📄 rk_security.h
字号:
#ifndef __RK_SECURITY_H__
#define __RK_SECURITY_H__
/* __________________________________________________________
. NT Security Functions
. patch these for back doors
. __________________________________________________________ */
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheck(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
HANDLE hTokenClient,
ACCESS_MASK DesiredAccess,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheck(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
HANDLE hTokenClient,
ACCESS_MASK DesiredAccess,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
/* ------------[ windows 2000 extensions ]-------------------*/
#ifdef NT50
typedef struct _OBJECT_TYPE_LIST {
USHORT Level;
USHORT Sbz;
GUID *ObjectType;
} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByType(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
HANDLE hClientToken,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckByType(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
HANDLE hClientToken,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
typedef enum _AUDIT_EVENT_TYPE {
AuditEventObjectAccess,
AuditEventDirectoryServiceAccess
} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
ACCESS_MASK DesiredAccess,
AUDIT_EVENT_TYPE AuditType,
ULONG Flags,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
ACCESS_MASK DesiredAccess,
AUDIT_EVENT_TYPE AuditType,
ULONG Flags,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultList(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
HANDLE hClientToken,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeResultList(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
HANDLE hClientToken,
ACCESS_MASK DesiredAccess,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
PPRIVILEGE_SET pPrivilegeSet,
PULONG pPrivilegeSetLength,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus
);
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckByTypeResultListAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
ACCESS_MASK DesiredAccess,
AUDIT_EVENT_TYPE AuditType,
ULONG Flags,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
/* holy shit */
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckByTypeResultListAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID PrincipalSelfSid,
ACCESS_MASK DesiredAccess,
AUDIT_EVENT_TYPE AuditType,
ULONG Flags,
POBJECT_TYPE_LIST ObjectTypeList,
ULONG ObjectTypeListLength,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateAnonymousToken(
IN HANDLE hThread
);
NTSYSAPI
NTSTATUS
NTAPI
ZwImpersonateAnonymousToken(
IN HANDLE hThread
);
typedef enum {
LT_DONT_CARE,
LT_LOWEST_LATENCY
} LATENCY_TIME;
NTSYSAPI
NTSTATUS
NTAPI
NtRequestWakeupLatency(
IN LATENCY_TIME Latency
);
NTSYSAPI
NTSTATUS
NTAPI
ZwRequestWakeupLatency(
IN LATENCY_TIME Latency
);
NTSYSAPI
NTSTATUS
NTAPI
NtAreMappedFilesTheSame(
IN PVOID VirtualAddress1,
IN PVOID VirtualAddress2
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAreMappedFilesTheSame(
IN PVOID VirtualAddress1,
IN PVOID VirtualAddress2
);
#endif
/* ----[ end win2k ] --------------------- */
NTSYSAPI
NTSTATUS
NTAPI
NtAccessCheckAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
ACCESS_MASK DesiredAccess,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAccessCheckAndAuditAlarm(
PUNICODE_STRING SubSystemName,
PVOID HandleId,
PUNICODE_STRING ObjectTypeName,
PUNICODE_STRING ObjectName,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
ACCESS_MASK DesiredAccess,
PGENERIC_MAPPING pGenericMapping,
BOOLEAN bObjectCreation,
PACCESS_MASK pAccessGranted,
PNTSTATUS AccessGrantedReturnStatus,
PBOOLEAN bGenerateOnClose
);
typedef struct _SID_AND_ATTRIBUTES {
PSID Sid;
ULONG Attributes;
}SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
typedef struct _TOKEN_GROUPS {
ULONG GroupCount;
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
}TOKEN_GROUPS, *PTOKEN_GROUPS;
NTSYSAPI
NTSTATUS
NTAPI
NtAdjustGroupsToken(
IN HANDLE hToken,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS pNewTokenGroups,
OUT ULONG pOldTokenGroupsLength,
OUT PTOKEN_GROUPS pOldTokenGroups,
OUT PULONG pOldTokenGroupsActualLength OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwAdjustGroupsToken(
IN HANDLE hToken,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS pNewTokenGroups,
OUT ULONG pOldTokenGroupsLength,
OUT PTOKEN_GROUPS pOldTokenGroups,
OUT PULONG pOldTokenGroupsActualLength OPTIONAL
);
typedef struct _TOKEN_PRIVILEGES {
ULONG PrivilegeCount;
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
#define TOKEN_ASSIGN_PRIMARY (0x0001)
#define TOKEN_DUPLICATE (0x0002)
#define TOKEN_IMPERSONATE (0x0004)
#define TOKEN_QUERY (0x0008)
#define TOKEN_QUERY_SOURCE (0x0010)
#define TOKEN_ADJUST_PRIVILEGES (0x0020)
#define TOKEN_ADJUST_GROUPS (0x0040)
#define TOKEN_ADJUST_DEFAULT (0x0080)
#define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |\
TOKEN_ASSIGN_PRIMARY |\
TOKEN_DUPLICATE |\
TOKEN_IMPERSONATE |\
TOKEN_QUERY |\
TOKEN_QUERY_SOURCE |\
TOKEN_ADJUST_PRIVILEGES |\
TOKEN_ADJUST_GROUPS |\
TOKEN_ADJUST_DEFAULT)
#define TOKEN_READ (STANDARD_RIGHTS_READ |\
TOKEN_QUERY)
#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -