rk_security.h

来自「能够在windows 2000以上操作系统下隐藏特定的进程」· C头文件 代码 · 共 711 行 · 第 1/2 页

H
711
字号
12
                          TOKEN_ADJUST_PRIVILEGES   |\
                          TOKEN_ADJUST_GROUPS       |\
                          TOKEN_ADJUST_DEFAULT)

#define TOKEN_EXECUTE    (STANDARD_RIGHTS_EXECUTE)

typedef enum _TOKEN_TYPE {
    TokenPrimary = 1,
    TokenImpersonation
    } TOKEN_TYPE;
typedef TOKEN_TYPE *PTOKEN_TYPE;



	
NTSYSAPI
NTSTATUS
NTAPI
NtAdjustPrivilegesToken(
	IN HANDLE hToken,
    IN BOOLEAN DisableAllPrivileges,
    IN PTOKEN_PRIVILEGES pNewPrivlegeSet,
    IN ULONG PreviousPrivilegeSetBufferLength OPTIONAL,
    PTOKEN_PRIVILEGES pPreviousPrivlegeSet OPTIONAL,
    PULONG PreviousPrivlegeSetReturnLength OPTIONAL
);

NTSTATUS
NTAPI
ZwAdjustPrivilegesToken(
	IN HANDLE hToken,
    IN BOOLEAN DisableAllPrivileges,
    IN PTOKEN_PRIVILEGES pNewPrivlegeSet,
    IN ULONG PreviousPrivilegeSetBufferLength OPTIONAL,
    PTOKEN_PRIVILEGES pPreviousPrivlegeSet OPTIONAL,
    PULONG PreviousPrivlegeSetReturnLength OPTIONAL
);


NTSYSAPI
NTSTATUS
NTAPI
NtCloseObjectAuditAlarm(
	IN PUNICODE_STRING SubSystemName,
	IN PVOID HandleId,
	IN BOOLEAN bGenerateOnClose
);


NTSYSAPI
NTSTATUS
NTAPI
ZwCloseObjectAuditAlarm(
	IN PUNICODE_STRING SubSystemName,
	IN PVOID HandleId,
	IN BOOLEAN bGenerateOnClose
);

NTSYSAPI
NTSTATUS
NTAPI
NtDeleteObjectAuditAlarm(
	IN PUNICODE_STRING SubSystemName,
	IN PVOID HandleId,
	IN BOOLEAN bGenerateOnClose
);

NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteObjectAuditAlarm(
	IN PUNICODE_STRING SubSystemName,
	IN PVOID HandleId,
	IN BOOLEAN bGenerateOnClose
);

NTSYSAPI
NTSTATUS
NTAPI
NtDuplicateToken(
	IN HANDLE hToken,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes, //Describing quality of service structure and security descriptor and OBJ_INHERIT flag
	IN BOOLEAN bMakeTokenEffectiveOnly,
	IN TOKEN_TYPE TokenType,
	OUT PHANDLE phNewToken
);


NTSYSAPI
NTSTATUS
NTAPI
ZwDuplicateToken(
	IN HANDLE hToken,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes, //Describing quality of service structure and security descriptor and OBJ_INHERIT flag
	IN BOOLEAN bMakeTokenEffectiveOnly,
	IN TOKEN_TYPE TokenType,
	OUT PHANDLE phNewToken
);

NTSYSAPI
NTSTATUS
NTAPI
NtImpersonateThread(
	IN HANDLE hThread,
	IN HANDLE hThreadToImpersonate,
	IN PSECURITY_QUALITY_OF_SERVICE Qos
);

NTSYSAPI
NTSTATUS
NTAPI
ZwImpersonateThread(
	IN HANDLE hThread,
	IN HANDLE hThreadToImpersonate,
	IN PSECURITY_QUALITY_OF_SERVICE Qos
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenObjectAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
	IN PVOID HandleId,
	IN PUNICODE_STRING ObjectTypeName,
	IN PUNICODE_STRING ObjectName,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
	IN HANDLE hTokenClient,
	IN ACCESS_MASK DesiredAccess,
	IN ACCESS_MASK GrantedAccess,
	IN PPRIVILEGE_SET pPrivilegeSet,
	IN BOOLEAN bObjectCreation,
	IN BOOLEAN bAccessGranted,
	OUT PBOOLEAN bGenerateOnClose
);

NTSYSAPI
NTSTATUS
NTAPI
ZwOpenObjectAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
	IN PVOID HandleId,
	IN PUNICODE_STRING ObjectTypeName,
	IN PUNICODE_STRING ObjectName,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
	IN HANDLE hTokenClient,
	IN ACCESS_MASK DesiredAccess,
	IN ACCESS_MASK GrantedAccess,
	IN PPRIVILEGE_SET pPrivilegeSet,
	IN BOOLEAN bObjectCreation,
	IN BOOLEAN bAccessGranted,
	OUT PBOOLEAN bGenerateOnClose
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenProcessToken(
	IN HANDLE hProcess,
	IN ACCESS_MASK DesiredAccess,
	OUT PHANDLE phToken
);

