📄 jwawinsafer.pas
字号:
SaferObjectExtendedError); // get: DWORD dwError
{$EXTERNALSYM _SAFER_OBJECT_INFO_CLASS}
SAFER_OBJECT_INFO_CLASS = _SAFER_OBJECT_INFO_CLASS;
{$EXTERNALSYM SAFER_OBJECT_INFO_CLASS}
TSaferObjectInfoClass = SAFER_OBJECT_INFO_CLASS;
//
// Structures and enums used by the SaferGet/SetLevelInformation APIs.
//
// #include <pshpack8.h> todo
_SAFER_IDENTIFICATION_TYPES = (
SaferIdentityDefault,
SaferIdentityTypeImageName,
SaferIdentityTypeImageHash,
SaferIdentityTypeUrlZone,
SaferIdentityTypeCertificate);
{$EXTERNALSYM _SAFER_IDENTIFICATION_TYPES}
SAFER_IDENTIFICATION_TYPES = _SAFER_IDENTIFICATION_TYPES;
{$EXTERNALSYM SAFER_IDENTIFICATION_TYPES}
TSaferIdentificationTypes = SAFER_IDENTIFICATION_TYPES;
_SAFER_IDENTIFICATION_HEADER = record
//
// indicates the type of the structure, one of SaferIdentityType*
//
dwIdentificationType: SAFER_IDENTIFICATION_TYPES;
//
// size of the whole structure, not just the common header.
//
cbStructSize: DWORD;
//
// the unique GUID of the Identity in question.
//
IdentificationGuid: GUID;
//
// last change of this identification.
//
lastModified: FILETIME;
end;
{$EXTERNALSYM _SAFER_IDENTIFICATION_HEADER}
SAFER_IDENTIFICATION_HEADER = _SAFER_IDENTIFICATION_HEADER;
{$EXTERNALSYM SAFER_IDENTIFICATION_HEADER}
PSAFER_IDENTIFICATION_HEADER = ^SAFER_IDENTIFICATION_HEADER;
{$EXTERNALSYM PSAFER_IDENTIFICATION_HEADER}
TSaferIdentificationHeader = SAFER_IDENTIFICATION_HEADER;
PSaferIdentificationHeader = PSAFER_IDENTIFICATION_HEADER;
_SAFER_PATHNAME_IDENTIFICATION = record
//
// header.dwIdentificationType must be SaferIdentityTypeImageName
// header.cbStructSize must be sizeof(SAFER_PATHNAME_IDENTIFICATION)
//
header: SAFER_IDENTIFICATION_HEADER;
//
// user-entered description
//
Description: array [0..SAFER_MAX_DESCRIPTION_SIZE - 1] of WCHAR;
//
// filepath or name, possibly with vars
//
ImageName: PWCHAR;
//
// any combo of SAFER_POL_SAFERFLAGS_*
//
dwSaferFlags: DWORD;
end;
{$EXTERNALSYM _SAFER_PATHNAME_IDENTIFICATION}
SAFER_PATHNAME_IDENTIFICATION = _SAFER_PATHNAME_IDENTIFICATION;
{$EXTERNALSYM SAFER_PATHNAME_IDENTIFICATION}
PSAFER_PATHNAME_IDENTIFICATION = ^SAFER_PATHNAME_IDENTIFICATION;
{$EXTERNALSYM PSAFER_PATHNAME_IDENTIFICATION}
TSaferPathNameIdentification = SAFER_PATHNAME_IDENTIFICATION;
PSaferPathNameIdentification = PSAFER_PATHNAME_IDENTIFICATION;
_SAFER_HASH_IDENTIFICATION = record
//
// header.dwIdentificationType must be SaferIdentityTypeImageHash
// header.cbStructSize must be sizeof(SAFER_HASH_IDENTIFICATION)
//
header: SAFER_IDENTIFICATION_HEADER;
//
// user-entered friendly name, initially from file's resources.
//
Description: array [0..SAFER_MAX_DESCRIPTION_SIZE - 1] of WCHAR;
//
// user-entered description.
//
FriendlyName: array [0..SAFER_MAX_FRIENDLYNAME_SIZE - 1] of WCHAR;
//
// amount of ImageHash actually used, in bytes (MD5 is 16 bytes).
//
HashSize: DWORD;
//
// computed hash data itself.
