1use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64};
2use winapi::shared::ntdef::{
3 BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS,
4 POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT,
5};
6use winapi::um::winnt::{
7 ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST,
8 PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES,
9 PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER,
10 PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL,
11 TOKEN_INFORMATION_CLASS, TOKEN_TYPE,
12};
13pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2;
14pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2;
15pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3;
16pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4;
17pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5;
18pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6;
19pub const SE_TCB_PRIVILEGE: LONG = 7;
20pub const SE_SECURITY_PRIVILEGE: LONG = 8;
21pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9;
22pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10;
23pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11;
24pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12;
25pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13;
26pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14;
27pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15;
28pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16;
29pub const SE_BACKUP_PRIVILEGE: LONG = 17;
30pub const SE_RESTORE_PRIVILEGE: LONG = 18;
31pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19;
32pub const SE_DEBUG_PRIVILEGE: LONG = 20;
33pub const SE_AUDIT_PRIVILEGE: LONG = 21;
34pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22;
35pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23;
36pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24;
37pub const SE_UNDOCK_PRIVILEGE: LONG = 25;
38pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26;
39pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27;
40pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28;
41pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29;
42pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30;
43pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31;
44pub const SE_RELABEL_PRIVILEGE: LONG = 32;
45pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33;
46pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34;
47pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35;
48pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36;
49pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE;
50pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00;
51pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01;
52pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02;
53pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03;
54pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04;
55pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05;
56pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06;
57pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10;
58pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001;
59pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002;
60pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004;
61pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008;
62pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010;
63pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020;
64pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040;
65pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE
66 | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
67 | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED
68 | TOKEN_SECURITY_ATTRIBUTE_MANDATORY;
69pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000;
70STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE {
71 Version: ULONG64,
72 Name: UNICODE_STRING,
73}}
74pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE;
75STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
76 pValue: PVOID,
77 ValueLength: ULONG,
78}}
79pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE =
80 *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
81UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values {
82 pInt64: PLONG64,
83 pUint64: PULONG64,
84 pString: PUNICODE_STRING,
85 pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE,
86 pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
87}}
88STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 {
89 Name: UNICODE_STRING,
90 ValueType: USHORT,
91 Reserved: USHORT,
92 Flags: ULONG,
93 ValueCount: ULONG,
94 Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values,
95}}
96pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1;
97pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1;
98pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT =
99 TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1;
100STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION {
101 Version: USHORT,
102 Reserved: USHORT,
103 AttributeCount: ULONG,
104 pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1,
105}}
106pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION;
107STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL {
108 TrustLevelSid: PSID,
109}}
110pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL;
111EXTERN!{extern "system" {
112 fn NtCreateToken(
113 TokenHandle: PHANDLE,
114 DesiredAccess: ACCESS_MASK,
115 ObjectAttributes: POBJECT_ATTRIBUTES,
116 TokenType: TOKEN_TYPE,
117 AuthenticationId: PLUID,
118 ExpirationTime: PLARGE_INTEGER,
119 User: PTOKEN_USER,
120 Groups: PTOKEN_GROUPS,
121 Privileges: PTOKEN_PRIVILEGES,
122 Owner: PTOKEN_OWNER,
123 PrimaryGroup: PTOKEN_PRIMARY_GROUP,
124 DefaultDacl: PTOKEN_DEFAULT_DACL,
125 TokenSource: PTOKEN_SOURCE,
126 ) -> NTSTATUS;
127 fn NtCreateLowBoxToken(
128 TokenHandle: PHANDLE,
129 ExistingTokenHandle: HANDLE,
130 DesiredAccess: ACCESS_MASK,
131 ObjectAttributes: POBJECT_ATTRIBUTES,
132 PackageSid: PSID,
133 CapabilityCount: ULONG,
134 Capabilities: PSID_AND_ATTRIBUTES,
135 HandleCount: ULONG,
136 Handles: *mut HANDLE,
137 ) -> NTSTATUS;
138 fn NtCreateTokenEx(
139 TokenHandle: PHANDLE,
140 DesiredAccess: ACCESS_MASK,
141 ObjectAttributes: POBJECT_ATTRIBUTES,
142 TokenType: TOKEN_TYPE,
143 AuthenticationId: PLUID,
144 ExpirationTime: PLARGE_INTEGER,
145 User: PTOKEN_USER,
146 Groups: PTOKEN_GROUPS,
147 Privileges: PTOKEN_PRIVILEGES,
148 UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
149 DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
150 DeviceGroups: PTOKEN_GROUPS,
151 TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY,
152 Owner: PTOKEN_OWNER,
153 PrimaryGroup: PTOKEN_PRIMARY_GROUP,
154 DefaultDacl: PTOKEN_DEFAULT_DACL,
155 TokenSource: PTOKEN_SOURCE,
156 ) -> NTSTATUS;
157 fn NtOpenProcessToken(
158 ProcessHandle: HANDLE,
159 DesiredAccess: ACCESS_MASK,
160 TokenHandle: PHANDLE,
161 ) -> NTSTATUS;
162 fn NtOpenProcessTokenEx(
163 ProcessHandle: HANDLE,
164 DesiredAccess: ACCESS_MASK,
165 HandleAttributes: ULONG,
166 TokenHandle: PHANDLE,
167 ) -> NTSTATUS;
168 fn NtOpenThreadToken(
169 ThreadHandle: HANDLE,
170 DesiredAccess: ACCESS_MASK,
171 OpenAsSelf: BOOLEAN,
172 TokenHandle: PHANDLE,
173 ) -> NTSTATUS;
174 fn NtOpenThreadTokenEx(
175 ThreadHandle: HANDLE,
176 DesiredAccess: ACCESS_MASK,
177 OpenAsSelf: BOOLEAN,
178 HandleAttributes: ULONG,
179 TokenHandle: PHANDLE,
180 ) -> NTSTATUS;
181 fn NtDuplicateToken(
182 ExistingTokenHandle: HANDLE,
183 DesiredAccess: ACCESS_MASK,
184 ObjectAttributes: POBJECT_ATTRIBUTES,
185 EffectiveOnly: BOOLEAN,
186 TokenType: TOKEN_TYPE,
187 NewTokenHandle: PHANDLE,
188 ) -> NTSTATUS;
189 fn NtQueryInformationToken(
190 TokenHandle: HANDLE,
191 TokenInformationClass: TOKEN_INFORMATION_CLASS,
192 TokenInformation: PVOID,
193 TokenInformationLength: ULONG,
194 ReturnLength: PULONG,
195 ) -> NTSTATUS;
196 fn NtSetInformationToken(
197 TokenHandle: HANDLE,
198 TokenInformationClass: TOKEN_INFORMATION_CLASS,
199 TokenInformation: PVOID,
200 TokenInformationLength: ULONG,
201 ) -> NTSTATUS;
202 fn NtAdjustPrivilegesToken(
203 TokenHandle: HANDLE,
204 DisableAllPrivileges: BOOLEAN,
205 NewState: PTOKEN_PRIVILEGES,
206 BufferLength: ULONG,
207 PreviousState: PTOKEN_PRIVILEGES,
208 ReturnLength: PULONG,
209 ) -> NTSTATUS;
210 fn NtAdjustGroupsToken(
211 TokenHandle: HANDLE,
212 ResetToDefault: BOOLEAN,
213 NewState: PTOKEN_GROUPS,
214 BufferLength: ULONG,
215 PreviousState: PTOKEN_GROUPS,
216 ReturnLength: PULONG,
217 ) -> NTSTATUS;
218 fn NtAdjustTokenClaimsAndDeviceGroups(
219 TokenHandle: HANDLE,
220 UserResetToDefault: BOOLEAN,
221 DeviceResetToDefault: BOOLEAN,
222 DeviceGroupsResetToDefault: BOOLEAN,
223 NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
224 NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
225 NewDeviceGroupsState: PTOKEN_GROUPS,
226 UserBufferLength: ULONG,
227 PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
228 DeviceBufferLength: ULONG,
229 PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
230 DeviceGroupsBufferLength: ULONG,
231 PreviousDeviceGroups: PTOKEN_GROUPS,
232 UserReturnLength: PULONG,
233 DeviceReturnLength: PULONG,
234 DeviceGroupsReturnBufferLength: PULONG,
235 ) -> NTSTATUS;
236 fn NtFilterToken(
237 ExistingTokenHandle: HANDLE,
238 Flags: ULONG,
239 SidsToDisable: PTOKEN_GROUPS,
240 PrivilegesToDelete: PTOKEN_PRIVILEGES,
241 RestrictedSids: PTOKEN_GROUPS,
242 NewTokenHandle: PHANDLE,
243 ) -> NTSTATUS;
244 fn NtFilterTokenEx(
245 ExistingTokenHandle: HANDLE,
246 Flags: ULONG,
247 SidsToDisable: PTOKEN_GROUPS,
248 PrivilegesToDelete: PTOKEN_PRIVILEGES,
249 RestrictedSids: PTOKEN_GROUPS,
250 DisableUserClaimsCount: ULONG,
251 UserClaimsToDisable: PUNICODE_STRING,
252 DisableDeviceClaimsCount: ULONG,
253 DeviceClaimsToDisable: PUNICODE_STRING,
254 DeviceGroupsToDisable: PTOKEN_GROUPS,
255 RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
256 RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION,
257 RestrictedDeviceGroups: PTOKEN_GROUPS,
258 NewTokenHandle: PHANDLE,
259 ) -> NTSTATUS;
260 fn NtCompareTokens(
261 FirstTokenHandle: HANDLE,
262 SecondTokenHandle: HANDLE,
263 Equal: PBOOLEAN,
264 ) -> NTSTATUS;
265 fn NtPrivilegeCheck(
266 ClientToken: HANDLE,
267 RequiredPrivileges: PPRIVILEGE_SET,
268 Result: PBOOLEAN,
269 ) -> NTSTATUS;
270 fn NtImpersonateAnonymousToken(
271 ThreadHandle: HANDLE,
272 ) -> NTSTATUS;
273 fn NtQuerySecurityAttributesToken(
274 TokenHandle: HANDLE,
275 Attributes: PUNICODE_STRING,
276 NumberOfAttributes: ULONG,
277 Buffer: PVOID,
278 Length: ULONG,
279 ReturnLength: PULONG,
280 ) -> NTSTATUS;
281 fn NtAccessCheck(
282 SecurityDescriptor: PSECURITY_DESCRIPTOR,
283 ClientToken: HANDLE,
284 DesiredAccess: ACCESS_MASK,
285 GenericMapping: PGENERIC_MAPPING,
286 PrivilegeSet: PPRIVILEGE_SET,
287 PrivilegeSetLength: PULONG,
288 GrantedAccess: PACCESS_MASK,
289 AccessStatus: PNTSTATUS,
290 ) -> NTSTATUS;
291 fn NtAccessCheckByType(
292 SecurityDescriptor: PSECURITY_DESCRIPTOR,
293 PrincipalSelfSid: PSID,
294 ClientToken: HANDLE,
295 DesiredAccess: ACCESS_MASK,
296 ObjectTypeList: POBJECT_TYPE_LIST,
297 ObjectTypeListLength: ULONG,
298 GenericMapping: PGENERIC_MAPPING,
299 PrivilegeSet: PPRIVILEGE_SET,
300 PrivilegeSetLength: PULONG,
301 GrantedAccess: PACCESS_MASK,
302 AccessStatus: PNTSTATUS,
303 ) -> NTSTATUS;
304 fn NtAccessCheckByTypeResultList(
305 SecurityDescriptor: PSECURITY_DESCRIPTOR,
306 PrincipalSelfSid: PSID,
307 ClientToken: HANDLE,
308 DesiredAccess: ACCESS_MASK,
309 ObjectTypeList: POBJECT_TYPE_LIST,
310 ObjectTypeListLength: ULONG,
311 GenericMapping: PGENERIC_MAPPING,
312 PrivilegeSet: PPRIVILEGE_SET,
313 PrivilegeSetLength: PULONG,
314 GrantedAccess: PACCESS_MASK,
315 AccessStatus: PNTSTATUS,
316 ) -> NTSTATUS;
317 fn NtSetCachedSigningLevel(
318 Flags: ULONG,
319 InputSigningLevel: SE_SIGNING_LEVEL,
320 SourceFiles: PHANDLE,
321 SourceFileCount: ULONG,
322 TargetFile: HANDLE,
323 ) -> NTSTATUS;
324 fn NtGetCachedSigningLevel(
325 File: HANDLE,
326 Flags: PULONG,
327 SigningLevel: PSE_SIGNING_LEVEL,
328 Thumbprint: PUCHAR,
329 ThumbprintSize: PULONG,
330 ThumbprintAlgorithm: PULONG,
331 ) -> NTSTATUS;
332 fn NtAccessCheckAndAuditAlarm(
333 SubsystemName: PUNICODE_STRING,
334 HandleId: PVOID,
335 ObjectTypeName: PUNICODE_STRING,
336 ObjectName: PUNICODE_STRING,
337 SecurityDescriptor: PSECURITY_DESCRIPTOR,
338 DesiredAccess: ACCESS_MASK,
339 GenericMapping: PGENERIC_MAPPING,
340 ObjectCreation: BOOLEAN,
341 GrantedAccess: PACCESS_MASK,
342 AccessStatus: PNTSTATUS,
343 GenerateOnClose: PBOOLEAN,
344 ) -> NTSTATUS;
345 fn NtAccessCheckByTypeAndAuditAlarm(
346 SubsystemName: PUNICODE_STRING,
347 HandleId: PVOID,
348 ObjectTypeName: PUNICODE_STRING,
349 ObjectName: PUNICODE_STRING,
350 SecurityDescriptor: PSECURITY_DESCRIPTOR,
351 PrincipalSelfSid: PSID,
352 DesiredAccess: ACCESS_MASK,
353 AuditType: AUDIT_EVENT_TYPE,
354 Flags: ULONG,
355 ObjectTypeList: POBJECT_TYPE_LIST,
356 ObjectTypeListLength: ULONG,
357 GenericMapping: PGENERIC_MAPPING,
358 ObjectCreation: BOOLEAN,
359 GrantedAccess: PACCESS_MASK,
360 AccessStatus: PNTSTATUS,
361 GenerateOnClose: PBOOLEAN,
362 ) -> NTSTATUS;
363 fn NtAccessCheckByTypeResultListAndAuditAlarm(
364 SubsystemName: PUNICODE_STRING,
365 HandleId: PVOID,
366 ObjectTypeName: PUNICODE_STRING,
367 ObjectName: PUNICODE_STRING,
368 SecurityDescriptor: PSECURITY_DESCRIPTOR,
369 PrincipalSelfSid: PSID,
370 DesiredAccess: ACCESS_MASK,
371 AuditType: AUDIT_EVENT_TYPE,
372 Flags: ULONG,
373 ObjectTypeList: POBJECT_TYPE_LIST,
374 ObjectTypeListLength: ULONG,
375 GenericMapping: PGENERIC_MAPPING,
376 ObjectCreation: BOOLEAN,
377 GrantedAccess: PACCESS_MASK,
378 AccessStatus: PNTSTATUS,
379 GenerateOnClose: PBOOLEAN,
380 ) -> NTSTATUS;
381 fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle(
382 SubsystemName: PUNICODE_STRING,
383 HandleId: PVOID,
384 ClientToken: HANDLE,
385 ObjectTypeName: PUNICODE_STRING,
386 ObjectName: PUNICODE_STRING,
387 SecurityDescriptor: PSECURITY_DESCRIPTOR,
388 PrincipalSelfSid: PSID,
389 DesiredAccess: ACCESS_MASK,
390 AuditType: AUDIT_EVENT_TYPE,
391 Flags: ULONG,
392 ObjectTypeList: POBJECT_TYPE_LIST,
393 ObjectTypeListLength: ULONG,
394 GenericMapping: PGENERIC_MAPPING,
395 ObjectCreation: BOOLEAN,
396 GrantedAccess: PACCESS_MASK,
397 AccessStatus: PNTSTATUS,
398 GenerateOnClose: PBOOLEAN,
399 ) -> NTSTATUS;
400 fn NtOpenObjectAuditAlarm(
401 SubsystemName: PUNICODE_STRING,
402 HandleId: PVOID,
403 ObjectTypeName: PUNICODE_STRING,
404 ObjectName: PUNICODE_STRING,
405 SecurityDescriptor: PSECURITY_DESCRIPTOR,
406 ClientToken: HANDLE,
407 DesiredAccess: ACCESS_MASK,
408 GrantedAccess: ACCESS_MASK,
409 Privileges: PPRIVILEGE_SET,
410 ObjectCreation: BOOLEAN,
411 AccessGranted: BOOLEAN,
412 GenerateOnClose: PBOOLEAN,
413 ) -> NTSTATUS;
414 fn NtPrivilegeObjectAuditAlarm(
415 SubsystemName: PUNICODE_STRING,
416 HandleId: PVOID,
417 ClientToken: HANDLE,
418 DesiredAccess: ACCESS_MASK,
419 Privileges: PPRIVILEGE_SET,
420 AccessGranted: BOOLEAN,
421 ) -> NTSTATUS;
422 fn NtCloseObjectAuditAlarm(
423 SubsystemName: PUNICODE_STRING,
424 HandleId: PVOID,
425 GenerateOnClose: BOOLEAN,
426 ) -> NTSTATUS;
427 fn NtDeleteObjectAuditAlarm(
428 SubsystemName: PUNICODE_STRING,
429 HandleId: PVOID,
430 GenerateOnClose: BOOLEAN,
431 ) -> NTSTATUS;
432 fn NtPrivilegedServiceAuditAlarm(
433 SubsystemName: PUNICODE_STRING,
434 ServiceName: PUNICODE_STRING,
435 ClientToken: HANDLE,
436 Privileges: PPRIVILEGE_SET,
437 AccessGranted: BOOLEAN,
438 ) -> NTSTATUS;
439}}