use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64}; use winapi::shared::ntdef::{ BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS, POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT, }; use winapi::um::winnt::{ ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST, PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL, TOKEN_INFORMATION_CLASS, TOKEN_TYPE, }; pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2; pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2; pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3; pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4; pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5; pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6; pub const SE_TCB_PRIVILEGE: LONG = 7; pub const SE_SECURITY_PRIVILEGE: LONG = 8; pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9; pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10; pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11; pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12; pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13; pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14; pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15; pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16; pub const SE_BACKUP_PRIVILEGE: LONG = 17; pub const SE_RESTORE_PRIVILEGE: LONG = 18; pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19; pub const SE_DEBUG_PRIVILEGE: LONG = 20; pub const SE_AUDIT_PRIVILEGE: LONG = 21; pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22; pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23; pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24; pub const SE_UNDOCK_PRIVILEGE: LONG = 25; pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26; pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27; pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28; pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29; pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30; pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31; pub const SE_RELABEL_PRIVILEGE: LONG = 32; pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33; pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34; pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35; pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36; pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06; pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10; pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001; pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002; pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004; pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008; pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010; pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020; pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040; pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED | TOKEN_SECURITY_ATTRIBUTE_MANDATORY; pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { Version: ULONG64, Name: UNICODE_STRING, }} pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { pValue: PVOID, ValueLength: ULONG, }} pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values { pInt64: PLONG64, pUint64: PULONG64, pString: PUNICODE_STRING, pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, }} STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 { Name: UNICODE_STRING, ValueType: USHORT, Reserved: USHORT, Flags: ULONG, ValueCount: ULONG, Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values, }} pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1; pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1; pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT = TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION { Version: USHORT, Reserved: USHORT, AttributeCount: ULONG, pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, }} pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION; STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL { TrustLevelSid: PSID, }} pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL; EXTERN!{extern "system" { fn NtCreateToken( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn NtCreateLowBoxToken( TokenHandle: PHANDLE, ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, PackageSid: PSID, CapabilityCount: ULONG, Capabilities: PSID_AND_ATTRIBUTES, HandleCount: ULONG, Handles: *mut HANDLE, ) -> NTSTATUS; fn NtCreateTokenEx( TokenHandle: PHANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, TokenType: TOKEN_TYPE, AuthenticationId: PLUID, ExpirationTime: PLARGE_INTEGER, User: PTOKEN_USER, Groups: PTOKEN_GROUPS, Privileges: PTOKEN_PRIVILEGES, UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroups: PTOKEN_GROUPS, TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, Owner: PTOKEN_OWNER, PrimaryGroup: PTOKEN_PRIMARY_GROUP, DefaultDacl: PTOKEN_DEFAULT_DACL, TokenSource: PTOKEN_SOURCE, ) -> NTSTATUS; fn NtOpenProcessToken( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenProcessTokenEx( ProcessHandle: HANDLE, DesiredAccess: ACCESS_MASK, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenThreadToken( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtOpenThreadTokenEx( ThreadHandle: HANDLE, DesiredAccess: ACCESS_MASK, OpenAsSelf: BOOLEAN, HandleAttributes: ULONG, TokenHandle: PHANDLE, ) -> NTSTATUS; fn NtDuplicateToken( ExistingTokenHandle: HANDLE, DesiredAccess: ACCESS_MASK, ObjectAttributes: POBJECT_ATTRIBUTES, EffectiveOnly: BOOLEAN, TokenType: TOKEN_TYPE, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtQueryInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtSetInformationToken( TokenHandle: HANDLE, TokenInformationClass: TOKEN_INFORMATION_CLASS, TokenInformation: PVOID, TokenInformationLength: ULONG, ) -> NTSTATUS; fn NtAdjustPrivilegesToken( TokenHandle: HANDLE, DisableAllPrivileges: BOOLEAN, NewState: PTOKEN_PRIVILEGES, BufferLength: ULONG, PreviousState: PTOKEN_PRIVILEGES, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAdjustGroupsToken( TokenHandle: HANDLE, ResetToDefault: BOOLEAN, NewState: PTOKEN_GROUPS, BufferLength: ULONG, PreviousState: PTOKEN_GROUPS, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAdjustTokenClaimsAndDeviceGroups( TokenHandle: HANDLE, UserResetToDefault: BOOLEAN, DeviceResetToDefault: BOOLEAN, DeviceGroupsResetToDefault: BOOLEAN, NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, NewDeviceGroupsState: PTOKEN_GROUPS, UserBufferLength: ULONG, PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceBufferLength: ULONG, PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, DeviceGroupsBufferLength: ULONG, PreviousDeviceGroups: PTOKEN_GROUPS, UserReturnLength: PULONG, DeviceReturnLength: PULONG, DeviceGroupsReturnBufferLength: PULONG, ) -> NTSTATUS; fn NtFilterToken( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtFilterTokenEx( ExistingTokenHandle: HANDLE, Flags: ULONG, SidsToDisable: PTOKEN_GROUPS, PrivilegesToDelete: PTOKEN_PRIVILEGES, RestrictedSids: PTOKEN_GROUPS, DisableUserClaimsCount: ULONG, UserClaimsToDisable: PUNICODE_STRING, DisableDeviceClaimsCount: ULONG, DeviceClaimsToDisable: PUNICODE_STRING, DeviceGroupsToDisable: PTOKEN_GROUPS, RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, RestrictedDeviceGroups: PTOKEN_GROUPS, NewTokenHandle: PHANDLE, ) -> NTSTATUS; fn NtCompareTokens( FirstTokenHandle: HANDLE, SecondTokenHandle: HANDLE, Equal: PBOOLEAN, ) -> NTSTATUS; fn NtPrivilegeCheck( ClientToken: HANDLE, RequiredPrivileges: PPRIVILEGE_SET, Result: PBOOLEAN, ) -> NTSTATUS; fn NtImpersonateAnonymousToken( ThreadHandle: HANDLE, ) -> NTSTATUS; fn NtQuerySecurityAttributesToken( TokenHandle: HANDLE, Attributes: PUNICODE_STRING, NumberOfAttributes: ULONG, Buffer: PVOID, Length: ULONG, ReturnLength: PULONG, ) -> NTSTATUS; fn NtAccessCheck( SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtAccessCheckByType( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtAccessCheckByTypeResultList( SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, PrivilegeSet: PPRIVILEGE_SET, PrivilegeSetLength: PULONG, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, ) -> NTSTATUS; fn NtSetCachedSigningLevel( Flags: ULONG, InputSigningLevel: SE_SIGNING_LEVEL, SourceFiles: PHANDLE, SourceFileCount: ULONG, TargetFile: HANDLE, ) -> NTSTATUS; fn NtGetCachedSigningLevel( File: HANDLE, Flags: PULONG, SigningLevel: PSE_SIGNING_LEVEL, Thumbprint: PUCHAR, ThumbprintSize: PULONG, ThumbprintAlgorithm: PULONG, ) -> NTSTATUS; fn NtAccessCheckAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, DesiredAccess: ACCESS_MASK, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeResultListAndAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, PrincipalSelfSid: PSID, DesiredAccess: ACCESS_MASK, AuditType: AUDIT_EVENT_TYPE, Flags: ULONG, ObjectTypeList: POBJECT_TYPE_LIST, ObjectTypeListLength: ULONG, GenericMapping: PGENERIC_MAPPING, ObjectCreation: BOOLEAN, GrantedAccess: PACCESS_MASK, AccessStatus: PNTSTATUS, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtOpenObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ObjectTypeName: PUNICODE_STRING, ObjectName: PUNICODE_STRING, SecurityDescriptor: PSECURITY_DESCRIPTOR, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, GrantedAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, ObjectCreation: BOOLEAN, AccessGranted: BOOLEAN, GenerateOnClose: PBOOLEAN, ) -> NTSTATUS; fn NtPrivilegeObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, ClientToken: HANDLE, DesiredAccess: ACCESS_MASK, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; fn NtCloseObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn NtDeleteObjectAuditAlarm( SubsystemName: PUNICODE_STRING, HandleId: PVOID, GenerateOnClose: BOOLEAN, ) -> NTSTATUS; fn NtPrivilegedServiceAuditAlarm( SubsystemName: PUNICODE_STRING, ServiceName: PUNICODE_STRING, ClientToken: HANDLE, Privileges: PPRIVILEGE_SET, AccessGranted: BOOLEAN, ) -> NTSTATUS; }}