//
ImageHash: array [0..SAFER_MAX_HASH_SIZE - 1] of BYTE;
//
// algorithm in which the hash was computed (CALG_MD5, etc).
//
HashAlgorithm: ALG_ID;
//
// size of the original file in bytes.
//
ImageSize: LARGE_INTEGER;
//
// any combo of SAFER_POL_SAFERFLAGS_*
//
dwSaferFlags: DWORD;
end;
{$EXTERNALSYM _SAFER_HASH_IDENTIFICATION}
SAFER_HASH_IDENTIFICATION = _SAFER_HASH_IDENTIFICATION;
{$EXTERNALSYM SAFER_HASH_IDENTIFICATION}
PSAFER_HASH_IDENTIFICATION = ^SAFER_HASH_IDENTIFICATION;
{$EXTERNALSYM PSAFER_HASH_IDENTIFICATION}
TSaferHashIdentification = SAFER_HASH_IDENTIFICATION;
PSaferHashIdentification = PSAFER_HASH_IDENTIFICATION;
_SAFER_URLZONE_IDENTIFICATION = record
//
// header.dwIdentificationType must be SaferIdentityTypeUrlZone
// header.cbStructSize must be sizeof(SAFER_URLZONE_IDENTIFICATION)
//
header: SAFER_IDENTIFICATION_HEADER;
//
// any single URLZONE_* from urlmon.h
//
UrlZoneId: DWORD;
//
// any combo of SAFER_POLICY_*
//
dwSaferFlags: DWORD;
end;
{$EXTERNALSYM _SAFER_URLZONE_IDENTIFICATION}
SAFER_URLZONE_IDENTIFICATION = _SAFER_URLZONE_IDENTIFICATION;
{$EXTERNALSYM SAFER_URLZONE_IDENTIFICATION}
PSAFER_URLZONE_IDENTIFICATION = ^SAFER_URLZONE_IDENTIFICATION;
{$EXTERNALSYM PSAFER_URLZONE_IDENTIFICATION}
TSaferUrlZoneIdentification = SAFER_URLZONE_IDENTIFICATION;
PSaferUrlZoneIdentification = PSAFER_URLZONE_IDENTIFICATION;
// #include <poppack.h>
//
// Functions related to querying and setting the global policy
// controls to disable transparent enforcement, and perform level
// enumeration operations.
//
function SaferGetPolicyInformation(dwScopeId: DWORD; SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS;
InfoBufferSize: DWORD; InfoBuffer: PVOID; var InfoBufferRetSize: DWORD; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferGetPolicyInformation}
function SaferSetPolicyInformation(dwScopeId: DWORD; SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS;
InfoBufferSize: DWORD; InfoBuffer: PVOID; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferSetPolicyInformation}
//
// Functions to open or close a handle to a Safer Level.
//
function SaferCreateLevel(dwScopeId, dwLevelId, OpenFlags: DWORD; pLevelHandle: PSAFER_LEVEL_HANDLE; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferCreateLevel}
function SaferCloseLevel(hLevelHandle: SAFER_LEVEL_HANDLE): BOOL; stdcall;
{$EXTERNALSYM SaferCloseLevel}
function SaferIdentifyLevel(dwNumProperties: DWORD; pCodeProperties: PSAFER_CODE_PROPERTIES;
var pLevelHandle: SAFER_LEVEL_HANDLE; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferIdentifyLevel}
function SaferComputeTokenFromLevel(LevelHandle: SAFER_LEVEL_HANDLE; InAccessToken: HANDLE; OutAccessToken: PHANDLE;
dwFlags: DWORD; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferComputeTokenFromLevel}
function SaferGetLevelInformation(LevelHandle: SAFER_LEVEL_HANDLE; dwInfoType: SAFER_OBJECT_INFO_CLASS;
lpQueryBuffer: LPVOID; dwInBufferSize: DWORD; var lpdwOutBufferSize: DWORD): BOOL; stdcall;
{$EXTERNALSYM SaferGetLevelInformation}
function SaferSetLevelInformation(LevelHandle: SAFER_LEVEL_HANDLE; dwInfoType: SAFER_OBJECT_INFO_CLASS;
lpQueryBuffer: LPVOID; dwInBufferSize: DWORD): BOOL; stdcall;
{$EXTERNALSYM SaferSetLevelInformation}
//
// This function performs logging of messages to the Application
// event log. This is called by the hooks within CreateProcess,
// ShellExecute and cmd when a lower trust evaluation result occurs.
