1 use winapi::shared::basetsd::{PLONG64, PULONG64, ULONG64}; 2 use winapi::shared::ntdef::{ 3 BOOLEAN, HANDLE, LONG, NTSTATUS, PBOOLEAN, PHANDLE, PLARGE_INTEGER, PLUID, PNTSTATUS, 4 POBJECT_ATTRIBUTES, PUCHAR, PULONG, PUNICODE_STRING, PVOID, ULONG, UNICODE_STRING, USHORT, 5 }; 6 use winapi::um::winnt::{ 7 ACCESS_MASK, AUDIT_EVENT_TYPE, PACCESS_MASK, PGENERIC_MAPPING, POBJECT_TYPE_LIST, 8 PPRIVILEGE_SET, PSECURITY_DESCRIPTOR, PSE_SIGNING_LEVEL, PSID, PSID_AND_ATTRIBUTES, 9 PTOKEN_DEFAULT_DACL, PTOKEN_GROUPS, PTOKEN_MANDATORY_POLICY, PTOKEN_OWNER, 10 PTOKEN_PRIMARY_GROUP, PTOKEN_PRIVILEGES, PTOKEN_SOURCE, PTOKEN_USER, SE_SIGNING_LEVEL, 11 TOKEN_INFORMATION_CLASS, TOKEN_TYPE, 12 }; 13 pub const SE_MIN_WELL_KNOWN_PRIVILEGE: LONG = 2; 14 pub const SE_CREATE_TOKEN_PRIVILEGE: LONG = 2; 15 pub const SE_ASSIGNPRIMARYTOKEN_PRIVILEGE: LONG = 3; 16 pub const SE_LOCK_MEMORY_PRIVILEGE: LONG = 4; 17 pub const SE_INCREASE_QUOTA_PRIVILEGE: LONG = 5; 18 pub const SE_MACHINE_ACCOUNT_PRIVILEGE: LONG = 6; 19 pub const SE_TCB_PRIVILEGE: LONG = 7; 20 pub const SE_SECURITY_PRIVILEGE: LONG = 8; 21 pub const SE_TAKE_OWNERSHIP_PRIVILEGE: LONG = 9; 22 pub const SE_LOAD_DRIVER_PRIVILEGE: LONG = 10; 23 pub const SE_SYSTEM_PROFILE_PRIVILEGE: LONG = 11; 24 pub const SE_SYSTEMTIME_PRIVILEGE: LONG = 12; 25 pub const SE_PROF_SINGLE_PROCESS_PRIVILEGE: LONG = 13; 26 pub const SE_INC_BASE_PRIORITY_PRIVILEGE: LONG = 14; 27 pub const SE_CREATE_PAGEFILE_PRIVILEGE: LONG = 15; 28 pub const SE_CREATE_PERMANENT_PRIVILEGE: LONG = 16; 29 pub const SE_BACKUP_PRIVILEGE: LONG = 17; 30 pub const SE_RESTORE_PRIVILEGE: LONG = 18; 31 pub const SE_SHUTDOWN_PRIVILEGE: LONG = 19; 32 pub const SE_DEBUG_PRIVILEGE: LONG = 20; 33 pub const SE_AUDIT_PRIVILEGE: LONG = 21; 34 pub const SE_SYSTEM_ENVIRONMENT_PRIVILEGE: LONG = 22; 35 pub const SE_CHANGE_NOTIFY_PRIVILEGE: LONG = 23; 36 pub const SE_REMOTE_SHUTDOWN_PRIVILEGE: LONG = 24; 37 pub const SE_UNDOCK_PRIVILEGE: LONG = 25; 38 pub const SE_SYNC_AGENT_PRIVILEGE: LONG = 26; 39 pub const SE_ENABLE_DELEGATION_PRIVILEGE: LONG = 27; 40 pub const SE_MANAGE_VOLUME_PRIVILEGE: LONG = 28; 41 pub const SE_IMPERSONATE_PRIVILEGE: LONG = 29; 42 pub const SE_CREATE_GLOBAL_PRIVILEGE: LONG = 30; 43 pub const SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE: LONG = 31; 44 pub const SE_RELABEL_PRIVILEGE: LONG = 32; 45 pub const SE_INC_WORKING_SET_PRIVILEGE: LONG = 33; 46 pub const SE_TIME_ZONE_PRIVILEGE: LONG = 34; 47 pub const SE_CREATE_SYMBOLIC_LINK_PRIVILEGE: LONG = 35; 48 pub const SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE: LONG = 36; 49 pub const SE_MAX_WELL_KNOWN_PRIVILEGE: LONG = SE_DELEGATE_SESSION_USER_IMPERSONATE_PRIVILEGE; 50 