Process Hacker
Data Structures | Macros | Typedefs | Enumerations | Functions
ntseapi.h File Reference

Go to the source code of this file.

Data Structures

struct  _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
 
struct  _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
 
struct  _TOKEN_SECURITY_ATTRIBUTE_V1
 
struct  _TOKEN_SECURITY_ATTRIBUTES_INFORMATION
 

Macros

#define SE_MIN_WELL_KNOWN_PRIVILEGE   (2L)
 
#define SE_CREATE_TOKEN_PRIVILEGE   (2L)
 
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE   (3L)
 
#define SE_LOCK_MEMORY_PRIVILEGE   (4L)
 
#define SE_INCREASE_QUOTA_PRIVILEGE   (5L)
 
#define SE_MACHINE_ACCOUNT_PRIVILEGE   (6L)
 
#define SE_TCB_PRIVILEGE   (7L)
 
#define SE_SECURITY_PRIVILEGE   (8L)
 
#define SE_TAKE_OWNERSHIP_PRIVILEGE   (9L)
 
#define SE_LOAD_DRIVER_PRIVILEGE   (10L)
 
#define SE_SYSTEM_PROFILE_PRIVILEGE   (11L)
 
#define SE_SYSTEMTIME_PRIVILEGE   (12L)
 
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE   (13L)
 
#define SE_INC_BASE_PRIORITY_PRIVILEGE   (14L)
 
#define SE_CREATE_PAGEFILE_PRIVILEGE   (15L)
 
#define SE_CREATE_PERMANENT_PRIVILEGE   (16L)
 
#define SE_BACKUP_PRIVILEGE   (17L)
 
#define SE_RESTORE_PRIVILEGE   (18L)
 
#define SE_SHUTDOWN_PRIVILEGE   (19L)
 
#define SE_DEBUG_PRIVILEGE   (20L)
 
#define SE_AUDIT_PRIVILEGE   (21L)
 
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE   (22L)
 
#define SE_CHANGE_NOTIFY_PRIVILEGE   (23L)
 
#define SE_REMOTE_SHUTDOWN_PRIVILEGE   (24L)
 
#define SE_UNDOCK_PRIVILEGE   (25L)
 
#define SE_SYNC_AGENT_PRIVILEGE   (26L)
 
#define SE_ENABLE_DELEGATION_PRIVILEGE   (27L)
 
#define SE_MANAGE_VOLUME_PRIVILEGE   (28L)
 
#define SE_IMPERSONATE_PRIVILEGE   (29L)
 
#define SE_CREATE_GLOBAL_PRIVILEGE   (30L)
 
#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE   (31L)
 
#define SE_RELABEL_PRIVILEGE   (32L)
 
#define SE_INC_WORKING_SET_PRIVILEGE   (33L)
 
#define SE_TIME_ZONE_PRIVILEGE   (34L)
 
#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE   (35L)
 
#define SE_MAX_WELL_KNOWN_PRIVILEGE   SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID   0x00
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64   0x01
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64   0x02
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING   0x03
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN   0x04
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_SID   0x05
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN   0x06
 
#define TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING   0x10
 
#define TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE   0x0001
 
#define TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE   0x0002
 
#define TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY   0x0004
 
#define TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT   0x0008
 
#define TOKEN_SECURITY_ATTRIBUTE_DISABLED   0x0010
 
#define TOKEN_SECURITY_ATTRIBUTE_MANDATORY   0x0020
 
#define TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS
 
#define TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS   0xffff0000
 
#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1   1
 
#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION   TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1
 

Typedefs

typedef struct
_TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE 		TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE		PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE 		TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE		PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTE_V1 		TOKEN_SECURITY_ATTRIBUTE_V1
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTE_V1		PTOKEN_SECURITY_ATTRIBUTE_V1
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTES_INFORMATION 		TOKEN_SECURITY_ATTRIBUTES_INFORMATION
 
typedef struct
_TOKEN_SECURITY_ATTRIBUTES_INFORMATION		PTOKEN_SECURITY_ATTRIBUTES_INFORMATION
 
typedef ULONG SE_SIGNING_LEVEL
 
typedef ULONG * PSE_SIGNING_LEVEL
 
typedef enum
_FILTER_BOOT_OPTION_OPERATION 		FILTER_BOOT_OPTION_OPERATION
 

Enumerations

enum  _FILTER_BOOT_OPTION_OPERATION { FilterBootOptionOperationOpenSystemStore, FilterBootOptionOperationSetElement, FilterBootOptionOperationDeleteElement, FilterBootOptionOperationMax }
 

