📄 jwalmaudit.pas
字号:
_AE_ACCLIM = record
ae_al_compname: DWORD;
ae_al_username: DWORD;
ae_al_resname: DWORD;
ae_al_limit: DWORD;
end;
{$EXTERNALSYM _AE_ACCLIM}
//AE_ACCLIM = _AE_ACCLIM;
//{$EXTERNALSYM AE_ACCLIM}
LPAE_ACCLIM = ^_AE_ACCLIM;
{$EXTERNALSYM LPAE_ACCLIM}
PAE_ACCLIM = ^_AE_ACCLIM;
{$EXTERNALSYM PAE_ACCLIM}
TAeAccLim = _AE_ACCLIM;
PAeAccLim = PAE_ACCLIM;
const
ACTION_LOCKOUT = 0;
{$EXTERNALSYM ACTION_LOCKOUT}
ACTION_ADMINUNLOCK = 1;
{$EXTERNALSYM ACTION_ADMINUNLOCK}
type
_AE_LOCKOUT = record
ae_lk_compname: DWORD; // Ptr to computername of client.
ae_lk_username: DWORD; // Ptr to username of client (NULL
// if same as computername).
ae_lk_action: DWORD; // Action taken on account:
// 0 means locked out, 1 means not.
ae_lk_bad_pw_count: DWORD; // Bad password count at the time
// of lockout.
end;
{$EXTERNALSYM _AE_LOCKOUT}
//AE_LOCKOUT = _AE_LOCKOUT;
//{$EXTERNALSYM AE_LOCKOUT}
LPAE_LOCKOUT = ^_AE_LOCKOUT;
{$EXTERNALSYM LPAE_LOCKOUT}
PAE_LOCKOUT = ^_AE_LOCKOUT;
{$EXTERNALSYM PAE_LOCKOUT}
TAeLockout = _AE_LOCKOUT;
PAeLockout = PAE_LOCKOUT;
_AE_GENERIC = record
ae_ge_msgfile: DWORD;
ae_ge_msgnum: DWORD;
ae_ge_params: DWORD;
ae_ge_param1: DWORD;
ae_ge_param2: DWORD;
ae_ge_param3: DWORD;
ae_ge_param4: DWORD;
ae_ge_param5: DWORD;
ae_ge_param6: DWORD;
ae_ge_param7: DWORD;
ae_ge_param8: DWORD;
ae_ge_param9: DWORD;
end;
{$EXTERNALSYM _AE_GENERIC}
//AE_GENERIC = _AE_GENERIC;
//{$EXTERNALSYM AE_GENERIC}
LPAE_GENERIC = ^_AE_GENERIC;
{$EXTERNALSYM LPAE_GENERIC}
PAE_GENERIC = ^_AE_GENERIC;
{$EXTERNALSYM PAE_GENERIC}
TAeGeneric = _AE_GENERIC;
PAeGeneric = PAE_GENERIC;
//
// Special Values and Constants - Audit
//
//
// Audit entry types (field ae_type in audit_entry).
//
const
AE_SRVSTATUS = 0;
{$EXTERNALSYM AE_SRVSTATUS}
AE_SESSLOGON = 1;
{$EXTERNALSYM AE_SESSLOGON}
AE_SESSLOGOFF = 2;
{$EXTERNALSYM AE_SESSLOGOFF}
AE_SESSPWERR = 3;
{$EXTERNALSYM AE_SESSPWERR}
AE_CONNSTART = 4;
{$EXTERNALSYM AE_CONNSTART}
AE_CONNSTOP = 5;
{$EXTERNALSYM AE_CONNSTOP}
AE_CONNREJ = 6;
{$EXTERNALSYM AE_CONNREJ}
AE_RESACCESS = 7;
{$EXTERNALSYM AE_RESACCESS}
AE_RESACCESSREJ = 8;
{$EXTERNALSYM AE_RESACCESSREJ}
AE_CLOSEFILE = 9;
{$EXTERNALSYM AE_CLOSEFILE}
AE_SERVICESTAT = 11;
{$EXTERNALSYM AE_SERVICESTAT}
AE_ACLMOD = 12;
{$EXTERNALSYM AE_ACLMOD}
AE_UASMOD = 13;
{$EXTERNALSYM AE_UASMOD}
AE_NETLOGON = 14;
{$EXTERNALSYM AE_NETLOGON}
AE_NETLOGOFF = 15;
{$EXTERNALSYM AE_NETLOGOFF}
AE_NETLOGDENIED = 16;
{$EXTERNALSYM AE_NETLOGDENIED}
AE_ACCLIMITEXCD = 17;
{$EXTERNALSYM AE_ACCLIMITEXCD}
AE_RESACCESS2 = 18;
{$EXTERNALSYM AE_RESACCESS2}
AE_ACLMODFAIL = 19;
{$EXTERNALSYM AE_ACLMODFAIL}
AE_LOCKOUT = 20;
{$EXTERNALSYM AE_LOCKOUT}
AE_GENERIC_TYPE = 21;
{$EXTERNALSYM AE_GENERIC_TYPE}
//
// Values for ae_ss_status field of ae_srvstatus.
//
AE_SRVSTART = 0;
{$EXTERNALSYM AE_SRVSTART}
AE_SRVPAUSED = 1;
{$EXTERNALSYM AE_SRVPAUSED}
AE_SRVCONT = 2;
{$EXTERNALSYM AE_SRVCONT}
AE_SRVSTOP = 3;
{$EXTERNALSYM AE_SRVSTOP}
//
// Values for ae_so_privilege field of ae_sesslogon.
//
AE_GUEST = 0;
{$EXTERNALSYM AE_GUEST}
AE_USER = 1;
{$EXTERNALSYM AE_USER}
AE_ADMIN = 2;
{$EXTERNALSYM AE_ADMIN}
//
// Values for various ae_XX_reason fields.
//
AE_NORMAL = 0;
{$EXTERNALSYM AE_NORMAL}
AE_USERLIMIT = 0;
{$EXTERNALSYM AE_USERLIMIT}
AE_GENERAL = 0;
{$EXTERNALSYM AE_GENERAL}
AE_ERROR = 1;
{$EXTERNALSYM AE_ERROR}
AE_SESSDIS = 1;
{$EXTERNALSYM AE_SESSDIS}
AE_BADPW = 1;
{$EXTERNALSYM AE_BADPW}
AE_AUTODIS = 2;
{$EXTERNALSYM AE_AUTODIS}
AE_UNSHARE = 2;
{$EXTERNALSYM AE_UNSHARE}
AE_ADMINPRIVREQD = 2;
{$EXTERNALSYM AE_ADMINPRIVREQD}
AE_ADMINDIS = 3;
{$EXTERNALSYM AE_ADMINDIS}
AE_NOACCESSPERM = 3;
{$EXTERNALSYM AE_NOACCESSPERM}
AE_ACCRESTRICT = 4;
{$EXTERNALSYM AE_ACCRESTRICT}
AE_NORMAL_CLOSE = 0;
{$EXTERNALSYM AE_NORMAL_CLOSE}
AE_SES_CLOSE = 1;
{$EXTERNALSYM AE_SES_CLOSE}
AE_ADMIN_CLOSE = 2;
{$EXTERNALSYM AE_ADMIN_CLOSE}
//
// Values for xx_subreason fields.
//
AE_LIM_UNKNOWN = 0;
{$EXTERNALSYM AE_LIM_UNKNOWN}
AE_LIM_LOGONHOURS = 1;
{$EXTERNALSYM AE_LIM_LOGONHOURS}
AE_LIM_EXPIRED = 2;
{$EXTERNALSYM AE_LIM_EXPIRED}
AE_LIM_INVAL_WKSTA = 3;
{$EXTERNALSYM AE_LIM_INVAL_WKSTA}
AE_LIM_DISABLED = 4;
{$EXTERNALSYM AE_LIM_DISABLED}
AE_LIM_DELETED = 5;
{$EXTERNALSYM AE_LIM_DELETED}
//
// Values for xx_action fields
//
AE_MOD = 0;
{$EXTERNALSYM AE_MOD}
AE_DELETE = 1;
{$EXTERNALSYM AE_DELETE}
AE_ADD = 2;
{$EXTERNALSYM AE_ADD}
//
// Types of UAS record for um_rectype field
//
AE_UAS_USER = 0;
{$EXTERNALSYM AE_UAS_USER}
AE_UAS_GROUP = 1;
{$EXTERNALSYM AE_UAS_GROUP}
AE_UAS_MODALS = 2;
{$EXTERNALSYM AE_UAS_MODALS}
//
// Bitmasks for auditing events
//
// The parentheses around the hex constants broke h_to_inc
// and have been purged from the face of the earth.
