1 2 3 #pragma once 4 5 // 0: 0x398000 - called from LSASRV!LsapInitLsa 6 #define IOCTL_KSEC_REGISTER_LSA_PROCESS \ 7 CTL_CODE(FILE_DEVICE_KSEC, 0x00, METHOD_BUFFERED, FILE_WRITE_ACCESS) 8 9 // 1: 0x390004 - called from tcpip!InitIsnGenerator 10 #define IOCTL_KSEC_1 \ 11 CTL_CODE(FILE_DEVICE_KSEC, 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS) 12 13 // 2: 0x390008 - called from SystemFunction036 aka RtlGenRandom via RandomFillBuffer 14 #define IOCTL_KSEC_RANDOM_FILL_BUFFER \ 15 CTL_CODE(FILE_DEVICE_KSEC, 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS) 16 17 // 3: 0x39000E - called from SystemFunction040 aka RtlEncryptMemory with OptionFlags == 0 18 #define IOCTL_KSEC_ENCRYPT_SAME_PROCESS \ 19 CTL_CODE(FILE_DEVICE_KSEC, 0x03, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 20 21 // 4: 0x390012 - called from SystemFunction041 aka RtlDecryptMemory with OptionFlags == 0 22 #define IOCTL_KSEC_DECRYPT_SAME_PROCESS \ 23 CTL_CODE(FILE_DEVICE_KSEC, 0x04, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 24 25 // 5: 0x390016 - called from SystemFunction040 aka RtlEncryptMemory with OptionFlags == 1 26 #define IOCTL_KSEC_ENCRYPT_CROSS_PROCESS \ 27 CTL_CODE(FILE_DEVICE_KSEC, 0x05, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 28 29 // 6: 0x39001A - called from SystemFunction041 aka RtlDecryptMemory with OptionFlags == 1 30 #define IOCTL_KSEC_DECRYPT_CROSS_PROCESS \ 31 CTL_CODE(FILE_DEVICE_KSEC, 0x06, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 32 33 // 7: 0x39001E - called from SystemFunction040 aka RtlEncryptMemory with OptionFlags == 2 34 #define IOCTL_KSEC_ENCRYPT_SAME_LOGON \ 35 CTL_CODE(FILE_DEVICE_KSEC, 0x07, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 36 37 // 8: 0x390022 - called from SystemFunction041 aka RtlDecryptMemory with OptionFlags == 2 38 #define IOCTL_KSEC_DECRYPT_SAME_LOGON \ 39 CTL_CODE(FILE_DEVICE_KSEC, 0x08, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 40 41 // e: 0x390038 - see http://wiki.mysmartlogon.com/Kernel_mode_SSP 42 #define IOCTL_KSEC_REGISTER_EXTENSION \ 43 CTL_CODE(FILE_DEVICE_KSEC, 0x0e, METHOD_BUFFERED, FILE_ANY_ACCESS) 44