summaryrefslogtreecommitdiffstats
path: root/third_party/rust/ntapi/src/ntseapi.rs
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/rust/ntapi/src/ntseapi.rs')
-rw-r--r--third_party/rust/ntapi/src/ntseapi.rs439
1 files changed, 439 insertions, 0 deletions
diff --git a/third_party/rust/ntapi/src/ntseapi.rs b/third_party/rust/ntapi/src/ntseapi.rs
new file mode 100644
index 0000000000..4cac9f4f81
--- /dev/null
+++ b/third_party/rust/ntapi/src/ntseapi.rs
@@ -0,0 +1,439 @@
+use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64};
+use winapi::shared::ntdef::{
+ BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS,
+ POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT,
+};
+use winapi::um::winnt::{
+ ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST,
+ PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
+ PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
+ PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL,
+ TOKEN_INFORMATION_CLASS, TOKEN_TYPE,
+};
+pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2;
+pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2;
+pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3;
+pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4;
+pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5;
+pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6;
+pub const SE_TCB_PRIVILEGE: LONG = 7;
+pub const SE_SECURITY_PRIVILEGE: LONG = 8;
+pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9;
+pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10;
+pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11;
+pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12;
+pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13;
+pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14;
+pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15;
+pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16;
+pub const SE_BACKUP_PRIVILEGE: LONG = 17;
+pub const SE_RESTORE_PRIVILEGE: LONG = 18;
+pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19;
+pub const SE_DEBUG_PRIVILEGE: LONG = 20;
+pub const SE_AUDIT_PRIVILEGE: LONG = 21;
+pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22;
+pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23;
+pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24;
+pub const SE_UNDOCK_PRIVILEGE: LONG = 25;
+pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26;
+pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27;
+pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28;
+pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29;
+pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30;
+pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31;
+pub const SE_RELABEL_PRIVILEGE: LONG = 32;
+pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33;
+pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34;
+pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35;
+pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36;
+pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06;
+pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10;
+pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002;
+pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008;
+pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010;
+pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020;
+pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040;
+pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE
+ | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
+ | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED
+ | TOKEN_SECURITY_ATTRIBUTE_MANDATORY;
+pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE {
+ Version: ULONG64,
+ Name: UNICODE_STRING,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
+ pValue: PVOID,
+ ValueLength: ULONG,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE =
+ *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
+UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values {
+ pInt64: PLONG64,
+ pUint64: PULONG64,
+ pString: PUNICODE_STRING,
+ pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE,
+ pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
+}}
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 {
+ Name: UNICODE_STRING,
+ ValueType: USHORT,
+ Reserved: USHORT,
+ Flags: ULONG,
+ ValueCount: ULONG,
+ Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1;
+pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT =
+ TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1;
+STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION {
+ Version: USHORT,
+ Reserved: USHORT,
+ AttributeCount: ULONG,
+ pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1,
+}}
+pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION;
+STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL {
+ TrustLevelSid: PSID,
+}}
+pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL;
+EXTERN!{extern "system" {
+ fn NtCreateToken(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn NtCreateLowBoxToken(
+ TokenHandle: PHANDLE,
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ PackageSid: PSID,
+ CapabilityCount: ULONG,
+ Capabilities: PSID_AND_ATTRIBUTES,
+ HandleCount: ULONG,
+ Handles: *mut HANDLE,
+ ) -> NTSTATUS;
+ fn NtCreateTokenEx(
+ TokenHandle: PHANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ TokenType: TOKEN_TYPE,
+ AuthenticationId: PLUID,
+ ExpirationTime: PLARGE_INTEGER,
+ User: PTOKEN_USER,
+ Groups: PTOKEN_GROUPS,
+ Privileges: PTOKEN_PRIVILEGES,
+ UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroups: PTOKEN_GROUPS,
+ TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
+ Owner: PTOKEN_OWNER,
+ PrimaryGroup: PTOKEN_PRIMARY_GROUP,
+ DefaultDacl: PTOKEN_DEFAULT_DACL,
+ TokenSource: PTOKEN_SOURCE,
+ ) -> NTSTATUS;
+ fn NtOpenProcessToken(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenProcessTokenEx(
+ ProcessHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenThreadToken(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtOpenThreadTokenEx(
+ ThreadHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ OpenAsSelf: BOOLEAN,
+ HandleAttributes: ULONG,
+ TokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtDuplicateToken(
+ ExistingTokenHandle: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectAttributes: POBJECT_ATTRIBUTES,
+ EffectiveOnly: BOOLEAN,
+ TokenType: TOKEN_TYPE,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtQueryInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtSetInformationToken(
+ TokenHandle: HANDLE,
+ TokenInformationClass: TOKEN_INFORMATION_CLASS,
+ TokenInformation: PVOID,
+ TokenInformationLength: ULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustPrivilegesToken(
+ TokenHandle: HANDLE,
+ DisableAllPrivileges: BOOLEAN,
+ NewState: PTOKEN_PRIVILEGES,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_PRIVILEGES,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustGroupsToken(
+ TokenHandle: HANDLE,
+ ResetToDefault: BOOLEAN,
+ NewState: PTOKEN_GROUPS,
+ BufferLength: ULONG,
+ PreviousState: PTOKEN_GROUPS,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAdjustTokenClaimsAndDeviceGroups(
+ TokenHandle: HANDLE,
+ UserResetToDefault: BOOLEAN,
+ DeviceResetToDefault: BOOLEAN,
+ DeviceGroupsResetToDefault: BOOLEAN,
+ NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ NewDeviceGroupsState: PTOKEN_GROUPS,
+ UserBufferLength: ULONG,
+ PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceBufferLength: ULONG,
+ PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ DeviceGroupsBufferLength: ULONG,
+ PreviousDeviceGroups: PTOKEN_GROUPS,
+ UserReturnLength: PULONG,
+ DeviceReturnLength: PULONG,
+ DeviceGroupsReturnBufferLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtFilterToken(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtFilterTokenEx(
+ ExistingTokenHandle: HANDLE,
+ Flags: ULONG,
+ SidsToDisable: PTOKEN_GROUPS,
+ PrivilegesToDelete: PTOKEN_PRIVILEGES,
+ RestrictedSids: PTOKEN_GROUPS,
+ DisableUserClaimsCount: ULONG,
+ UserClaimsToDisable: PUNICODE_STRING,
+ DisableDeviceClaimsCount: ULONG,
+ DeviceClaimsToDisable: PUNICODE_STRING,
+ DeviceGroupsToDisable: PTOKEN_GROUPS,
+ RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
+ RestrictedDeviceGroups: PTOKEN_GROUPS,
+ NewTokenHandle: PHANDLE,
+ ) -> NTSTATUS;
+ fn NtCompareTokens(
+ FirstTokenHandle: HANDLE,
+ SecondTokenHandle: HANDLE,
+ Equal: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegeCheck(
+ ClientToken: HANDLE,
+ RequiredPrivileges: PPRIVILEGE_SET,
+ Result: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtImpersonateAnonymousToken(
+ ThreadHandle: HANDLE,
+ ) -> NTSTATUS;
+ fn NtQuerySecurityAttributesToken(
+ TokenHandle: HANDLE,
+ Attributes: PUNICODE_STRING,
+ NumberOfAttributes: ULONG,
+ Buffer: PVOID,
+ Length: ULONG,
+ ReturnLength: PULONG,
+ ) -> NTSTATUS;
+ fn NtAccessCheck(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByType(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultList(
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ PrivilegeSet: PPRIVILEGE_SET,
+ PrivilegeSetLength: PULONG,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ ) -> NTSTATUS;
+ fn NtSetCachedSigningLevel(
+ Flags: ULONG,
+ InputSigningLevel: SE_SIGNING_LEVEL,
+ SourceFiles: PHANDLE,
+ SourceFileCount: ULONG,
+ TargetFile: HANDLE,
+ ) -> NTSTATUS;
+ fn NtGetCachedSigningLevel(
+ File: HANDLE,
+ Flags: PULONG,
+ SigningLevel: PSE_SIGNING_LEVEL,
+ Thumbprint: PUCHAR,
+ ThumbprintSize: PULONG,
+ ThumbprintAlgorithm: PULONG,
+ ) -> NTSTATUS;
+ fn NtAccessCheckAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ DesiredAccess: ACCESS_MASK,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultListAndAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ PrincipalSelfSid: PSID,
+ DesiredAccess: ACCESS_MASK,
+ AuditType: AUDIT_EVENT_TYPE,
+ Flags: ULONG,
+ ObjectTypeList: POBJECT_TYPE_LIST,
+ ObjectTypeListLength: ULONG,
+ GenericMapping: PGENERIC_MAPPING,
+ ObjectCreation: BOOLEAN,
+ GrantedAccess: PACCESS_MASK,
+ AccessStatus: PNTSTATUS,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtOpenObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ObjectTypeName: PUNICODE_STRING,
+ ObjectName: PUNICODE_STRING,
+ SecurityDescriptor: PSECURITY_DESCRIPTOR,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ GrantedAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ ObjectCreation: BOOLEAN,
+ AccessGranted: BOOLEAN,
+ GenerateOnClose: PBOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegeObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ ClientToken: HANDLE,
+ DesiredAccess: ACCESS_MASK,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtCloseObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtDeleteObjectAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ HandleId: PVOID,
+ GenerateOnClose: BOOLEAN,
+ ) -> NTSTATUS;
+ fn NtPrivilegedServiceAuditAlarm(
+ SubsystemName: PUNICODE_STRING,
+ ServiceName: PUNICODE_STRING,
+ ClientToken: HANDLE,
+ Privileges: PPRIVILEGE_SET,
+ AccessGranted: BOOLEAN,
+ ) -> NTSTATUS;
+}}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 19:21:42 +0000