Functions

NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER User, _In_ PTOKEN_GROUPS Groups, _In_ PTOKEN_PRIVILEGES Privileges, _In_opt_ PTOKEN_OWNER Owner, _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateLowBoxToken (_Out_ PHANDLE TokenHandle, _In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PSID PackageSid, _In_ ULONG CapabilityCount, _In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES Capabilities, _In_ ULONG HandleCount, _In_reads_opt_(HandleCount) HANDLE *Handles)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCreateTokenEx (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER User, _In_ PTOKEN_GROUPS Groups, _In_ PTOKEN_PRIVILEGES Privileges, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION UserAttributes, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION DeviceAttributes, _In_opt_ PTOKEN_GROUPS DeviceGroups, _In_opt_ PTOKEN_MANDATORY_POLICY TokenMandatoryPolicy, _In_opt_ PTOKEN_OWNER Owner, _In_ PTOKEN_PRIMARY_GROUP PrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx (_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenJobObjectToken (_In_ HANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _Out_ PHANDLE TokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_PRIVILEGES PreviousState, _Out_ _When_(PreviousState==NULL, _Out_opt_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustTokenClaimsAndDeviceGroups (_In_ HANDLE TokenHandle, _In_ BOOLEAN UserResetToDefault, _In_ BOOLEAN DeviceResetToDefault, _In_ BOOLEAN DeviceGroupsResetToDefault, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewUserState, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION NewDeviceState, _In_opt_ PTOKEN_GROUPS NewDeviceGroupsState, _In_ ULONG UserBufferLength, _Out_writes_bytes_to_opt_(UserBufferLength,*UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousUserState, _In_ ULONG DeviceBufferLength, _Out_writes_bytes_to_opt_(DeviceBufferLength,*DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION PreviousDeviceState, _In_ ULONG DeviceGroupsBufferLength, _Out_writes_bytes_to_opt_(DeviceGroupsBufferLength,*DeviceGroupsReturnBufferLength) PTOKEN_GROUPS PreviousDeviceGroups, _Out_opt_ PULONG UserReturnLength, _Out_opt_ PULONG DeviceReturnLength, _Out_opt_ PULONG DeviceGroupsReturnBufferLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtFilterTokenEx (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _In_ ULONG DisableUserClaimsCount, _In_opt_ PUNICODE_STRING UserClaimsToDisable, _In_ ULONG DisableDeviceClaimsCount, _In_opt_ PUNICODE_STRING DeviceClaimsToDisable, _In_opt_ PTOKEN_GROUPS DeviceGroupsToDisable, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedUserAttributes, _In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION RestrictedDeviceAttributes, _In_opt_ PTOKEN_GROUPS RestrictedDeviceGroups, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityAttributesToken (_In_ HANDLE TokenHandle, _In_reads_opt_(NumberOfAttributes) PUNICODE_STRING Attributes, _In_ ULONG NumberOfAttributes, _Out_writes_bytes_(Length) PVOID Buffer, _In_ ULONG Length, _Out_ PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
 
NTSYSCALLAPI NTSTATUS NTAPI NtSetCachedSigningLevel (_In_ ULONG Flags, _In_ SE_SIGNING_LEVEL InputSigningLevel, _In_reads_(SourceFileCount) PHANDLE SourceFiles, _In_ ULONG SourceFileCount, _In_opt_ HANDLE TargetFile)
 
NTSYSCALLAPI NTSTATUS NTAPI NtGetCachedSigningLevel (_In_ HANDLE File, _Out_ PULONG Flags, _Out_ PSE_SIGNING_LEVEL SigningLevel, _Out_writes_bytes_to_opt_(*ThumbprintSize,*ThumbprintSize) PUCHAR Thumbprint, _Inout_opt_ PULONG ThumbprintSize, _Out_opt_ PULONG ThumbprintAlgorithm)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSCALLAPI NTSTATUS NTAPI NtFilterBootOption (_In_ FILTER_BOOT_OPTION_OPERATION FilterOperation, _In_ ULONG ObjectType, _In_ ULONG ElementType, _In_reads_bytes_opt_(DataSize) PVOID Data, _In_ ULONG DataSize)
 

Macro Definition Documentation

#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE   (3L)

Definition at line 8 of file ntseapi.h.

