY_PROCESS_TRUST_AUTHORITY {0,0,0,0,0,19}
|
511
|
+
#define SECURITY_PROCESS_TRUST_AUTHORITY_RID_COUNT (2L)
|
512
|
+
|
513
|
+
#define SECURITY_PROCESS_PROTECTION_TYPE_FULL_RID (0x00000400L)
|
514
|
+
#define SECURITY_PROCESS_PROTECTION_TYPE_LITE_RID (0x00000200L)
|
515
|
+
#define SECURITY_PROCESS_PROTECTION_TYPE_NONE_RID (0x00000000L)
|
516
|
+
|
517
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_WINTCB_RID (0x00002000L)
|
518
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_WINDOWS_RID (0x00001000L)
|
519
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_APP_RID (0x00000800L)
|
520
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_ANTIMALWARE_RID (0x00000600L)
|
521
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_AUTHENTICODE_RID (0x00000400L)
|
522
|
+
#define SECURITY_PROCESS_PROTECTION_LEVEL_NONE_RID (0x00000000L)
|
523
|
+
|
524
|
+
|
525
|
+
|
526
|
+
#define SECURITY_TRUSTED_INSTALLER_RID1 956008885
|
527
|
+
#define SECURITY_TRUSTED_INSTALLER_RID2 3418522649
|
528
|
+
#define SECURITY_TRUSTED_INSTALLER_RID3 1831038044
|
529
|
+
#define SECURITY_TRUSTED_INSTALLER_RID4 1853292631
|
530
|
+
#define SECURITY_TRUSTED_INSTALLER_RID5 2271478464
|
531
|
+
|
532
|
+
|
533
|
+
|
534
|
+
|
535
|
+
|
536
|
+
typedef enum {
|
537
|
+
|
538
|
+
WinNullSid = 0,
|
539
|
+
WinWorldSid = 1,
|
540
|
+
WinLocalSid = 2,
|
541
|
+
WinCreatorOwnerSid = 3,
|
542
|
+
WinCreatorGroupSid = 4,
|
543
|
+
WinCreatorOwnerServerSid = 5,
|
544
|
+
WinCreatorGroupServerSid = 6,
|
545
|
+
WinNtAuthoritySid = 7,
|
546
|
+
WinDialupSid = 8,
|
547
|
+
WinNetworkSid = 9,
|
548
|
+
WinBatchSid = 10,
|
549
|
+
WinInteractiveSid = 11,
|
550
|
+
WinServiceSid = 12,
|
551
|
+
WinAnonymousSid = 13,
|
552
|
+
WinProxySid = 14,
|
553
|
+
WinEnterpriseControllersSid = 15,
|
554
|
+
WinSelfSid = 16,
|
555
|
+
WinAuthenticatedUserSid = 17,
|
556
|
+
WinRestrictedCodeSid = 18,
|
557
|
+
WinTerminalServerSid = 19,
|
558
|
+
WinRemoteLogonIdSid = 20,
|
559
|
+
WinLogonIdsSid = 21,
|
560
|
+
WinLocalSystemSid = 22,
|
561
|
+
WinLocalServiceSid = 23,
|
562
|
+
WinNetworkServiceSid = 24,
|
563
|
+
WinBuiltinDomainSid = 25,
|
564
|
+
WinBuiltinAdministratorsSid = 26,
|
565
|
+
WinBuiltinUsersSid = 27,
|
566
|
+
WinBuiltinGuestsSid = 28,
|
567
|
+
WinBuiltinPowerUsersSid = 29,
|
568
|
+
WinBuiltinAccountOperatorsSid = 30,
|
569
|
+
WinBuiltinSystemOperatorsSid = 31,
|
570
|
+
WinBuiltinPrintOperatorsSid = 32,
|
571
|
+
WinBuiltinBackupOperatorsSid = 33,
|
572
|
+
WinBuiltinReplicatorSid = 34,
|
573
|
+
WinBuiltinPreWindows2000CompatibleAccessSid = 35,
|
574
|
+
WinBuiltinRemoteDesktopUsersSid = 36,
|
575
|
+
WinBuiltinNetworkConfigurationOperatorsSid = 37,
|
576
|
+
WinAccountAdministratorSid = 38,
|
577
|
+
WinAccountGuestSid = 39,
|
578
|
+
WinAccountKrbtgtSid = 40,
|
579
|
+
WinAccountDomainAdminsSid = 41,
|
580
|
+
WinAccountDomainUsersSid = 42,
|
581
|
+
WinAccountDomainGuestsSid = 43,
|
582
|
+
WinAccountComputersSid = 44,
|
583
|
+
WinAccountControllersSid = 45,
|
584
|
+
WinAccountCertAdminsSid = 46,
|
585
|
+
WinAccountSchemaAdminsSid = 47,
|
586
|
+
WinAccountEnterpriseAdminsSid = 48,
|
587
|
+
WinAccountPolicyAdminsSid = 49,
|
588
|
+
WinAccountRasAndIasServersSid = 50,
|
589
|
+
WinNTLMAuthenticationSid = 51,
|
590
|
+
WinDigestAuthenticationSid = 52,
|
591
|
+
WinSChannelAuthenticationSid = 53,
|
592
|
+
WinThisOrganizationSid = 54,
|
593
|
+
WinOtherOrganizationSid = 55,
|
594
|
+
WinBuiltinIncomingForestTrustBuildersSid = 56,
|
595
|
+
WinBuiltinPerfMonitoringUsersSid = 57,
|
596
|
+
WinBuiltinPerfLoggingUsersSid = 58,
|
597
|
+
WinBuiltinAuthorizationAccessSid = 59,
|
598
|
+
WinBuiltinTerminalServerLicenseServersSid = 60,
|
599
|
+
WinBuiltinDCOMUsersSid = 61,
|
600
|
+
WinBuiltinIUsersSid = 62,
|
601
|
+
WinIUserSid = 63,
|
602
|
+
WinBuiltinCryptoOperatorsSid = 64,
|
603
|
+
WinUntrustedLabelSid = 65,
|
604
|
+
WinLowLabelSid = 66,
|
605
|
+
WinMediumLabelSid = 67,
|
606
|
+
WinHighLabelSid = 68,
|
607
|
+
WinSystemLabelSid = 69,
|
608
|
+
WinWriteRestrictedCodeSid = 70,
|
609
|
+
WinCreatorOwnerRightsSid = 71,
|
610
|
+
WinCacheablePrincipalsGroupSid = 72,
|
611
|
+
WinNonCacheablePrincipalsGroupSid = 73,
|
612
|
+
WinEnterpriseReadonlyControllersSid = 74,
|
613
|
+
WinAccountReadonlyControllersSid = 75,
|
614
|
+
WinBuiltinEventLogReadersGroup = 76,
|
615
|
+
WinNewEnterpriseReadonlyControllersSid = 77,
|
616
|
+
WinBuiltinCertSvcDComAccessGroup = 78,
|
617
|
+
WinMediumPlusLabelSid = 79,
|
618
|
+
WinLocalLogonSid = 80,
|
619
|
+
WinConsoleLogonSid = 81,
|
620
|
+
WinThisOrganizationCertificateSid = 82,
|
621
|
+
WinApplicationPackageAuthoritySid = 83,
|
622
|
+
WinBuiltinAnyPackageSid = 84,
|
623
|
+
WinCapabilityInternetClientSid = 85,
|
624
|
+
WinCapabilityInternetClientServerSid = 86,
|
625
|
+
WinCapabilityPrivateNetworkClientServerSid = 87,
|
626
|
+
WinCapabilityPicturesLibrarySid = 88,
|
627
|
+
WinCapabilityVideosLibrarySid = 89,
|
628
|
+
WinCapabilityMusicLibrarySid = 90,
|
629
|
+
WinCapabilityDocumentsLibrarySid = 91,
|
630
|
+
WinCapabilitySharedUserCertificatesSid = 92,
|
631
|
+
WinCapabilityEnterpriseAuthenticationSid = 93,
|
632
|
+
WinCapabilityRemovableStorageSid = 94,
|
633
|
+
WinBuiltinRDSRemoteAccessServersSid = 95,
|
634
|
+
WinBuiltinRDSEndpointServersSid = 96,
|
635
|
+
WinBuiltinRDSManagementServersSid = 97,
|
636
|
+
WinUserModeDriversSid = 98,
|
637
|
+
WinBuiltinHyperVAdminsSid = 99,
|
638
|
+
WinAccountCloneableControllersSid = 100,
|
639
|
+
WinBuiltinAccessControlAssistanceOperatorsSid = 101,
|
640
|
+
WinBuiltinRemoteManagementUsersSid = 102,
|
641
|
+
WinAuthenticationAuthorityAssertedSid = 103,
|
642
|
+
WinAuthenticationServiceAssertedSid = 104,
|
643
|
+
WinLocalAccountSid = 105,
|
644
|
+
WinLocalAccountAndAdministratorSid = 106,
|
645
|
+
WinAccountProtectedUsersSid = 107,
|
646
|
+
WinCapabilityAppointmentsSid = 108,
|
647
|
+
WinCapabilityContactsSid = 109,
|
648
|
+
WinAccountDefaultSystemManagedSid = 110,
|
649
|
+
WinBuiltinDefaultSystemManagedGroupSid = 111,
|
650
|
+
WinBuiltinStorageReplicaAdminsSid = 112,
|
651
|
+
WinAccountKeyAdminsSid = 113,
|
652
|
+
WinAccountEnterpriseKeyAdminsSid = 114,
|
653
|
+
WinAuthenticationKeyTrustSid = 115,
|
654
|
+
WinAuthenticationKeyPropertyMFASid = 116,
|
655
|
+
WinAuthenticationKeyPropertyAttestationSid = 117,
|
656
|
+
WinAuthenticationFreshKeyAuthSid = 118,
|
657
|
+
WinBuiltinDeviceOwnersSid = 119,
|
658
|
+
} WELL_KNOWN_SID_TYPE;
|
659
|
+
|
660
|
+
|
661
|
+
|
662
|
+
#define SYSTEM_LUID { 0x3e7, 0x0 }
|
663
|
+
#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
|
664
|
+
#define LOCALSERVICE_LUID { 0x3e5, 0x0 }
|
665
|
+
#define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
|
666
|
+
#define IUSER_LUID { 0x3e3, 0x0 }
|
667
|
+
#define PROTECTED_TO_SYSTEM_LUID { 0x3e2, 0x0 }
|
668
|
+
|
669
|
+
|
670
|
+
|
671
|
+
#define SE_GROUP_MANDATORY (0x00000001L)
|
672
|
+
#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
|
673
|
+
#define SE_GROUP_ENABLED (0x00000004L)
|
674
|
+
#define SE_GROUP_OWNER (0x00000008L)
|
675
|
+
#define SE_GROUP_USE_FOR_DENY_ONLY (0x00000010L)
|
676
|
+
#define SE_GROUP_INTEGRITY (0x00000020L)
|
677
|
+
#define SE_GROUP_INTEGRITY_ENABLED (0x00000040L)
|
678
|
+
#define SE_GROUP_LOGON_ID (0xC0000000L)
|
679
|
+
#define SE_GROUP_RESOURCE (0x20000000L)
|
680
|
+
|
681
|
+
#define SE_GROUP_VALID_ATTRIBUTES (SE_GROUP_MANDATORY | \
|
682
|
+
SE_GROUP_ENABLED_BY_DEFAULT | \
|
683
|
+
SE_GROUP_ENABLED | \
|
684
|
+
SE_GROUP_OWNER | \
|
685
|
+
SE_GROUP_USE_FOR_DENY_ONLY | \
|
686
|
+
SE_GROUP_LOGON_ID | \
|
687
|
+
SE_GROUP_RESOURCE | \
|
688
|
+
SE_GROUP_INTEGRITY | \
|
689
|
+
SE_GROUP_INTEGRITY_ENABLED)
|
690
|
+
|
691
|
+
|
692
|
+
|
693
|
+
|
694
|
+
#define ACL_REVISION (2)
|
695
|
+
#define ACL_REVISION_DS (4)
|
696
|
+
|
697
|
+
|
698
|
+
#define ACL_REVISION1 (1)
|
699
|
+
#define MIN_ACL_REVISION ACL_REVISION2
|
700
|
+
#define ACL_REVISION2 (2)
|
701
|
+
#define ACL_REVISION3 (3)
|
702
|
+
#define ACL_REVISION4 (4)
|
703
|
+
#define MAX_ACL_REVISION ACL_REVISION4
|
704
|
+
|
705
|
+
typedef struct _ACL {
|
706
|
+
BYTE AclRevision;
|
707
|
+
BYTE Sbz1;
|
708
|
+
WORD AclSize;
|
709
|
+
WORD AceCount;
|
710
|
+
WORD Sbz2;
|
711
|
+
} ACL;
|
712
|
+
typedef ACL *PACL;
|
713
|
+
|
714
|
+
|
715
|
+
|
716
|
+
typedef struct _ACE_HEADER {
|
717
|
+
BYTE AceType;
|
718
|
+
BYTE AceFlags;
|
719
|
+
WORD AceSize;
|
720
|
+
} ACE_HEADER;
|
721
|
+
typedef ACE_HEADER *PACE_HEADER;
|
722
|
+
|
723
|
+
#define ACCESS_MIN_MS_ACE_TYPE (0x0)
|
724
|
+
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
|
725
|
+
#define ACCESS_DENIED_ACE_TYPE (0x1)
|
726
|
+
#define SYSTEM_AUDIT_ACE_TYPE (0x2)
|
727
|
+
#define SYSTEM_ALARM_ACE_TYPE (0x3)
|
728
|
+
#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
|
729
|
+
|
730
|
+
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
|
731
|
+
#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
|
732
|
+
|
733
|
+
#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
|
734
|
+
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
|
735
|
+
#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
|
736
|
+
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
|
737
|
+
#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
|
738
|
+
#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
|
739
|
+
|
740
|
+
#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
|
741
|
+
#define ACCESS_MAX_MS_ACE_TYPE (0x8)
|
742
|
+
|
743
|
+
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
|
744
|
+
#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
|
745
|
+
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
|
746
|
+
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
|
747
|
+
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
|
748
|
+
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
|
749
|
+
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
|
750
|
+
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
|
751
|
+
|
752
|
+
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
|
753
|
+
#define SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE (0x12)
|
754
|
+
#define SYSTEM_SCOPED_POLICY_ID_ACE_TYPE (0x13)
|
755
|
+
#define SYSTEM_PROCESS_TRUST_LABEL_ACE_TYPE (0x14)
|
756
|
+
#define SYSTEM_ACCESS_FILTER_ACE_TYPE (0x15)
|
757
|
+
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x15)
|
758
|
+
|
759
|
+
|
760
|
+
|
761
|
+
#define OBJECT_INHERIT_ACE (0x1)
|
762
|
+
#define CONTAINER_INHERIT_ACE (0x2)
|
763
|
+
#define NO_PROPAGATE_INHERIT_ACE (0x4)
|
764
|
+
#define INHERIT_ONLY_ACE (0x8)
|
765
|
+
#define INHERITED_ACE (0x10)
|
766
|
+
#define VALID_INHERIT_FLAGS (0x1F)
|
767
|
+
|
768
|
+
|
769
|
+
|
770
|
+
|
771
|
+
#define CRITICAL_ACE_FLAG (0x20)
|
772
|
+
|
773
|
+
|
774
|
+
#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
|
775
|
+
#define FAILED_ACCESS_ACE_FLAG (0x80)
|
776
|
+
|
777
|
+
|
778
|
+
|
779
|
+
#define TRUST_PROTECTED_FILTER_ACE_FLAG (0x40)
|
780
|
+
|
781
|
+
|
782
|
+
|
783
|
+
typedef struct _ACCESS_ALLOWED_ACE {
|
784
|
+
ACE_HEADER Header;
|
785
|
+
ACCESS_MASK Mask;
|
786
|
+
DWORD SidStart;
|
787
|
+
} ACCESS_ALLOWED_ACE;
|
788
|
+
|
789
|
+
typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
|
790
|
+
|
791
|
+
typedef struct _ACCESS_DENIED_ACE {
|
792
|
+
ACE_HEADER Header;
|
793
|
+
ACCESS_MASK Mask;
|
794
|
+
DWORD SidStart;
|
795
|
+
} ACCESS_DENIED_ACE;
|
796
|
+
typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
|
797
|
+
|
798
|
+
typedef struct _SYSTEM_AUDIT_ACE {
|
799
|
+
ACE_HEADER Header;
|
800
|
+
ACCESS_MASK Mask;
|
801
|
+
DWORD SidStart;
|
802
|
+
} SYSTEM_AUDIT_ACE;
|
803
|
+
typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
|
804
|
+
|
805
|
+
typedef struct _SYSTEM_ALARM_ACE {
|
806
|
+
ACE_HEADER Header;
|
807
|
+
ACCESS_MASK Mask;
|
808
|
+
DWORD SidStart;
|
809
|
+
} SYSTEM_ALARM_ACE;
|
810
|
+
typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
|
811
|
+
|
812
|
+
typedef struct _SYSTEM_RESOURCE_ATTRIBUTE_ACE {
|
813
|
+
ACE_HEADER Header;
|
814
|
+
ACCESS_MASK Mask;
|
815
|
+
DWORD SidStart;
|
816
|
+
} SYSTEM_RESOURCE_ATTRIBUTE_ACE, *PSYSTEM_RESOURCE_ATTRIBUTE_ACE;
|
817
|
+
|
818
|
+
typedef struct _SYSTEM_SCOPED_POLICY_ID_ACE {
|
819
|
+
ACE_HEADER Header;
|
820
|
+
ACCESS_MASK Mask;
|
821
|
+
DWORD SidStart;
|
822
|
+
} SYSTEM_SCOPED_POLICY_ID_ACE, *PSYSTEM_SCOPED_POLICY_ID_ACE;
|
823
|
+
|
824
|
+
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
|
825
|
+
ACE_HEADER Header;
|
826
|
+
ACCESS_MASK Mask;
|
827
|
+
DWORD SidStart;
|
828
|
+
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
|
829
|
+
|
830
|
+
typedef struct _SYSTEM_PROCESS_TRUST_LABEL_ACE {
|
831
|
+
ACE_HEADER Header;
|
832
|
+
ACCESS_MASK Mask;
|
833
|
+
DWORD SidStart;
|
834
|
+
} SYSTEM_PROCESS_TRUST_LABEL_ACE, *PSYSTEM_PROCESS_TRUST_LABEL_ACE;
|
835
|
+
|
836
|
+
typedef struct _SYSTEM_ACCESS_FILTER_ACE {
|
837
|
+
ACE_HEADER Header;
|
838
|
+
ACCESS_MASK Mask;
|
839
|
+
DWORD SidStart;
|
840
|
+
} SYSTEM_ACCESS_FILTER_ACE, *PSYSTEM_ACCESS_FILTER_ACE;
|
841
|
+
|
842
|
+
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
|
843
|
+
#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
|
844
|
+
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
|
845
|
+
|
846
|
+
#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
|
847
|
+
SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
|
848
|
+
SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
|
849
|
+
|
850
|
+
#define SYSTEM_PROCESS_TRUST_LABEL_VALID_MASK 0x00ffffff
|
851
|
+
#define SYSTEM_PROCESS_TRUST_NOCONSTRAINT_MASK 0xffffffff
|
852
|
+
#define SYSTEM_ACCESS_FILTER_VALID_MASK 0x00ffffff
|
853
|
+
#define SYSTEM_ACCESS_FILTER_NOCONSTRAINT_MASK 0xffffffff
|
854
|
+
|
855
|
+
|
856
|
+
typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
|
857
|
+
ACE_HEADER Header;
|
858
|
+
ACCESS_MASK Mask;
|
859
|
+
DWORD Flags;
|
860
|
+
GUID ObjectType;
|
861
|
+
GUID InheritedObjectType;
|
862
|
+
DWORD SidStart;
|
863
|
+
} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
|
864
|
+
|
865
|
+
typedef struct _ACCESS_DENIED_OBJECT_ACE {
|
866
|
+
ACE_HEADER Header;
|
867
|
+
ACCESS_MASK Mask;
|
868
|
+
DWORD Flags;
|
869
|
+
GUID ObjectType;
|
870
|
+
GUID InheritedObjectType;
|
871
|
+
DWORD SidStart;
|
872
|
+
} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
|
873
|
+
|
874
|
+
typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
|
875
|
+
ACE_HEADER Header;
|
876
|
+
ACCESS_MASK Mask;
|
877
|
+
DWORD Flags;
|
878
|
+
GUID ObjectType;
|
879
|
+
GUID InheritedObjectType;
|
880
|
+
DWORD SidStart;
|
881
|
+
} SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
|
882
|
+
|
883
|
+
typedef struct _SYSTEM_ALARM_OBJECT_ACE {
|
884
|
+
ACE_HEADER Header;
|
885
|
+
ACCESS_MASK Mask;
|
886
|
+
DWORD Flags;
|
887
|
+
GUID ObjectType;
|
888
|
+
GUID InheritedObjectType;
|
889
|
+
DWORD SidStart;
|
890
|
+
} SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
|
891
|
+
|
892
|
+
|
893
|
+
|
894
|
+
typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
|
895
|
+
ACE_HEADER Header;
|
896
|
+
ACCESS_MASK Mask;
|
897
|
+
DWORD SidStart;
|
898
|
+
} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
|
899
|
+
|
900
|
+
typedef struct _ACCESS_DENIED_CALLBACK_ACE {
|
901
|
+
ACE_HEADER Header;
|
902
|
+
ACCESS_MASK Mask;
|
903
|
+
DWORD SidStart;
|
904
|
+
} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
|
905
|
+
|
906
|
+
typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
|
907
|
+
ACE_HEADER Header;
|
908
|
+
ACCESS_MASK Mask;
|
909
|
+
DWORD SidStart;
|
910
|
+
} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
|
911
|
+
|
912
|
+
typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
|
913
|
+
ACE_HEADER Header;
|
914
|
+
ACCESS_MASK Mask;
|
915
|
+
DWORD SidStart;
|
916
|
+
} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
|
917
|
+
|
918
|
+
typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
|
919
|
+
ACE_HEADER Header;
|
920
|
+
ACCESS_MASK Mask;
|
921
|
+
DWORD Flags;
|
922
|
+
GUID ObjectType;
|
923
|
+
GUID InheritedObjectType;
|
924
|
+
DWORD SidStart;
|
925
|
+
} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
|
926
|
+
|
927
|
+
typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
|
928
|
+
ACE_HEADER Header;
|
929
|
+
ACCESS_MASK Mask;
|
930
|
+
DWORD Flags;
|
931
|
+
GUID ObjectType;
|
932
|
+
GUID InheritedObjectType;
|
933
|
+
DWORD SidStart;
|
934
|
+
} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
|
935
|
+
|
936
|
+
typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
|
937
|
+
ACE_HEADER Header;
|
938
|
+
ACCESS_MASK Mask;
|
939
|
+
DWORD Flags;
|
940
|
+
GUID ObjectType;
|
941
|
+
GUID InheritedObjectType;
|
942
|
+
DWORD SidStart;
|
943
|
+
} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
|
944
|
+
|
945
|
+
typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
|
946
|
+
ACE_HEADER Header;
|
947
|
+
ACCESS_MASK Mask;
|
948
|
+
DWORD Flags;
|
949
|
+
GUID ObjectType;
|
950
|
+
GUID InheritedObjectType;
|
951
|
+
DWORD SidStart;
|
952
|
+
} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
|
953
|
+
|
954
|
+
|
955
|
+
#define ACE_OBJECT_TYPE_PRESENT 0x1
|
956
|
+
#define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
|
957
|
+
|
958
|
+
|
959
|
+
|
960
|
+
typedef enum _ACL_INFORMATION_CLASS {
|
961
|
+
AclRevisionInformation = 1,
|
962
|
+
AclSizeInformation
|
963
|
+
} ACL_INFORMATION_CLASS;
|
964
|
+
|
965
|
+
|
966
|
+
typedef struct _ACL_REVISION_INFORMATION {
|
967
|
+
DWORD AclRevision;
|
968
|
+
} ACL_REVISION_INFORMATION;
|
969
|
+
typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
|
970
|
+
|
971
|
+
|
972
|
+
typedef struct _ACL_SIZE_INFORMATION {
|
973
|
+
DWORD AceCount;
|
974
|
+
DWORD AclBytesInUse;
|
975
|
+
DWORD AclBytesFree;
|
976
|
+
} ACL_SIZE_INFORMATION;
|
977
|
+
typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
|
978
|
+
|
979
|
+
|
980
|
+
#define SECURITY_DESCRIPTOR_REVISION (1)
|
981
|
+
#define SECURITY_DESCRIPTOR_REVISION1 (1)
|
982
|
+
|
983
|
+
#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
|
984
|
+
|
985
|
+
|
986
|
+
typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
|
987
|
+
|
988
|
+
#define SE_OWNER_DEFAULTED (0x0001)
|
989
|
+
#define SE_GROUP_DEFAULTED (0x0002)
|
990
|
+
#define SE_DACL_PRESENT (0x0004)
|
991
|
+
#define SE_DACL_DEFAULTED (0x0008)
|
992
|
+
#define SE_SACL_PRESENT (0x0010)
|
993
|
+
#define SE_SACL_DEFAULTED (0x0020)
|
994
|
+
#define SE_DACL_AUTO_INHERIT_REQ (0x0100)
|
995
|
+
#define SE_SACL_AUTO_INHERIT_REQ (0x0200)
|
996
|
+
#define SE_DACL_AUTO_INHERITED (0x0400)
|
997
|
+
#define SE_SACL_AUTO_INHERITED (0x0800)
|
998
|
+
#define SE_DACL_PROTECTED (0x1000)
|
999
|
+
#define SE_SACL_PROTECTED (0x2000)
|
1000
|
+
#define SE_RM_CONTROL_VALID (0x4000)
|
1001
|
+
#define SE_SELF_RELATIVE (0x8000)
|
1002
|
+
|
1003
|
+
|
1004
|
+
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
|
1005
|
+
BYTE Revision;
|
1006
|
+
BYTE Sbz1;
|
1007
|
+
SECURITY_DESCRIPTOR_CONTROL Control;
|
1008
|
+
DWORD Owner;
|
1009
|
+
DWORD Group;
|
1010
|
+
DWORD Sacl;
|
1011
|
+
DWORD Dacl;
|
1012
|
+
} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
|
1013
|
+
|
1014
|
+
typedef struct _SECURITY_DESCRIPTOR {
|
1015
|
+
BYTE Revision;
|
1016
|
+
BYTE Sbz1;
|
1017
|
+
SECURITY_DESCRIPTOR_CONTROL Control;
|
1018
|
+
PSID Owner;
|
1019
|
+
PSID Group;
|
1020
|
+
PACL Sacl;
|
1021
|
+
PACL Dacl;
|
1022
|
+
|
1023
|
+
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
|
1024
|
+
|
1025
|
+
|
1026
|
+
typedef struct _SECURITY_OBJECT_AI_PARAMS {
|
1027
|
+
DWORD Size;
|
1028
|
+
DWORD ConstraintMask;
|
1029
|
+
} SECURITY_OBJECT_AI_PARAMS, *PSECURITY_OBJECT_AI_PARAMS;
|
1030
|
+
|
1031
|
+
|
1032
|
+
typedef union _LARGE_INTEGER {
|
1033
|
+
struct {
|
1034
|
+
DWORD LowPart;
|
1035
|
+
LONG HighPart;
|
1036
|
+
} DUMMYSTRUCTNAME;
|
1037
|
+
struct {
|
1038
|
+
DWORD LowPart;
|
1039
|
+
LONG HighPart;
|
1040
|
+
} u;
|
1041
|
+
LONGLONG QuadPart;
|
1042
|
+
} LARGE_INTEGER;
|
1043
|
+
|
1044
|
+
typedef LARGE_INTEGER *PLARGE_INTEGER;
|
1045
|
+
|
1046
|
+
typedef union _ULARGE_INTEGER {
|
1047
|
+
struct {
|
1048
|
+
DWORD LowPart;
|
1049
|
+
DWORD HighPart;
|
1050
|
+
} DUMMYSTRUCTNAME;
|
1051
|
+
struct {
|
1052
|
+
DWORD LowPart;
|
1053
|
+
DWORD HighPart;
|
1054
|
+
} u;
|
1055
|
+
ULONGLONG QuadPart;
|
1056
|
+
} ULARGE_INTEGER;
|
1057
|
+
|
1058
|
+
typedef ULARGE_INTEGER *PULARGE_INTEGER;
|
1059
|
+
|