//
SVAUD_SERVICE = $1;
{$EXTERNALSYM SVAUD_SERVICE}
SVAUD_GOODSESSLOGON = $6;
{$EXTERNALSYM SVAUD_GOODSESSLOGON}
SVAUD_BADSESSLOGON = $18;
{$EXTERNALSYM SVAUD_BADSESSLOGON}
SVAUD_SESSLOGON = (SVAUD_GOODSESSLOGON or SVAUD_BADSESSLOGON);
{$EXTERNALSYM SVAUD_SESSLOGON}
SVAUD_GOODNETLOGON = $60;
{$EXTERNALSYM SVAUD_GOODNETLOGON}
SVAUD_BADNETLOGON = $180;
{$EXTERNALSYM SVAUD_BADNETLOGON}
SVAUD_NETLOGON = (SVAUD_GOODNETLOGON or SVAUD_BADNETLOGON);
{$EXTERNALSYM SVAUD_NETLOGON}
SVAUD_LOGON = (SVAUD_NETLOGON or SVAUD_SESSLOGON);
{$EXTERNALSYM SVAUD_LOGON}
SVAUD_GOODUSE = $600;
{$EXTERNALSYM SVAUD_GOODUSE}
SVAUD_BADUSE = $1800;
{$EXTERNALSYM SVAUD_BADUSE}
SVAUD_USE = (SVAUD_GOODUSE or SVAUD_BADUSE);
{$EXTERNALSYM SVAUD_USE}
SVAUD_USERLIST = $2000;
{$EXTERNALSYM SVAUD_USERLIST}
SVAUD_PERMISSIONS = $4000;
{$EXTERNALSYM SVAUD_PERMISSIONS}
SVAUD_RESOURCE = $8000;
{$EXTERNALSYM SVAUD_RESOURCE}
SVAUD_LOGONLIM = $00010000;
{$EXTERNALSYM SVAUD_LOGONLIM}
//
// Resource access audit bitmasks.
//
AA_AUDIT_ALL = $0001;
{$EXTERNALSYM AA_AUDIT_ALL}
AA_A_OWNER = $0004;
{$EXTERNALSYM AA_A_OWNER}
AA_CLOSE = $0008;
{$EXTERNALSYM AA_CLOSE}
AA_S_OPEN = $0010;
{$EXTERNALSYM AA_S_OPEN}
AA_S_WRITE = $0020;
{$EXTERNALSYM AA_S_WRITE}
AA_S_CREATE = $0020;
{$EXTERNALSYM AA_S_CREATE}
AA_S_DELETE = $0040;
{$EXTERNALSYM AA_S_DELETE}
AA_S_ACL = $0080;
{$EXTERNALSYM AA_S_ACL}
AA_S_ALL = ( AA_S_OPEN or AA_S_WRITE or AA_S_DELETE or AA_S_ACL);
{$EXTERNALSYM AA_S_ALL}
AA_F_OPEN = $0100;
{$EXTERNALSYM AA_F_OPEN}
AA_F_WRITE = $0200;
{$EXTERNALSYM AA_F_WRITE}
AA_F_CREATE = $0200;
{$EXTERNALSYM AA_F_CREATE}
AA_F_DELETE = $0400;
{$EXTERNALSYM AA_F_DELETE}
AA_F_ACL = $0800;
{$EXTERNALSYM AA_F_ACL}
AA_F_ALL = ( AA_F_OPEN or AA_F_WRITE or AA_F_DELETE or AA_F_ACL);
{$EXTERNALSYM AA_F_ALL}
// Pinball-specific
AA_A_OPEN = $1000;
{$EXTERNALSYM AA_A_OPEN}
AA_A_WRITE = $2000;
{$EXTERNALSYM AA_A_WRITE}
AA_A_CREATE = $2000;
{$EXTERNALSYM AA_A_CREATE}
AA_A_DELETE = $4000;
{$EXTERNALSYM AA_A_DELETE}
AA_A_ACL = $8000;
{$EXTERNALSYM AA_A_ACL}
AA_A_ALL = (AA_F_OPEN or AA_F_WRITE or AA_F_DELETE or AA_F_ACL);
{$EXTERNALSYM AA_A_ALL}
implementation
{$IFDEF DYNAMIC_LINK}
var
_NetAuditClear: Pointer;
function NetAuditClear;
begin
GetProcedureAddress(_NetAuditClear, netapi32, 'NetAuditClear');
asm
mov esp, ebp
pop ebp
jmp [_NetAuditClear]
end;
end;
{$ELSE}
function NetAuditClear; external netapi32 name 'NetAuditClear';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_NetAuditRead: Pointer;
function NetAuditRead;
begin
GetProcedureAddress(_NetAuditRead, netapi32, 'NetAuditRead');
asm
mov esp, ebp
pop ebp
jmp [_NetAuditRead]
end;
end;
{$ELSE}
function NetAuditRead; external netapi32 name 'NetAuditRead';
{$ENDIF DYNAMIC_LINK}
{$IFDEF DYNAMIC_LINK}
var
_NetAuditWrite: Pointer;
function NetAuditWrite;
begin
GetProcedureAddress(_NetAuditWrite, netapi32, 'NetAuditWrite');
asm
mov esp, ebp
pop ebp
jmp [_NetAuditWrite]
end;
end;
{$ELSE}
function NetAuditWrite; external netapi32 name 'NetAuditWrite';
{$ENDIF DYNAMIC_LINK}
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -