From 2acec63b2ed75bf4b71ad257db573c4b8f9639e7 Mon Sep 17 00:00:00 2001
From: tumagonx
Date: Tue, 8 Aug 2017 10:54:53 +0700
Subject: initial commit

---
 userland.h | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 userland.h

(limited to 'userland.h')

diff --git a/userland.h b/userland.h
new file mode 100644
index 0000000..03764fb
--- /dev/null
+++ b/userland.h
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *		userland.h
+ *
+ * Abstract:
+ *
+ *		This module defines various types used by userland interacting routines.
+ *
+ * Author:
+ *
+ *		Eugene Tsyrklevich 18-Apr-2004
+ *
+ * Revision History:
+ *
+ *		None.
+ */
+
+#ifndef __USERLAND_H__
+#define __USERLAND_H__
+
+
+#include <NTDDK.h>
+#include "policy.h"
+#include "misc.h"
+
+
+/* number of seconds to wait for userland agent to reply */
+#define	USERLAND_REQUEST_TIMEOUT		5
+
+
+#define	USERLAND_SID_RESOLVE_REQUEST	1
+#define	USERLAND_ASK_USER_REQUEST		2
+
+
+/*
+ * all userland requests start with the following header
+ */
+
+typedef struct _USERLAND_REQUEST_HEADER
+{
+	struct _USERLAND_REQUEST_HEADER	*Next;
+
+	USHORT						RequestType;
+	USHORT						RequestSize;
+	ULONG						ProcessId;
+	UCHAR						SeqId;				/* Sequence id, will roll over but that's fine */
+
+} USERLAND_REQUEST_HEADER, *PUSERLAND_REQUEST_HEADER;
+
+
+/* binary SID -> ASCII name resolve request */
+
+typedef struct _SID_RESOLVE_REQUEST
+{
+	USERLAND_REQUEST_HEADER		RequestHeader;
+	PSID_AND_ATTRIBUTES			PUserSidAndAttributes;
+
+} SID_RESOLVE_REQUEST, *PSID_RESOLVE_REQUEST;
+
+
+/* Ask user request */
+
+typedef struct _ASK_USER_REQUEST
+{
+	USERLAND_REQUEST_HEADER		RequestHeader;
+	RULE_TYPE					RuleType;
+	UCHAR						OperationType;
+	USHORT						ObjectNameLength;
+	USHORT						ProcessNameLength;
+
+	WCHAR						ObjectName[ANYSIZE_ARRAY];
+
+	/* ProcessName follows the zero-terminated ObjectName */
+//	WCHAR						ProcessName[ANYSIZE_ARRAY];
+
+} ASK_USER_REQUEST, *PASK_USER_REQUEST;
+
+
+
+/*
+ * all userland replies start with the following header
+ */
+
+typedef struct _USERLAND_REPLY_HEADER
+{
+	ULONG						ProcessId;
+	USHORT						ReplySize;
+	UCHAR						SeqId;				/* Sequence id, will roll over but that's fine */
+
+} USERLAND_REPLY_HEADER, *PUSERLAND_REPLY_HEADER;
+
+
+/* binary SID -> ASCII name resolve reply */
+
+typedef struct _SID_RESOLVE_REPLY
+{
+	USERLAND_REPLY_HEADER		ReplyHeader;
+	USHORT						UserNameLength;
+	WCHAR						UserName[ANYSIZE_ARRAY];
+
+} SID_RESOLVE_REPLY, *PSID_RESOLVE_REPLY;
+
+
+/* Ask user reply */
+
+typedef struct _ASK_USER_REPLY
+{
+	USERLAND_REPLY_HEADER		ReplyHeader;
+	ACTION_TYPE					Action;
+
+} ASK_USER_REPLY, *PASK_USER_REPLY;
+
+
+extern BOOLEAN						ActiveUserAgent;
+extern PUSERLAND_REQUEST_HEADER		UserlandRequestList;
+extern KSPIN_LOCK					gUserlandRequestListSpinLock;
+extern PKEVENT						UserlandRequestUserEvent;
+
+
+BOOLEAN	InitUserland();
+BOOLEAN	UserlandPostBootup();
+VOID	ShutdownUserland();
+
+typedef struct _IMAGE_PID_ENTRY *PIMAGE_PID_ENTRY;
+
+BOOLEAN	IssueUserlandSidResolveRequest(PIMAGE_PID_ENTRY Process);
+ACTION_TYPE	IssueUserlandAskUserRequest(RULE_TYPE RuleType, UCHAR OperationType, PCHAR ObjectName);
+
+
+#endif	/* __USERLAND_H__ */
\ No newline at end of file
-- 
cgit v1.3