//
function SaferRecordEventLogEntry(hLevel: SAFER_LEVEL_HANDLE; szTargetPath: LPCWSTR; lpReserved: LPVOID): BOOL; stdcall;
{$EXTERNALSYM SaferRecordEventLogEntry}
implementation
const
advapi32 = 'advapi32.dll';
{$IFDEF DYNAMIC_LINK}
var
_SaferGetPolicyInformation: Pointer;
function SaferGetPolicyInformation;
begin
GetProcedureAddress(_SaferGetPolicyInformation, advapi32, 'SaferGetPolicyInformation');
asm
mov esp, ebp
pop ebp
jmp [_SaferGetPolicyInformation]
end;
end;
{$ELSE}
function SaferGetPolicyInformation; external advapi32 name 'SaferGetPolicyInformation';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferSetPolicyInformation: Pointer;
function SaferSetPolicyInformation;
begin
GetProcedureAddress(_SaferSetPolicyInformation, advapi32, 'SaferSetPolicyInformation');
asm
mov esp, ebp
pop ebp
jmp [_SaferSetPolicyInformation]
end;
end;
{$ELSE}
function SaferSetPolicyInformation; external advapi32 name 'SaferSetPolicyInformation';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferCreateLevel: Pointer;
function SaferCreateLevel;
begin
GetProcedureAddress(_SaferCreateLevel, advapi32, 'SaferCreateLevel');
asm
mov esp, ebp
pop ebp
jmp [_SaferCreateLevel]
end;
end;
{$ELSE}
function SaferCreateLevel; external advapi32 name 'SaferCreateLevel';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferCloseLevel: Pointer;
function SaferCloseLevel;
begin
GetProcedureAddress(_SaferCloseLevel, advapi32, 'SaferCloseLevel');
asm
mov esp, ebp
pop ebp
jmp [_SaferCloseLevel]
end;
end;
{$ELSE}
function SaferCloseLevel; external advapi32 name 'SaferCloseLevel';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferIdentifyLevel: Pointer;
function SaferIdentifyLevel;
begin
GetProcedureAddress(_SaferIdentifyLevel, advapi32, 'SaferIdentifyLevel');
asm
mov esp, ebp
pop ebp
jmp [_SaferIdentifyLevel]
end;
end;
{$ELSE}
function SaferIdentifyLevel; external advapi32 name 'SaferIdentifyLevel';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferComputeTokenFromLevel: Pointer;
function SaferComputeTokenFromLevel;
begin
GetProcedureAddress(_SaferComputeTokenFromLevel, advapi32, 'SaferComputeTokenFromLevel');
asm
mov esp, ebp
pop ebp
jmp [_SaferComputeTokenFromLevel]
end;
end;
{$ELSE}
function SaferComputeTokenFromLevel; external advapi32 name 'SaferComputeTokenFromLevel';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferGetLevelInformation: Pointer;
function SaferGetLevelInformation;
begin
GetProcedureAddress(_SaferGetLevelInformation, advapi32, 'SaferGetLevelInformation');
asm
mov esp, ebp
pop ebp
jmp [_SaferGetLevelInformation]
end;
end;
{$ELSE}
function SaferGetLevelInformation; external advapi32 name 'SaferGetLevelInformation';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferSetLevelInformation: Pointer;
function SaferSetLevelInformation;
begin
GetProcedureAddress(_SaferSetLevelInformation, advapi32, 'SaferSetLevelInformation');
asm
mov esp, ebp
pop ebp
jmp [_SaferSetLevelInformation]
end;
end;
{$ELSE}
function SaferSetLevelInformation; external advapi32 name 'SaferSetLevelInformation';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_SaferRecordEventLogEntry: Pointer;
function SaferRecordEventLogEntry;
begin
GetProcedureAddress(_SaferRecordEventLogEntry, advapi32, 'SaferRecordEventLogEntry');
asm
mov esp, ebp
pop ebp
jmp [_SaferRecordEventLogEntry]
end;
end;
{$ELSE}
function SaferRecordEventLogEntry; external advapi32 name 'SaferRecordEventLogEntry';
{$ENDIF DYNAMIC_LINK}
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -