INTSTATUS IntWinTokenPrivsCheckIntegrityOnProcess(WIN_PROCESS_OBJECT *Process)
This function checks if the privileges bitfields for the given process have been changed in a malicio...
INTSTATUS IntWinTokenUnprotectPrivs(void)
Unprotects all the currently protected tokens belonging to processes against privileges manipulation...
INTSTATUS IntWinTokenProtectPrivs(void)
Protects all the currently unprotected tokens belonging to processes against privileges manipulation...
int INTSTATUS
The status data type.
INTSTATUS IntWinTokenPrivsProtectOnProcess(WIN_PROCESS_OBJECT *Process)
Updates the stored original Privileges bitfields (Present and Enabled) and hooks through EPT the Priv...
BOOLEAN IntWinTokenPtrIsStolen(WIN_PROCESS_OBJECT *Process, BOOLEAN Check, WIN_PROCESS_OBJECT **FromProcess, QWORD *OldValue, QWORD *NewValue)
This function checks if the security token of a given process has been stone from another process...
INTSTATUS IntWinTokenCheckCurrentPrivileges(WIN_PROCESS_OBJECT *Process, QWORD TokenPtr, BOOLEAN IntegrityCheck, BOOLEAN *PresentIncreased, BOOLEAN *EnabledIncreased, QWORD *Present, QWORD *Enabled)
Verifies the current token if the current Privileges.Present and Privileges.Enabled fields were not a...
INTSTATUS IntWinTokenPtrCheckIntegrityOnProcess(WIN_PROCESS_OBJECT *Process)
This function checks if the security token of a given process has been stone from another process...
INTSTATUS IntWinTokenPrivsUnprotectOnProcess(WIN_PROCESS_OBJECT *Process)
struct _WIN_PROCESS_OBJECT * PWIN_PROCESS_OBJECT
TIMER_FRIENDLY INTSTATUS IntWinTokenCheckIntegrity(void)
This function checks the integrity of the security token for all the processes inside gWinProcesses...
This structure describes a running process inside the guest.