NTSYSAPI
NTSTATUS
NTAPI
ZwOpenProcessToken(
	IN HANDLE hProcess,
	IN ACCESS_MASK DesiredAccess,
	OUT PHANDLE phToken
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenThreadToken(
	IN HANDLE hThread,
	IN ACCESS_MASK DesiredAccess,
	IN BOOLEAN bUseContextOfProcess,
	OUT PHANDLE phToken
);

NTSYSAPI
NTSTATUS
NTAPI
ZwOpenThreadToken(
	IN HANDLE hThread,
	IN ACCESS_MASK DesiredAccess,
	IN BOOLEAN bUseContextOfProcess,
	OUT PHANDLE phToken
);

NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegeCheck(
	IN HANDLE hToken,
	PPRIVILEGE_SET pPrivilegeSet,
	PBOOLEAN pbHasPrivileges
);

NTSYSAPI
NTSTATUS
NTAPI
ZwPrivilegeCheck(
	IN HANDLE hToken,
	IN PPRIVILEGE_SET pPrivilegeSet,
	OUT PBOOLEAN pbHasPrivileges
);

NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegeObjectAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
    IN PVOID HandleId,
    IN HANDLE hToken,
    IN ACCESS_MASK DesiredAccess,
    IN PPRIVILEGE_SET pPrivilegeSet,
    IN BOOLEAN AccessGranted
);

NTSYSAPI
NTSTATUS
NTAPI
ZwPrivilegeObjectAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
    IN PVOID HandleId,
    IN HANDLE hToken,
    IN ACCESS_MASK DesiredAccess,
    IN PPRIVILEGE_SET pPrivilegeSet,
    IN BOOLEAN AccessGranted
);

NTSYSAPI
NTSTATUS
NTAPI
NtPrivilegedServiceAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
    IN PUNICODE_STRING ServiceName,
    IN HANDLE hToken,
    IN PPRIVILEGE_SET pPrivilegeSet,
    IN BOOLEAN AccessGranted
);

NTSYSAPI
NTSTATUS
NTAPI
ZwPrivilegedServiceAuditAlarm(
	IN PUNICODE_STRING SubsystemName,
    IN PUNICODE_STRING ServiceName,
    IN HANDLE hToken,
    IN PPRIVILEGE_SET pPrivilegeSet,
    IN BOOLEAN AccessGranted
);

typedef enum _TOKEN_INFORMATION_CLASS {
    TokenUser = 1,
    TokenGroups,
    TokenPrivileges,
    TokenOwner,
    TokenPrimaryGroup,
    TokenDefaultDacl,
    TokenSource,
    TokenType,
    TokenImpersonationLevel,
    TokenStatistics
} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;


NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationToken(
	IN HANDLE hToken,
	IN TOKEN_INFORMATION_CLASS TokenInfoClass,
	OUT PVOID TokenInfoBuffer,
	IN ULONG TokenInfoBufferLength,
	OUT PULONG BytesReturned
);

NTSYSAPI
NTSTATUS
NTAPI
ZwQueryInformationToken(
	IN HANDLE hToken,
	IN TOKEN_INFORMATION_CLASS TokenInfoClass,
	OUT PVOID TokenInfoBuffer,
	IN ULONG TokenInfoBufferLength,
	OUT PULONG BytesReturned
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetInformationToken(
	IN HANDLE hToken,
	IN TOKEN_INFORMATION_CLASS TokenInfoClass,
	IN PVOID TokenInfoBuffer,
	IN ULONG TokenInfoBufferLength
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationToken(
	IN HANDLE hToken,
	IN TOKEN_INFORMATION_CLASS TokenInfoClass,
	IN PVOID TokenInfoBuffer,
	IN ULONG TokenInfoBufferLength
);

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySecurityObject(
	IN HANDLE hObject,
	IN SECURITY_INFORMATION SecurityInfoRequested,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
	IN ULONG pSecurityDescriptorLength,
	OUT PULONG BytesRequired
);

NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySecurityObject(
	IN HANDLE hObject,
	IN SECURITY_INFORMATION SecurityInfoRequested,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
	IN ULONG pSecurityDescriptorLength,
	OUT PULONG BytesRequired
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetSecurityObject(
	IN HANDLE hObject,
	IN SECURITY_INFORMATION SecurityInfoRequested,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetSecurityObject(
	IN HANDLE hObject,
	IN SECURITY_INFORMATION SecurityInfoRequested,
	IN PSECURITY_DESCRIPTOR pSecurityDescriptor
);


#endif
12

rk_security.h - 源码说明

本页面展示了「能够在windows 2000以上操作系统下隐藏特定的进程」中的 rk_security.h 源码文件,采用 C头文件 编程语言编写,共 711 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?