📄 audit.c
字号:
{
UNICODE_STRING SubsystemNameU;
UNICODE_STRING ObjectTypeNameU;
UNICODE_STRING ObjectNameU;
NTSTATUS Status;
RtlInitUnicodeString (&SubsystemNameU,
(PWSTR)SubsystemName);
RtlInitUnicodeString (&ObjectTypeNameU,
(PWSTR)ObjectTypeName);
RtlInitUnicodeString (&ObjectNameU,
(PWSTR)ObjectName);
Status = NtOpenObjectAuditAlarm (&SubsystemNameU,
HandleId,
&ObjectTypeNameU,
&ObjectNameU,
pSecurityDescriptor,
ClientToken,
DesiredAccess,
GrantedAccess,
Privileges,
ObjectCreation,
AccessGranted,
(PBOOLEAN)GenerateOnClose);
if (!NT_SUCCESS (Status))
{
SetLastError (RtlNtStatusToDosError (Status));
return FALSE;
}
return TRUE;
}
/*
* @implemented
*/
BOOL STDCALL
ObjectPrivilegeAuditAlarmA (LPCSTR SubsystemName,
LPVOID HandleId,
HANDLE ClientToken,
DWORD DesiredAccess,
PPRIVILEGE_SET Privileges,
BOOL AccessGranted)
{
UNICODE_STRING SubsystemNameU;
NTSTATUS Status;
RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
(PCHAR)SubsystemName);
Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
HandleId,
ClientToken,
DesiredAccess,
Privileges,
AccessGranted);
RtlFreeUnicodeString (&SubsystemNameU);
if (!NT_SUCCESS (Status))
{
SetLastError (RtlNtStatusToDosError (Status));
return FALSE;
}
return TRUE;
}
/*
* @implemented
*/
BOOL STDCALL
ObjectPrivilegeAuditAlarmW (LPCWSTR SubsystemName,
LPVOID HandleId,
HANDLE ClientToken,
DWORD DesiredAccess,
PPRIVILEGE_SET Privileges,
BOOL AccessGranted)
{
UNICODE_STRING SubsystemNameU;
NTSTATUS Status;
RtlInitUnicodeString (&SubsystemNameU,
(PWSTR)SubsystemName);
Status = NtPrivilegeObjectAuditAlarm (&SubsystemNameU,
HandleId,
ClientToken,
DesiredAccess,
Privileges,
AccessGranted);
if (!NT_SUCCESS (Status))
{
SetLastError (RtlNtStatusToDosError (Status));
return FALSE;
}
return TRUE;
}
/*
* @implemented
*/
BOOL STDCALL
PrivilegedServiceAuditAlarmA (LPCSTR SubsystemName,
LPCSTR ServiceName,
HANDLE ClientToken,
PPRIVILEGE_SET Privileges,
BOOL AccessGranted)
{
UNICODE_STRING SubsystemNameU;
UNICODE_STRING ServiceNameU;
NTSTATUS Status;
RtlCreateUnicodeStringFromAsciiz (&SubsystemNameU,
(PCHAR)SubsystemName);
RtlCreateUnicodeStringFromAsciiz (&ServiceNameU,
(PCHAR)ServiceName);
Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
&ServiceNameU,
ClientToken,
Privileges,
AccessGranted);
RtlFreeUnicodeString (&SubsystemNameU);
RtlFreeUnicodeString (&ServiceNameU);
if (!NT_SUCCESS (Status))
{
SetLastError (RtlNtStatusToDosError (Status));
return FALSE;
}
return TRUE;
}
/*
* @implemented
*/
BOOL STDCALL
PrivilegedServiceAuditAlarmW (LPCWSTR SubsystemName,
LPCWSTR ServiceName,
HANDLE ClientToken,
PPRIVILEGE_SET Privileges,
BOOL AccessGranted)
{
UNICODE_STRING SubsystemNameU;
UNICODE_STRING ServiceNameU;
NTSTATUS Status;
RtlInitUnicodeString (&SubsystemNameU,
(PWSTR)SubsystemName);
RtlInitUnicodeString (&ServiceNameU,
(PWSTR)ServiceName);
Status = NtPrivilegedServiceAuditAlarm (&SubsystemNameU,
&ServiceNameU,
ClientToken,
Privileges,
AccessGranted);
if (!NT_SUCCESS (Status))
{
SetLastError (RtlNtStatusToDosError (Status));
return FALSE;
}
return TRUE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeResultListAndAuditAlarmByHandleW(IN LPCWSTR SubsystemName,
IN LPVOID HandleId,
IN HANDLE ClientToken,
IN LPCWSTR ObjectTypeName,
IN LPCWSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPDWORD AccessStatusList,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeResultListAndAuditAlarmByHandleA(IN LPCSTR SubsystemName,
IN LPVOID HandleId,
IN HANDLE ClientToken,
IN LPCSTR ObjectTypeName,
IN LPCSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPDWORD AccessStatusList,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeResultListAndAuditAlarmW(IN LPCWSTR SubsystemName,
IN LPVOID HandleId,
IN LPCWSTR ObjectTypeName,
IN LPCWSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPDWORD AccessStatusList,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeResultListAndAuditAlarmA(IN LPCSTR SubsystemName,
IN LPVOID HandleId,
IN LPCSTR ObjectTypeName,
IN LPCSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPDWORD AccessStatusList,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeAndAuditAlarmW(IN LPCWSTR SubsystemName,
IN LPVOID HandleId,
IN LPCWSTR ObjectTypeName,
IN LPCWSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPBOOL AccessStatus,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/*
* @unimplemented
*/
BOOL STDCALL
AccessCheckByTypeAndAuditAlarmA(IN LPCSTR SubsystemName,
IN LPVOID HandleId,
IN LPCSTR ObjectTypeName,
IN LPCSTR ObjectName,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSID PrincipalSelfSid,
IN DWORD DesiredAccess,
IN AUDIT_EVENT_TYPE AuditType,
IN DWORD Flags,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN DWORD ObjectTypeListLength,
IN PGENERIC_MAPPING GenericMapping,
IN BOOL ObjectCreation,
OUT LPDWORD GrantedAccess,
OUT LPBOOL AccessStatus,
OUT LPBOOL pfGenerateOnClose)
{
DPRINT1("%s() not implemented!\n", __FUNCTION__);
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
return FALSE;
}
/* EOF */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -