From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001 From: tumagonx Date: Tue, 8 Aug 2017 10:54:53 +0700 Subject: initial commit --- token.h | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 token.h (limited to 'token.h') diff --git a/token.h b/token.h new file mode 100644 index 0000000..732ff56 --- /dev/null +++ b/token.h @@ -0,0 +1,145 @@ +/* + * Copyright (c) 2004 Security Architects Corporation. All rights reserved. + * + * Module Name: + * + * token.h + * + * Abstract: + * + * This module defines various types used by token hooking routines. + * + * Author: + * + * Eugene Tsyrklevich 25-Mar-2004 + * + * Revision History: + * + * None. + */ + + +#ifndef __TOKEN_H__ +#define __TOKEN_H__ + + +#include +#include "policy.h" +#include "pathproc.h" +#include "hookproc.h" +#include "procname.h" +#include "learn.h" +#include "log.h" + + +/* +ZwAdjustGroupsToken +ZwCreateToken +ZwOpenProcessToken +ZwOpenProcessTokenEx +ZwOpenThreadToken +ZwOpenThreadTokenEx +*/ + + +typedef struct _TOKEN_PRIVILEGES { + DWORD PrivilegeCount; + LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; +} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; + + +/* + * ZwAdjustPrivilegesToken adjusts the attributes of the privileges in a token. [NAR] + */ + +typedef NTSTATUS (*fpZwAdjustPrivilegesToken) ( + IN HANDLE TokenHandle, + IN BOOLEAN DisableAllPrivileges, + IN PTOKEN_PRIVILEGES NewState, + IN ULONG BufferLength, + OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, + OUT PULONG ReturnLength + ); + +NTSTATUS +NTAPI +HookedNtAdjustPrivilegesToken( + IN HANDLE TokenHandle, + IN BOOLEAN DisableAllPrivileges, + IN PTOKEN_PRIVILEGES NewState, + IN ULONG BufferLength, + OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, + OUT PULONG ReturnLength + ); + + +/* + * ZwSetInformationToken sets information affecting a token object. [NAR] + */ + +typedef NTSTATUS (*fpZwSetInformationToken) ( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + IN PVOID TokenInformation, + IN ULONG TokenInformationLength + ); + +NTSTATUS +NTAPI +HookedNtSetInformationToken( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + IN PVOID TokenInformation, + IN ULONG TokenInformationLength + ); + + +/* + * ZwOpenProcessToken opens the token of a process. [NAR] + */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenProcessToken( + IN HANDLE ProcessHandle, + IN ACCESS_MASK DesiredAccess, + OUT PHANDLE TokenHandle + ); + + +/* + * ZwOpenThreadToken opens the token of a thread. [NAR] + */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwOpenThreadToken( + IN HANDLE ThreadHandle, + IN ACCESS_MASK DesiredAccess, + IN BOOLEAN OpenAsSelf, + OUT PHANDLE TokenHandle + ); + + +/* + * ZwQueryInformationToken retrieves information about a token object. [NAR] + */ + +NTSYSAPI +NTSTATUS +NTAPI +ZwQueryInformationToken( + IN HANDLE TokenHandle, + IN TOKEN_INFORMATION_CLASS TokenInformationClass, + OUT PVOID TokenInformation, + IN ULONG TokenInformationLength, + OUT PULONG ReturnLength + ); + + +BOOLEAN InitTokenHooks(); + + +#endif /* __TOKEN_H__ */ -- cgit v1.3