11 #define INT_STD_ACE_MAX_SIZE 0x14 21 #define COPY_ACL_TO_INTRO_ACL(Acl, IntroAcl) do { \ 22 IntroAcl.AclRevision = Acl.AclRevision; \ 23 IntroAcl.AclSize = Acl.AclSize; \ 24 IntroAcl.AceCount = Acl.AceCount; \ 89 #endif //_WINSECDESC_H_
BOOLEAN IntWinSDIsAclEdited(WIN_PROCESS_OBJECT *Process, DWORD BufferSize, BYTE *SecurityDescriptorBuffer, DWORD *ReadSize, ACL **NewSacl, ACL **NewDacl)
This function reads the ACLs for the given process (returning the data using the provided buffer and ...
DWORD Mask
The access mask of the given SID (https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask...
#define _Out_writes_bytes_(expr)
struct _WIN_PROCESS_OBJECT * PWIN_PROCESS_OBJECT
struct _ACE_BODY * PACE_BODY
Exposes the types and constants used by various Introcore APIs defined in glueiface.h.
struct _ACE_BODY ACE_BODY
The internal representation of an Access Control Entry body.
int INTSTATUS
The status data type.
struct _SID_INTERNAL SID_INTERNAL
The internal representation of the SID structure.
UCHAR Revision
S-1-5-32-554 - The SID revision (in this case 1).
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
S-1-5-32-554 - The authority (in this case 5).
BOOLEAN IntWinSDIsSecDescPtrAltered(WIN_PROCESS_OBJECT *Process, WIN_PROCESS_OBJECT **VictimProcess, QWORD *OldValue, QWORD *NewValue)
This function checks if the security descriptor pointer of a process has been altered or not...
SID_INTERNAL Sid
The containing SID.
struct _SID_INTERNAL * PSID_INTERNAL
INTSTATUS IntWinSDCheckIntegrity(void)
This function checks the integrity of the security descriptor for all the processes inside gWinProces...
UCHAR SubAuthorityCount
S-1-5-32-554 - The number of sub authorities (in this case 2 -> sub-authority 32 and sub-authority 54...
INTSTATUS IntWinSDReadSecDesc(QWORD SecurityDescriptorGva, DWORD BufferSize, BYTE *SecurityDescriptorBuffer, DWORD *ReadSize, ACL **Sacl, ACL **Dacl)
This function reads the ACLs (along with the ACEs) from the given GVA and returns the data using the ...
INTSTATUS IntWinSDProtectSecDesc(WIN_PROCESS_OBJECT *Process)
This function saves the security descriptor address and ACLs into the WIN_PROCESS_OBJECT structure...
The internal representation of an Access Control Entry body.
The internal representation of the SID structure.
This structure describes a running process inside the guest.