IntroVirt/TOKEN_8hh_source.html

/*

 * Copyright 2021 Assured Information Security, Inc.

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *         http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once


#include "OBJECT.hh"


#include <introvirt/windows/kernel/nt/types/SEP_LOGON_SESSION_REFERENCES.hh>


#include <cstdint>

#include <memory>

#include <vector>


namespace introvirt {

namespace windows {

namespace nt {


enum SePrivilege {

    SeUnsolicitedInputPrivilege = 0x0,

    SeCreateTokenPrivilege = 0x2,

    SeAssignPrimaryTokenPrivilege = 0x3,

    SeLockMemoryPrivilege = 0x4,

    SeIncreaseQuotaPrivilege = 0x5,

    SeMachineAccountPrivilege = 0x6,

    SeTcbPrivilege = 0x7,

    SeSecurityPrivilege = 0x8,

    SeTakeOwnershipPrivilege = 0x9,

    SeLoadDriverPrivilege = 0xa,

    SeSystemProfilePrivilege = 0xb,

    SeSystemtimePrivilege = 0xc,

    SeProfileSingleProcessPrivilege = 0xd,

    SeIncreaseBasePriorityPrivilege = 0xe,

    SeCreatePagefilePrivilege = 0xf,

    SeCreatePermanentPrivilege = 0x10,

    SeBackupPrivilege = 0x11,

    SeRestorePrivilege = 0x12,

    SeShutdownPrivilege = 0x13,

    SeDebugPrivilege = 0x14,

    SeAuditPrivilege = 0x15,

    SeSystemEnvironmentPrivilege = 0x16,

    SeChangeNotifyPrivilege = 0x17,

    SeRemoteShutdownPrivilege = 0x18,

    SeUndockPrivilege = 0x19,

    SeSyncAgentPrivilege = 0x1a,

    SeEnableDelegationPrivilege = 0x1b,

    SeManageVolumePrivilege = 0x1c,

    SeImpersonatePrivilege = 0x1d,

    SeCreateGlobalPrivilege = 0x1e,

    SeTrustedCredManAccessPrivilege = 0x1f,

    SeRelabelPrivilege = 0x20,

    SeIncreaseWorkingSetPrivilege = 0x21,

    SeTimeZonePrivilege = 0x22,

    SeCreateSymbolicLinkPrivilege = 0x23,

    SeDelegateSessionUserImpersonatePrivilege = 0x24

};


class TOKEN : public OBJECT {

  public:

    virtual std::vector<std::shared_ptr<SID_AND_ATTRIBUTES>> Groups() = 0;

    virtual std::vector<std::shared_ptr<const SID_AND_ATTRIBUTES>> Groups() const = 0;


    virtual const SID* User() const = 0;

    virtual const SID* PrimaryGroup() const = 0;


    virtual uint64_t PrivilegesPresent() const = 0;

    virtual void PrivilegesPresent(uint64_t Privileges) = 0;


    virtual uint64_t PrivilegesEnabled() const = 0;

    virtual void PrivilegesEnabled(uint64_t Privileges) = 0;


    virtual uint32_t SessionId() const = 0;

    virtual void SessionId(uint32_t SessionId) = 0;


    virtual uint32_t DynamicCharged() const = 0;

    virtual void DynamicCharged(uint32_t DynamicCharged) = 0;


    virtual uint32_t DynamicAvailable() const = 0;

    virtual void DynamicAvailable(uint32_t DynamicAvailable) = 0;


    virtual uint32_t DefaultOwnerIndex() const = 0;

    virtual void DefaultOwnerIndex(uint32_t DefaultOwnerIndex) = 0;


    virtual uint32_t TokenType() const = 0;

    virtual void TokenType(uint32_t TokenType) = 0;


    virtual uint32_t ImpersonationLevel() const = 0;

    virtual void ImpersonationLevel(uint32_t ImpersonationLevel) = 0;


    virtual uint32_t TokenFlags() const = 0;

    virtual void TokenFlags(uint32_t TokenFlags) = 0;


    virtual bool TokenInUse() const = 0;

    virtual void TokenInUse(bool TokenInUse) = 0;


    virtual uint32_t IntegrityLevelIndex() const = 0;

    virtual void IntegrityLevelIndex(uint32_t IntegrityLevelIndex) = 0;


    virtual uint32_t MandatoryPolicy() const = 0;

    virtual void MandatoryPolicy(uint32_t MandatoryPolicy) = 0;


    virtual SID* User() = 0;

    virtual SID* PrimaryGroup() = 0;


    virtual SEP_LOGON_SESSION_REFERENCES* LogonSession() = 0;

    virtual const SEP_LOGON_SESSION_REFERENCES* LogonSession() const = 0;


    static std::shared_ptr<TOKEN> make_shared(const NtKernel& kernel, const guest_ptr<void>& ptr);


    static std::shared_ptr<TOKEN> make_shared(const NtKernel& kernel,

                                              std::unique_ptr<OBJECT_HEADER>&& object_header);


    virtual ~TOKEN() = default;

};


} /* namespace nt */

} /* namespace windows */

} /* namespace introvirt */

OBJECT.hh

SEP_LOGON_SESSION_REFERENCES.hh

introvirt::basic_guest_ptr
Definition guest_ptr.hh:88

introvirt::windows::nt::NtKernel
Abstraction for the Windows NT kernel.
Definition NtKernel.hh:37

introvirt::windows::nt::OBJECT
Base class for all kernel objects.
Definition OBJECT.hh:30

introvirt::windows::nt::OBJECT::ptr
virtual guest_ptr< void > ptr() const =0

introvirt::windows::nt::SEP_LOGON_SESSION_REFERENCES
Definition SEP_LOGON_SESSION_REFERENCES.hh:28

introvirt::windows::nt::SID
Definition SID.hh:35

introvirt::windows::nt::TOKEN
Definition TOKEN.hh:69

introvirt::windows::nt::TOKEN::TokenInUse
virtual void TokenInUse(bool TokenInUse)=0

introvirt::windows::nt::TOKEN::TokenFlags
virtual void TokenFlags(uint32_t TokenFlags)=0

introvirt::windows::nt::TOKEN::MandatoryPolicy
virtual void MandatoryPolicy(uint32_t MandatoryPolicy)=0

introvirt::windows::nt::TOKEN::IntegrityLevelIndex
virtual uint32_t IntegrityLevelIndex() const =0

introvirt::windows::nt::TOKEN::LogonSession
virtual const SEP_LOGON_SESSION_REFERENCES * LogonSession() const =0

introvirt::windows::nt::TOKEN::ImpersonationLevel
virtual uint32_t ImpersonationLevel() const =0

introvirt::windows::nt::TOKEN::DynamicCharged
virtual uint32_t DynamicCharged() const =0

introvirt::windows::nt::TOKEN::IntegrityLevelIndex
virtual void IntegrityLevelIndex(uint32_t IntegrityLevelIndex)=0

introvirt::windows::nt::TOKEN::PrimaryGroup
virtual const SID * PrimaryGroup() const =0

introvirt::windows::nt::TOKEN::DynamicAvailable
virtual uint32_t DynamicAvailable() const =0

introvirt::windows::nt::TOKEN::User
virtual SID * User()=0

introvirt::windows::nt::TOKEN::PrimaryGroup
virtual SID * PrimaryGroup()=0

introvirt::windows::nt::TOKEN::PrivilegesPresent
virtual void PrivilegesPresent(uint64_t Privileges)=0

introvirt::windows::nt::TOKEN::PrivilegesEnabled
virtual void PrivilegesEnabled(uint64_t Privileges)=0

introvirt::windows::nt::TOKEN::SessionId
virtual void SessionId(uint32_t SessionId)=0

introvirt::windows::nt::TOKEN::DefaultOwnerIndex
virtual void DefaultOwnerIndex(uint32_t DefaultOwnerIndex)=0

introvirt::windows::nt::TOKEN::TokenType
virtual void TokenType(uint32_t TokenType)=0

introvirt::windows::nt::TOKEN::TokenFlags
virtual uint32_t TokenFlags() const =0

introvirt::windows::nt::TOKEN::DynamicCharged
virtual void DynamicCharged(uint32_t DynamicCharged)=0

introvirt::windows::nt::TOKEN::make_shared
static std::shared_ptr< TOKEN > make_shared(const NtKernel &kernel, const guest_ptr< void > &ptr)

introvirt::windows::nt::TOKEN::DynamicAvailable
virtual void DynamicAvailable(uint32_t DynamicAvailable)=0

introvirt::windows::nt::TOKEN::ImpersonationLevel
virtual void ImpersonationLevel(uint32_t ImpersonationLevel)=0

introvirt::windows::nt::TOKEN::MandatoryPolicy
virtual uint32_t MandatoryPolicy() const =0

introvirt::windows::nt::TOKEN::~TOKEN
virtual ~TOKEN()=default

introvirt::windows::nt::TOKEN::TokenType
virtual uint32_t TokenType() const =0

introvirt::windows::nt::TOKEN::TokenInUse
virtual bool TokenInUse() const =0

introvirt::windows::nt::TOKEN::Groups
virtual std::vector< std::shared_ptr< const SID_AND_ATTRIBUTES > > Groups() const =0

introvirt::windows::nt::TOKEN::PrivilegesEnabled
virtual uint64_t PrivilegesEnabled() const =0

introvirt::windows::nt::TOKEN::Groups
virtual std::vector< std::shared_ptr< SID_AND_ATTRIBUTES > > Groups()=0

introvirt::windows::nt::TOKEN::User
virtual const SID * User() const =0

introvirt::windows::nt::TOKEN::PrivilegesPresent
virtual uint64_t PrivilegesPresent() const =0

introvirt::windows::nt::TOKEN::DefaultOwnerIndex
virtual uint32_t DefaultOwnerIndex() const =0

introvirt::windows::nt::TOKEN::LogonSession
virtual SEP_LOGON_SESSION_REFERENCES * LogonSession()=0

introvirt::windows::nt::TOKEN::SessionId
virtual uint32_t SessionId() const =0

introvirt::windows::nt::TOKEN::make_shared
static std::shared_ptr< TOKEN > make_shared(const NtKernel &kernel, std::unique_ptr< OBJECT_HEADER > &&object_header)

introvirt::windows::nt::SePrivilege
SePrivilege
Definition TOKEN.hh:30

introvirt::windows::nt::SeSystemtimePrivilege
@ SeSystemtimePrivilege
Definition TOKEN.hh:42

introvirt::windows::nt::SeIncreaseWorkingSetPrivilege
@ SeIncreaseWorkingSetPrivilege
Definition TOKEN.hh:63

introvirt::windows::nt::SeUnsolicitedInputPrivilege
@ SeUnsolicitedInputPrivilege
Definition TOKEN.hh:31

introvirt::windows::nt::SeLockMemoryPrivilege
@ SeLockMemoryPrivilege
Definition TOKEN.hh:34

introvirt::windows::nt::SeDebugPrivilege
@ SeDebugPrivilege
Definition TOKEN.hh:50

introvirt::windows::nt::SeCreatePagefilePrivilege
@ SeCreatePagefilePrivilege
Definition TOKEN.hh:45

introvirt::windows::nt::SeCreateTokenPrivilege
@ SeCreateTokenPrivilege
Definition TOKEN.hh:32

introvirt::windows::nt::SeBackupPrivilege
@ SeBackupPrivilege
Definition TOKEN.hh:47

introvirt::windows::nt::SeTakeOwnershipPrivilege
@ SeTakeOwnershipPrivilege
Definition TOKEN.hh:39

introvirt::windows::nt::SeMachineAccountPrivilege
@ SeMachineAccountPrivilege
Definition TOKEN.hh:36

introvirt::windows::nt::SeRelabelPrivilege
@ SeRelabelPrivilege
Definition TOKEN.hh:62

introvirt::windows::nt::SeProfileSingleProcessPrivilege
@ SeProfileSingleProcessPrivilege
Definition TOKEN.hh:43

introvirt::windows::nt::SeCreateSymbolicLinkPrivilege
@ SeCreateSymbolicLinkPrivilege
Definition TOKEN.hh:65

introvirt::windows::nt::SeTimeZonePrivilege
@ SeTimeZonePrivilege
Definition TOKEN.hh:64

introvirt::windows::nt::SeRestorePrivilege
@ SeRestorePrivilege
Definition TOKEN.hh:48

introvirt::windows::nt::SeDelegateSessionUserImpersonatePrivilege
@ SeDelegateSessionUserImpersonatePrivilege
Definition TOKEN.hh:66

introvirt::windows::nt::SeChangeNotifyPrivilege
@ SeChangeNotifyPrivilege
Definition TOKEN.hh:53

introvirt::windows::nt::SeTrustedCredManAccessPrivilege
@ SeTrustedCredManAccessPrivilege
Definition TOKEN.hh:61

introvirt::windows::nt::SeAuditPrivilege
@ SeAuditPrivilege
Definition TOKEN.hh:51

introvirt::windows::nt::SeManageVolumePrivilege
@ SeManageVolumePrivilege
Definition TOKEN.hh:58

introvirt::windows::nt::SeIncreaseQuotaPrivilege
@ SeIncreaseQuotaPrivilege
Definition TOKEN.hh:35

introvirt::windows::nt::SeTcbPrivilege
@ SeTcbPrivilege
Definition TOKEN.hh:37

introvirt::windows::nt::SeSystemEnvironmentPrivilege
@ SeSystemEnvironmentPrivilege
Definition TOKEN.hh:52

introvirt::windows::nt::SeImpersonatePrivilege
@ SeImpersonatePrivilege
Definition TOKEN.hh:59

introvirt::windows::nt::SeShutdownPrivilege
@ SeShutdownPrivilege
Definition TOKEN.hh:49

introvirt::windows::nt::SeLoadDriverPrivilege
@ SeLoadDriverPrivilege
Definition TOKEN.hh:40

introvirt::windows::nt::SeUndockPrivilege
@ SeUndockPrivilege
Definition TOKEN.hh:55

introvirt::windows::nt::SeSyncAgentPrivilege
@ SeSyncAgentPrivilege
Definition TOKEN.hh:56

introvirt::windows::nt::SeCreatePermanentPrivilege
@ SeCreatePermanentPrivilege
Definition TOKEN.hh:46

introvirt::windows::nt::SeSecurityPrivilege
@ SeSecurityPrivilege
Definition TOKEN.hh:38

introvirt::windows::nt::SeRemoteShutdownPrivilege
@ SeRemoteShutdownPrivilege
Definition TOKEN.hh:54

introvirt::windows::nt::SeEnableDelegationPrivilege
@ SeEnableDelegationPrivilege
Definition TOKEN.hh:57

introvirt::windows::nt::SeSystemProfilePrivilege
@ SeSystemProfilePrivilege
Definition TOKEN.hh:41

introvirt::windows::nt::SeAssignPrimaryTokenPrivilege
@ SeAssignPrimaryTokenPrivilege
Definition TOKEN.hh:33

introvirt::windows::nt::SeCreateGlobalPrivilege
@ SeCreateGlobalPrivilege
Definition TOKEN.hh:60

introvirt::windows::nt::SeIncreaseBasePriorityPrivilege
@ SeIncreaseBasePriorityPrivilege
Definition TOKEN.hh:44

introvirt
Core IntroVirt classes.
Definition Cr0.hh:20