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID: USHORT = 0x00; 51 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64: USHORT = 0x01; 52 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64: USHORT = 0x02; 53 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING: USHORT = 0x03; 54 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN: USHORT = 0x04; 55 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_SID: USHORT = 0x05; 56 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: USHORT = 0x06; 57 pub const TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING: USHORT = 0x10; 58 pub const TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE: USHORT = 0x0001; 59 pub const TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE: USHORT = 0x0002; 60 pub const TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY: USHORT = 0x0004; 61 pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT: USHORT = 0x0008; 62 pub const TOKEN_SECURITY_ATTRIBUTE_DISABLED: USHORT = 0x0010; 63 pub const TOKEN_SECURITY_ATTRIBUTE_MANDATORY: USHORT = 0x0020; 64 pub const TOKEN_SECURITY_ATTRIBUTE_COMPARE_IGNORE: USHORT = 0x0040; 65 pub const TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS: USHORT = TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE 66 | TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY 67 | TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | TOKEN_SECURITY_ATTRIBUTE_DISABLED 68 | TOKEN_SECURITY_ATTRIBUTE_MANDATORY; 69 pub const TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS: u32 = 0xffff0000; 70 STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE { 71 Version: ULONG64, 72 Name: UNICODE_STRING, 73 }} 74 pub type PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE = *mut TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE; 75 STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE { 76 pValue: PVOID, 77 ValueLength: ULONG, 78 }} 79 pub type PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE = 80 *mut TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE; 81 UNION!{union TOKEN_SECURITY_ATTRIBUTE_V1_Values { 82 pInt64: PLONG64, 83 pUint64: PULONG64, 84 pString: PUNICODE_STRING, 85 pFqbn: PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE, 86 pOctetString: PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, 87 }} 88 STRUCT!{struct TOKEN_SECURITY_ATTRIBUTE_V1 { 89 Name: UNICODE_STRING, 90 ValueType: USHORT, 91 Reserved: USHORT, 92 Flags: ULONG, 93 ValueCount: ULONG, 94 Values: TOKEN_SECURITY_ATTRIBUTE_V1_Values, 95 }} 96 pub type PTOKEN_SECURITY_ATTRIBUTE_V1 = *mut TOKEN_SECURITY_ATTRIBUTE_V1; 97 pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1: USHORT = 1; 98 pub const TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION: USHORT = 99 TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1; 100 STRUCT!{struct TOKEN_SECURITY_ATTRIBUTES_INFORMATION { 101 Version: USHORT, 102 Reserved: USHORT, 103 AttributeCount: ULONG, 104 pAttributeV1: PTOKEN_SECURITY_ATTRIBUTE_V1, 105 }} 106 pub type PTOKEN_SECURITY_ATTRIBUTES_INFORMATION = *mut TOKEN_SECURITY_ATTRIBUTES_INFORMATION; 107 STRUCT!{struct TOKEN_PROCESS_TRUST_LEVEL { 108 TrustLevelSid: PSID, 109 }} 110 pub type PTOKEN_PROCESS_TRUST_LEVEL = *mut TOKEN_PROCESS_TRUST_LEVEL; 111 EXTERN!{extern "system" { 112 fn NtCreateToken( 113 TokenHandle: PHANDLE, 114 DesiredAccess: ACCESS_MASK, 115 ObjectAttributes: POBJECT_ATTRIBUTES, 116 TokenType: TOKEN_TYPE, 117 AuthenticationId: PLUID, 118 ExpirationTime: PLARGE_INTEGER, 119 User: PTOKEN_USER, 120 Groups: PTOKEN_GROUPS, 121 Privileges: PTOKEN_PRIVILEGES, 122 Owner: PTOKEN_OWNER, 123 PrimaryGroup: PTOKEN_PRIMARY_GROUP, 124 DefaultDacl: PTOKEN_DEFAULT_DACL, 125 TokenSource: PTOKEN_SOURCE, 126 ) -> NTSTATUS; 127 fn NtCreateLowBoxToken( 128 TokenHandle: PHANDLE, 129 ExistingTokenHandle: HANDLE, 130 DesiredAccess: ACCESS_MASK, 131 ObjectAttributes: POBJECT_ATTRIBUTES, 132 PackageSid: PSID, 133 CapabilityCount: ULONG, 134 Capabilities: PSID_AND_ATTRIBUTES, 135 HandleCount: ULONG, 136 Handles: *mut HANDLE, 137 ) -> NTSTATUS; 138 fn NtCreateTokenEx( 139 TokenHandle: PHANDLE, 140 DesiredAccess: ACCESS_MASK, 141 ObjectAttributes: POBJECT_ATTRIBUTES, 142 TokenType: TOKEN_TYPE, 143 AuthenticationId: PLUID, 144 ExpirationTime: PLARGE_INTEGER, 145 User: PTOKEN_USER, 146 Groups: PTOKEN_GROUPS, 147 Privileges: PTOKEN_PRIVILEGES, 148 UserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 149 DeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 150 DeviceGroups: PTOKEN_GROUPS, 151 TokenMandatoryPolicy: PTOKEN_MANDATORY_POLICY, 152 Owner: PTOKEN_OWNER, 153 PrimaryGroup: PTOKEN_PRIMARY_GROUP, 154 DefaultDacl: PTOKEN_DEFAULT_DACL, 155 TokenSource: PTOKEN_SOURCE, 156 ) -> NTSTATUS; 157 fn NtOpenProcessToken( 158 ProcessHandle: HANDLE, 159 DesiredAccess: ACCESS_MASK, 160 TokenHandle: PHANDLE, 161 ) -> NTSTATUS; 162 fn NtOpenProcessTokenEx( 163 ProcessHandle: HANDLE, 164 DesiredAccess: ACCESS_MASK, 165 HandleAttributes: ULONG, 166 TokenHandle: PHANDLE, 167 ) -> NTSTATUS; 168 fn NtOpenThreadToken( 169 ThreadHandle: HANDLE, 170 DesiredAccess: ACCESS_MASK, 171 OpenAsSelf: BOOLEAN, 172 TokenHandle: PHANDLE, 173 ) -> NTSTATUS; 174 fn NtOpenThreadTokenEx( 175 ThreadHandle: HANDLE, 176 DesiredAccess: ACCESS_MASK, 177 OpenAsSelf: BOOLEAN, 178 HandleAttributes: ULONG, 179 TokenHandle: PHANDLE, 180 ) -> NTSTATUS; 181 fn NtDuplicateToken( 182 ExistingTokenHandle: HANDLE, 183 DesiredAccess: ACCESS_MASK, 184 ObjectAttributes: POBJECT_ATTRIBUTES, 185 EffectiveOnly: BOOLEAN, 186 TokenType: TOKEN_TYPE, 187 NewTokenHandle: PHANDLE, 188 ) -> NTSTATUS; 189 fn NtQueryInformationToken( 190 TokenHandle: HANDLE, 191 TokenInformationClass: TOKEN_INFORMATION_CLASS, 192 TokenInformation: PVOID, 193 TokenInformationLength: ULONG, 194 ReturnLength: PULONG, 195 ) -> NTSTATUS; 196 fn NtSetInformationToken( 197 TokenHandle: HANDLE, 198 TokenInformationClass: TOKEN_INFORMATION_CLASS, 199 TokenInformation: PVOID, 200 TokenInformationLength: ULONG, 201 ) -> NTSTATUS; 202 fn NtAdjustPrivilegesToken( 203 TokenHandle: HANDLE, 204 DisableAllPrivileges: BOOLEAN, 205 NewState: PTOKEN_PRIVILEGES, 206 BufferLength: ULONG, 207 PreviousState: PTOKEN_PRIVILEGES, 208 ReturnLength: PULONG, 209 ) -> NTSTATUS; 210 fn NtAdjustGroupsToken( 211 TokenHandle: HANDLE, 212 ResetToDefault: BOOLEAN, 213 NewState: PTOKEN_GROUPS, 214 BufferLength: ULONG, 215 PreviousState: PTOKEN_GROUPS, 216 ReturnLength: PULONG, 217 ) -> NTSTATUS; 218 fn NtAdjustTokenClaimsAndDeviceGroups( 219 TokenHandle: HANDLE, 220 UserResetToDefault: BOOLEAN, 221 DeviceResetToDefault: BOOLEAN, 222 DeviceGroupsResetToDefault: BOOLEAN, 223 NewUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 224 NewDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 225 NewDeviceGroupsState: PTOKEN_GROUPS, 226 UserBufferLength: ULONG, 227 PreviousUserState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 228 DeviceBufferLength: ULONG, 229 PreviousDeviceState: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 230 DeviceGroupsBufferLength: ULONG, 231 PreviousDeviceGroups: PTOKEN_GROUPS, 232 UserReturnLength: PULONG, 233 DeviceReturnLength: PULONG, 234 DeviceGroupsReturnBufferLength: PULONG, 235 ) -> NTSTATUS; 236 fn NtFilterToken( 237 ExistingTokenHandle: HANDLE, 238 Flags: ULONG, 239 SidsToDisable: PTOKEN_GROUPS, 240 PrivilegesToDelete: PTOKEN_PRIVILEGES, 241 RestrictedSids: PTOKEN_GROUPS, 242 NewTokenHandle: PHANDLE, 243 ) -> NTSTATUS; 244 fn NtFilterTokenEx( 245 ExistingTokenHandle: HANDLE, 246 Flags: ULONG, 247 SidsToDisable: PTOKEN_GROUPS, 248 PrivilegesToDelete: PTOKEN_PRIVILEGES, 249 RestrictedSids: PTOKEN_GROUPS, 250 DisableUserClaimsCount: ULONG, 251 UserClaimsToDisable: PUNICODE_STRING, 252 DisableDeviceClaimsCount: ULONG, 253 DeviceClaimsToDisable: PUNICODE_STRING, 254 DeviceGroupsToDisable: PTOKEN_GROUPS, 255 RestrictedUserAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 256 RestrictedDeviceAttributes: PTOKEN_SECURITY_ATTRIBUTES_INFORMATION, 257 RestrictedDeviceGroups: PTOKEN_GROUPS, 258 NewTokenHandle: PHANDLE, 259 ) -> NTSTATUS; 260 fn NtCompareTokens( 261 FirstTokenHandle: HANDLE, 262 SecondTokenHandle: HANDLE, 263 Equal: PBOOLEAN, 264 ) -> NTSTATUS; 265 fn NtPrivilegeCheck( 266 ClientToken: HANDLE, 267 RequiredPrivileges: PPRIVILEGE_SET, 268 Result: PBOOLEAN, 269 ) -> NTSTATUS; 270 fn NtImpersonateAnonymousToken( 271 ThreadHandle: HANDLE, 272 ) -> NTSTATUS; 273 fn NtQuerySecurityAttributesToken( 274 TokenHandle: HANDLE, 275 Attributes: PUNICODE_STRING, 276 NumberOfAttributes: ULONG, 277 Buffer: PVOID, 278 Length: ULONG, 279 ReturnLength: PULONG, 280 ) -> NTSTATUS; 281 fn NtAccessCheck( 282 SecurityDescriptor: PSECURITY_DESCRIPTOR, 283 ClientToken: HANDLE, 284 DesiredAccess: ACCESS_MASK, 285 GenericMapping: PGENERIC_MAPPING, 286 PrivilegeSet: PPRIVILEGE_SET, 287 PrivilegeSetLength: PULONG, 288 GrantedAccess: PACCESS_MASK, 289 AccessStatus: PNTSTATUS, 290 ) -> NTSTATUS; 291 fn NtAccessCheckByType( 292 SecurityDescriptor: PSECURITY_DESCRIPTOR, 293 PrincipalSelfSid: PSID, 294 ClientToken: HANDLE, 295 DesiredAccess: ACCESS_MASK, 296 ObjectTypeList: POBJECT_TYPE_LIST, 297 ObjectTypeListLength: ULONG, 298 GenericMapping: PGENERIC_MAPPING, 299 PrivilegeSet: PPRIVILEGE_SET, 300 PrivilegeSetLength: PULONG, 301 GrantedAccess: PACCESS_MASK, 302 AccessStatus: PNTSTATUS, 303 ) -> NTSTATUS; 304 fn NtAccessCheckByTypeResultList( 305 SecurityDescriptor: PSECURITY_DESCRIPTOR, 306 PrincipalSelfSid: PSID, 307 ClientToken: HANDLE, 308 DesiredAccess: ACCESS_MASK, 309 ObjectTypeList: POBJECT_TYPE_LIST, 310 ObjectTypeListLength: ULONG, 311 GenericMapping: PGENERIC_MAPPING, 312 PrivilegeSet: PPRIVILEGE_SET, 313 PrivilegeSetLength: PULONG, 314 GrantedAccess: PACCESS_MASK, 315 AccessStatus: PNTSTATUS, 316 ) -> NTSTATUS; 317 fn NtSetCachedSigningLevel( 318 Flags: ULONG, 319 InputSigningLevel: SE_SIGNING_LEVEL, 320 SourceFiles: PHANDLE, 321 SourceFileCount: ULONG, 322 TargetFile: HANDLE, 323 ) -> NTSTATUS; 324 fn NtGetCachedSigningLevel( 325 File: HANDLE, 326 Flags: PULONG, 327 SigningLevel: PSE_SIGNING_LEVEL, 328 Thumbprint: PUCHAR, 329 ThumbprintSize: PULONG, 330 ThumbprintAlgorithm: PULONG, 331 ) -> NTSTATUS; 332 fn NtAccessCheckAndAuditAlarm( 333 SubsystemName: PUNICODE_STRING, 334 HandleId: PVOID, 335 ObjectTypeName: PUNICODE_STRING, 336 ObjectName: PUNICODE_STRING, 337 SecurityDescriptor: PSECURITY_DESCRIPTOR, 338 DesiredAccess: ACCESS_MASK, 339 GenericMapping: PGENERIC_MAPPING, 340 ObjectCreation: BOOLEAN, 341 GrantedAccess: PACCESS_MASK, 342 AccessStatus: PNTSTATUS, 343 GenerateOnClose: PBOOLEAN, 344 ) -> NTSTATUS; 345 fn NtAccessCheckByTypeAndAuditAlarm( 346 SubsystemName: PUNICODE_STRING, 347 HandleId: PVOID, 348 ObjectTypeName: PUNICODE_STRING, 349 ObjectName: PUNICODE_STRING, 350 SecurityDescriptor: PSECURITY_DESCRIPTOR, 351 PrincipalSelfSid: PSID, 352 DesiredAccess: ACCESS_MASK, 353 AuditType: AUDIT_EVENT_TYPE, 354 Flags: ULONG, 355 ObjectTypeList: POBJECT_TYPE_LIST, 356 ObjectTypeListLength: ULONG, 357 GenericMapping: PGENERIC_MAPPING, 358 ObjectCreation: BOOLEAN, 359 GrantedAccess: PACCESS_MASK, 360 AccessStatus: PNTSTATUS, 361 GenerateOnClose: PBOOLEAN, 362 ) -> NTSTATUS; 363 fn NtAccessCheckByTypeResultListAndAuditAlarm( 364 SubsystemName: PUNICODE_STRING, 365 HandleId: PVOID, 366 ObjectTypeName: PUNICODE_STRING, 367 ObjectName: PUNICODE_STRING, 368 SecurityDescriptor: PSECURITY_DESCRIPTOR, 369 PrincipalSelfSid: PSID, 370 DesiredAccess: ACCESS_MASK, 371 AuditType: AUDIT_EVENT_TYPE, 372 Flags: ULONG, 373 ObjectTypeList: POBJECT_TYPE_LIST, 374 ObjectTypeListLength: ULONG, 375 GenericMapping: PGENERIC_MAPPING, 376 ObjectCreation: BOOLEAN, 377 GrantedAccess: PACCESS_MASK, 378 AccessStatus: PNTSTATUS, 379 GenerateOnClose: PBOOLEAN, 380 ) -> NTSTATUS; 381 fn NtAccessCheckByTypeResultListAndAuditAlarmByHandle( 382 SubsystemName: PUNICODE_STRING, 383 HandleId: PVOID, 384 ClientToken: HANDLE, 385 ObjectTypeName: PUNICODE_STRING, 386 ObjectName: PUNICODE_STRING, 387 SecurityDescriptor: PSECURITY_DESCRIPTOR, 388 PrincipalSelfSid: PSID, 389 DesiredAccess: ACCESS_MASK, 390 AuditType: AUDIT_EVENT_TYPE, 391 Flags: ULONG, 392 ObjectTypeList: POBJECT_TYPE_LIST, 393 ObjectTypeListLength: ULONG, 394 GenericMapping: PGENERIC_MAPPING, 395 ObjectCreation: BOOLEAN, 396 GrantedAccess: PACCESS_MASK, 397 AccessStatus: PNTSTATUS, 398 GenerateOnClose: PBOOLEAN, 399 ) -> NTSTATUS; 400 fn NtOpenObjectAuditAlarm( 401 SubsystemName: PUNICODE_STRING, 402 HandleId: PVOID, 403 ObjectTypeName: PUNICODE_STRING, 404 ObjectName: PUNICODE_STRING, 405 SecurityDescriptor: PSECURITY_DESCRIPTOR, 406 ClientToken: HANDLE, 407 DesiredAccess: ACCESS_MASK, 408 GrantedAccess: ACCESS_MASK, 409 Privileges: PPRIVILEGE_SET, 410 ObjectCreation: BOOLEAN, 411 AccessGranted: BOOLEAN, 412 GenerateOnClose: PBOOLEAN, 413 ) -> NTSTATUS; 414 fn NtPrivilegeObjectAuditAlarm( 415 SubsystemName: PUNICODE_STRING, 416 HandleId: PVOID, 417 ClientToken: HANDLE, 418 DesiredAccess: ACCESS_MASK, 419 Privileges: PPRIVILEGE_SET, 420 AccessGranted: BOOLEAN, 421 ) -> NTSTATUS; 422 fn NtCloseObjectAuditAlarm( 423 SubsystemName: PUNICODE_STRING, 424 HandleId: PVOID, 425 GenerateOnClose: BOOLEAN, 426 ) -> NTSTATUS; 427 fn NtDeleteObjectAuditAlarm( 428 SubsystemName: PUNICODE_STRING, 429 HandleId: PVOID, 430 GenerateOnClose: BOOLEAN, 431 ) -> NTSTATUS; 432 fn NtPrivilegedServiceAuditAlarm( 433 SubsystemName: PUNICODE_STRING, 434 ServiceName: PUNICODE_STRING, 435 ClientToken: HANDLE, 436 Privileges: PPRIVILEGE_SET, 437 AccessGranted: BOOLEAN, 438 ) -> NTSTATUS; 439 }} 440