1 files changed, 145 insertions, 0 deletions
diff --git a/token.h b/token.h
new file mode 100644
index 0000000..732ff56
--- /dev/null
+++ b/token.h
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              token.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by token hooking routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 25-Mar-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __TOKEN_H__
+#define __TOKEN_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "pathproc.h"
+#include "hookproc.h"
+#include "procname.h"
+#include "learn.h"
+#include "log.h"
+/*
+ZwAdjustGroupsToken
+ZwCreateToken
+ZwOpenProcessToken
+ZwOpenProcessTokenEx
+ZwOpenThreadToken
+ZwOpenThreadTokenEx
+*/
+typedef struct _TOKEN_PRIVILEGES {
+    DWORD PrivilegeCount;
+    LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
+} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
+/*
+ * ZwAdjustPrivilegesToken adjusts the attributes of the privileges in a token. [NAR]
+ */
+typedef NTSTATUS (*fpZwAdjustPrivilegesToken) (
+        IN HANDLE TokenHandle,
+        IN BOOLEAN DisableAllPrivileges,
+        IN PTOKEN_PRIVILEGES NewState,
+        IN ULONG BufferLength,
+        OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+        OUT PULONG ReturnLength
+        );
+NTSTATUS
+NTAPI
+HookedNtAdjustPrivilegesToken(
+        IN HANDLE TokenHandle,
+        IN BOOLEAN DisableAllPrivileges,
+        IN PTOKEN_PRIVILEGES NewState,
+        IN ULONG BufferLength,
+        OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
+        OUT PULONG ReturnLength
+        );
+/*
+ * ZwSetInformationToken sets information affecting a token object. [NAR]
+ */
+typedef NTSTATUS (*fpZwSetInformationToken) (
+        IN HANDLE TokenHandle,
+        IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+        IN PVOID TokenInformation,
+        IN ULONG TokenInformationLength
+        );
+NTSTATUS
+NTAPI
+HookedNtSetInformationToken(
+        IN HANDLE TokenHandle,
+        IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+        IN PVOID TokenInformation,
+        IN ULONG TokenInformationLength
+        );
+/*
+ * ZwOpenProcessToken opens the token of a process. [NAR]
+ */
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenProcessToken(
+        IN HANDLE ProcessHandle,
+        IN ACCESS_MASK DesiredAccess,
+        OUT PHANDLE TokenHandle
+        );
+/*
+ * ZwOpenThreadToken opens the token of a thread. [NAR]
+ */
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwOpenThreadToken(
+        IN HANDLE ThreadHandle,
+        IN ACCESS_MASK DesiredAccess,
+        IN BOOLEAN OpenAsSelf,
+        OUT PHANDLE TokenHandle
+        );
+/*
+ * ZwQueryInformationToken retrieves information about a token object. [NAR]
+ */
+NTSYSAPI
+NTSTATUS
+NTAPI
+ZwQueryInformationToken(
+        IN HANDLE TokenHandle,
+        IN TOKEN_INFORMATION_CLASS TokenInformationClass,
+        OUT PVOID TokenInformation,
+        IN ULONG TokenInformationLength,
+        OUT PULONG ReturnLength
+        );
+BOOLEAN InitTokenHooks();
+#endif  /* __TOKEN_H__ */

diff --git a/token.h b/token.h new file mode 100644 index 0000000..732ff56 --- /dev/null +++ b/token.h
@@ -0,0 +1,145 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* token.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by token hooking routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 25-Mar-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21
	22	#ifndef __TOKEN_H__
	23	#define __TOKEN_H__
	24
	25
	26	#include <NTDDK.h>
	27	#include "policy.h"
	28	#include "pathproc.h"
	29	#include "hookproc.h"
	30	#include "procname.h"
	31	#include "learn.h"
	32	#include "log.h"
	33
	34
	35	/*
	36	ZwAdjustGroupsToken
	37	ZwCreateToken
	38	ZwOpenProcessToken
	39	ZwOpenProcessTokenEx
	40	ZwOpenThreadToken
	41	ZwOpenThreadTokenEx
	42	*/
	43
	44
	45	typedef struct _TOKEN_PRIVILEGES {
	46	DWORD PrivilegeCount;
	47	LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
	48	} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
	49
	50
	51	/*
	52	* ZwAdjustPrivilegesToken adjusts the attributes of the privileges in a token. [NAR]
	53	*/
	54
	55	typedef NTSTATUS (*fpZwAdjustPrivilegesToken) (
	56	IN HANDLE TokenHandle,
	57	IN BOOLEAN DisableAllPrivileges,
	58	IN PTOKEN_PRIVILEGES NewState,
	59	IN ULONG BufferLength,
	60	OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
	61	OUT PULONG ReturnLength
	62	);
	63
	64	NTSTATUS
	65	NTAPI
	66	HookedNtAdjustPrivilegesToken(
	67	IN HANDLE TokenHandle,
	68	IN BOOLEAN DisableAllPrivileges,
	69	IN PTOKEN_PRIVILEGES NewState,
	70	IN ULONG BufferLength,
	71	OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL,
	72	OUT PULONG ReturnLength
	73	);
	74
	75
	76	/*
	77	* ZwSetInformationToken sets information affecting a token object. [NAR]
	78	*/
	79
	80	typedef NTSTATUS (*fpZwSetInformationToken) (
	81	IN HANDLE TokenHandle,
	82	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
	83	IN PVOID TokenInformation,
	84	IN ULONG TokenInformationLength
	85	);
	86
	87	NTSTATUS
	88	NTAPI
	89	HookedNtSetInformationToken(
	90	IN HANDLE TokenHandle,
	91	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
	92	IN PVOID TokenInformation,
	93	IN ULONG TokenInformationLength
	94	);
	95
	96
	97	/*
	98	* ZwOpenProcessToken opens the token of a process. [NAR]
	99	*/
	100
	101	NTSYSAPI
	102	NTSTATUS
	103	NTAPI
	104	ZwOpenProcessToken(
	105	IN HANDLE ProcessHandle,
	106	IN ACCESS_MASK DesiredAccess,
	107	OUT PHANDLE TokenHandle
	108	);
	109
	110
	111	/*
	112	* ZwOpenThreadToken opens the token of a thread. [NAR]
	113	*/
	114
	115	NTSYSAPI
	116	NTSTATUS
	117	NTAPI
	118	ZwOpenThreadToken(
	119	IN HANDLE ThreadHandle,
	120	IN ACCESS_MASK DesiredAccess,
	121	IN BOOLEAN OpenAsSelf,
	122	OUT PHANDLE TokenHandle
	123	);
	124
	125
	126	/*
	127	* ZwQueryInformationToken retrieves information about a token object. [NAR]
	128	*/
	129
	130	NTSYSAPI
	131	NTSTATUS
	132	NTAPI
	133	ZwQueryInformationToken(
	134	IN HANDLE TokenHandle,
	135	IN TOKEN_INFORMATION_CLASS TokenInformationClass,
	136	OUT PVOID TokenInformation,
	137	IN ULONG TokenInformationLength,
	138	OUT PULONG ReturnLength
	139	);
	140
	141
	142	BOOLEAN InitTokenHooks();
	143
	144
	145	#endif /* __TOKEN_H__ */