#define SE_AUDIT_PRIVILEGE   (21L)

Definition at line 27 of file ntseapi.h.

#define SE_BACKUP_PRIVILEGE   (17L)

Definition at line 23 of file ntseapi.h.

#define SE_CHANGE_NOTIFY_PRIVILEGE   (23L)

Definition at line 29 of file ntseapi.h.

#define SE_CREATE_GLOBAL_PRIVILEGE   (30L)

Definition at line 36 of file ntseapi.h.

#define SE_CREATE_PAGEFILE_PRIVILEGE   (15L)

Definition at line 21 of file ntseapi.h.

#define SE_CREATE_PERMANENT_PRIVILEGE   (16L)

Definition at line 22 of file ntseapi.h.

#define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE   (35L)

Definition at line 41 of file ntseapi.h.

#define SE_CREATE_TOKEN_PRIVILEGE   (2L)

Definition at line 7 of file ntseapi.h.

#define SE_DEBUG_PRIVILEGE   (20L)

Definition at line 26 of file ntseapi.h.

#define SE_ENABLE_DELEGATION_PRIVILEGE   (27L)

Definition at line 33 of file ntseapi.h.

#define SE_IMPERSONATE_PRIVILEGE   (29L)

Definition at line 35 of file ntseapi.h.

#define SE_INC_BASE_PRIORITY_PRIVILEGE   (14L)

Definition at line 20 of file ntseapi.h.

#define SE_INC_WORKING_SET_PRIVILEGE   (33L)

Definition at line 39 of file ntseapi.h.

#define SE_INCREASE_QUOTA_PRIVILEGE   (5L)

Definition at line 10 of file ntseapi.h.

#define SE_LOAD_DRIVER_PRIVILEGE   (10L)

Definition at line 16 of file ntseapi.h.

#define SE_LOCK_MEMORY_PRIVILEGE   (4L)

Definition at line 9 of file ntseapi.h.

#define SE_MACHINE_ACCOUNT_PRIVILEGE   (6L)

Definition at line 12 of file ntseapi.h.

#define SE_MANAGE_VOLUME_PRIVILEGE   (28L)

Definition at line 34 of file ntseapi.h.

#define SE_MAX_WELL_KNOWN_PRIVILEGE   SE_CREATE_SYMBOLIC_LINK_PRIVILEGE

Definition at line 42 of file ntseapi.h.

#define SE_MIN_WELL_KNOWN_PRIVILEGE   (2L)

Definition at line 6 of file ntseapi.h.

#define SE_PROF_SINGLE_PROCESS_PRIVILEGE   (13L)

Definition at line 19 of file ntseapi.h.

#define SE_RELABEL_PRIVILEGE   (32L)

Definition at line 38 of file ntseapi.h.

#define SE_REMOTE_SHUTDOWN_PRIVILEGE   (24L)

Definition at line 30 of file ntseapi.h.

#define SE_RESTORE_PRIVILEGE   (18L)

Definition at line 24 of file ntseapi.h.

#define SE_SECURITY_PRIVILEGE   (8L)

Definition at line 14 of file ntseapi.h.

#define SE_SHUTDOWN_PRIVILEGE   (19L)

Definition at line 25 of file ntseapi.h.

#define SE_SYNC_AGENT_PRIVILEGE   (26L)

Definition at line 32 of file ntseapi.h.

#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE   (22L)

Definition at line 28 of file ntseapi.h.

#define SE_SYSTEM_PROFILE_PRIVILEGE   (11L)

Definition at line 17 of file ntseapi.h.

#define SE_SYSTEMTIME_PRIVILEGE   (12L)

Definition at line 18 of file ntseapi.h.

#define SE_TAKE_OWNERSHIP_PRIVILEGE   (9L)

Definition at line 15 of file ntseapi.h.

#define SE_TCB_PRIVILEGE   (7L)

Definition at line 13 of file ntseapi.h.

#define SE_TIME_ZONE_PRIVILEGE   (34L)

Definition at line 40 of file ntseapi.h.

#define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE   (31L)

Definition at line 37 of file ntseapi.h.

#define SE_UNDOCK_PRIVILEGE   (25L)

Definition at line 31 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_CUSTOM_FLAGS   0xffff0000

Definition at line 77 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_DISABLED   0x0010

Definition at line 66 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT   0x0008

Definition at line 65 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_MANDATORY   0x0020

Definition at line 67 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE   0x0001

Definition at line 62 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_BOOLEAN   0x06

Definition at line 57 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_FQBN   0x04

Definition at line 55 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INT64   0x01

Definition at line 52 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_INVALID   0x00

Definition at line 51 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING   0x10

Definition at line 58 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_SID   0x05

Definition at line 56 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_STRING   0x03

Definition at line 54 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_TYPE_UINT64   0x02

Definition at line 53 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY   0x0004

Definition at line 64 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_VALID_FLAGS
Value:
( \
TOKEN_SECURITY_ATTRIBUTE_NON_INHERITABLE | \
TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE | \
TOKEN_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY | \
TOKEN_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT | \
TOKEN_SECURITY_ATTRIBUTE_DISABLED | \
TOKEN_SECURITY_ATTRIBUTE_MANDATORY)

Definition at line 69 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE   0x0002

Definition at line 63 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION   TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1

Definition at line 116 of file ntseapi.h.

#define TOKEN_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1   1

Definition at line 114 of file ntseapi.h.

Typedef Documentation

typedef enum _FILTER_BOOT_OPTION_OPERATION FILTER_BOOT_OPTION_OPERATION
typedef ULONG * PSE_SIGNING_LEVEL

Definition at line 452 of file ntseapi.h.

typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE * PTOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE * PTOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 * PTOKEN_SECURITY_ATTRIBUTE_V1
typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION * PTOKEN_SECURITY_ATTRIBUTES_INFORMATION
typedef ULONG SE_SIGNING_LEVEL

Definition at line 452 of file ntseapi.h.

typedef struct _TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE TOKEN_SECURITY_ATTRIBUTE_FQBN_VALUE
typedef struct _TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE TOKEN_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
typedef struct _TOKEN_SECURITY_ATTRIBUTE_V1 TOKEN_SECURITY_ATTRIBUTE_V1
typedef struct _TOKEN_SECURITY_ATTRIBUTES_INFORMATION TOKEN_SECURITY_ATTRIBUTES_INFORMATION

Enumeration Type Documentation

enum _FILTER_BOOT_OPTION_OPERATION
Enumerator:
FilterBootOptionOperationOpenSystemStore 
FilterBootOptionOperationSetElement 
FilterBootOptionOperationDeleteElement 
FilterBootOptionOperationMax 

Definition at line 628 of file ntseapi.h.

Function Documentation

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultListAndAuditAlarmByHandle ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ ACCESS_MASK  DesiredAccess,
_In_ AUDIT_EVENT_TYPE  AuditType,
_In_ ULONG  Flags,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength,*ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_Out_ _When_(PreviousState==NULL, _Out_opt_) PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI NtAdjustTokenClaimsAndDeviceGroups ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  UserResetToDefault,
_In_ BOOLEAN  DeviceResetToDefault,
_In_ BOOLEAN  DeviceGroupsResetToDefault,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  NewUserState,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  NewDeviceState,
_In_opt_ PTOKEN_GROUPS  NewDeviceGroupsState,
_In_ ULONG  UserBufferLength,
_Out_writes_bytes_to_opt_(UserBufferLength,*UserReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  PreviousUserState,
_In_ ULONG  DeviceBufferLength,
_Out_writes_bytes_to_opt_(DeviceBufferLength,*DeviceReturnLength) PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  PreviousDeviceState,
_In_ ULONG  DeviceGroupsBufferLength,
_Out_writes_bytes_to_opt_(DeviceGroupsBufferLength,*DeviceGroupsReturnBufferLength) PTOKEN_GROUPS  PreviousDeviceGroups,
_Out_opt_ PULONG  UserReturnLength,
_Out_opt_ PULONG  DeviceReturnLength,
_Out_opt_ PULONG  DeviceGroupsReturnBufferLength 
)
NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)
NTSYSCALLAPI NTSTATUS NTAPI NtCreateLowBoxToken ( _Out_ PHANDLE  TokenHandle,
_In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ PSID  PackageSid,
_In_ ULONG  CapabilityCount,
_In_reads_opt_(CapabilityCount) PSID_AND_ATTRIBUTES  Capabilities,
_In_ ULONG  HandleCount,
_In_reads_opt_(HandleCount) HANDLE *  Handles 
)
NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  User,
_In_ PTOKEN_GROUPS  Groups,
_In_ PTOKEN_PRIVILEGES  Privileges,
_In_opt_ PTOKEN_OWNER  Owner,
_In_ PTOKEN_PRIMARY_GROUP  PrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  DefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)
NTSYSCALLAPI NTSTATUS NTAPI NtCreateTokenEx ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  User,
_In_ PTOKEN_GROUPS  Groups,
_In_ PTOKEN_PRIVILEGES  Privileges,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  UserAttributes,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  DeviceAttributes,
_In_opt_ PTOKEN_GROUPS  DeviceGroups,
_In_opt_ PTOKEN_MANDATORY_POLICY  TokenMandatoryPolicy,
_In_opt_ PTOKEN_OWNER  Owner,
_In_ PTOKEN_PRIMARY_GROUP  PrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  DefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)
NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ BOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtFilterBootOption ( _In_ FILTER_BOOT_OPTION_OPERATION  FilterOperation,
_In_ ULONG  ObjectType,
_In_ ULONG  ElementType,
_In_reads_bytes_opt_(DataSize) PVOID  Data,
_In_ ULONG  DataSize 
)
NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtFilterTokenEx ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_In_ ULONG  DisableUserClaimsCount,
_In_opt_ PUNICODE_STRING  UserClaimsToDisable,
_In_ ULONG  DisableDeviceClaimsCount,
_In_opt_ PUNICODE_STRING  DeviceClaimsToDisable,
_In_opt_ PTOKEN_GROUPS  DeviceGroupsToDisable,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  RestrictedUserAttributes,
_In_opt_ PTOKEN_SECURITY_ATTRIBUTES_INFORMATION  RestrictedDeviceAttributes,
_In_opt_ PTOKEN_GROUPS  RestrictedDeviceGroups,
_Out_ PHANDLE  NewTokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtGetCachedSigningLevel ( _In_ HANDLE  File,
_Out_ PULONG  Flags,
_Out_ PSE_SIGNING_LEVEL  SigningLevel,
_Out_writes_bytes_to_opt_ *,*ThumbprintSize PUCHAR  Thumbprint,
_Inout_opt_ PULONG  ThumbprintSize,
_Out_opt_ PULONG  ThumbprintAlgorithm 
)
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenJobObjectToken ( _In_ HANDLE  JobHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_Out_ PHANDLE  TokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_Out_ PHANDLE  TokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx ( _In_ HANDLE  ThreadHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  OpenAsSelf,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)
NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_writes_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength,
_Out_ PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityAttributesToken ( _In_ HANDLE  TokenHandle,
_In_reads_opt_(NumberOfAttributes) PUNICODE_STRING  Attributes,
_In_ ULONG  NumberOfAttributes,
_Out_writes_bytes_(Length) PVOID  Buffer,
_In_ ULONG  Length,
_Out_ PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI NtSetCachedSigningLevel ( _In_ ULONG  Flags,
_In_ SE_SIGNING_LEVEL  InputSigningLevel,
_In_reads_(SourceFileCount) PHANDLE  SourceFiles,
_In_ ULONG  SourceFileCount,
_In_opt_ HANDLE  TargetFile 
)
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)