├── BOF
    └── src
    │   ├── entry.o
    │   ├── lsar.x64.o
    │   ├── COFFLoader32.exe
    │   ├── COFFLoader64.exe
    │   ├── build.bat
    │   ├── makefile
    │   ├── midl_user.c
    │   ├── ms-lsar.c
    │   ├── lsar.cna
    │   ├── entry.c
    │   ├── beacon.h
    │   ├── MS-lsat-poc.c
    │   ├── base.c
    │   ├── ms-dtyp.h
    │   └── ms-lsar.h
├── WindowsRpcHelper
    ├── WindowsRpcHelper.cpp
    ├── pch.cpp
    ├── framework.h
    ├── pch.h
    ├── rpc_helpers.h
    ├── WindowsRpcHelper.vcxproj.filters
    ├── WindowsRpcHelper.vcxproj
    └── rpc_helpers.cpp
├── MS-lsat-poc
    ├── midl_user.c
    ├── ms-lsar.c
    ├── MS-lsat-poc.vcxproj.filters
    ├── MS-lsat-poc.cpp
    ├── idl
    │   ├── ms-dtyp.idl
    │   └── ms-lsar.idl
    ├── MS-lsat-poc.vcxproj
    └── compiled_idl
    │   └── ms-dtyp.h
├── LICENSE.txt
├── README.md
├── MS-lsat-poc.sln
├── .gitattributes
└── .gitignore


/BOF/src/entry.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/trustedsec/Windows-MS-LSAT-RPC-Example/HEAD/BOF/src/entry.o


--------------------------------------------------------------------------------
/BOF/src/lsar.x64.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/trustedsec/Windows-MS-LSAT-RPC-Example/HEAD/BOF/src/lsar.x64.o


--------------------------------------------------------------------------------
/BOF/src/COFFLoader32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/trustedsec/Windows-MS-LSAT-RPC-Example/HEAD/BOF/src/COFFLoader32.exe


--------------------------------------------------------------------------------
/BOF/src/COFFLoader64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/trustedsec/Windows-MS-LSAT-RPC-Example/HEAD/BOF/src/COFFLoader64.exe


--------------------------------------------------------------------------------
/BOF/src/build.bat:
--------------------------------------------------------------------------------
1 | @REM this must be run from a configured vsdev prompt
2 | cl.exe /c /GS- /DBOF entry.c /Fo"lsar.%VSCMD_ARG_TGT_ARCH%.o"


--------------------------------------------------------------------------------
/WindowsRpcHelper/WindowsRpcHelper.cpp:
--------------------------------------------------------------------------------
1 | // WindowsRpcHelper.cpp : Defines the functions for the static library.
2 | //
3 | 
4 | #include "pch.h"
5 | #include "framework.h"
6 | 
7 | 
8 | 


--------------------------------------------------------------------------------
/WindowsRpcHelper/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 | 
3 | #include "pch.h"
4 | 
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 | 


--------------------------------------------------------------------------------
/BOF/src/makefile:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | BOFNAME := lsar
 3 | COMINCLUDE := -I ../../common
 4 | LIBINCLUDE := 
 5 | CC_x64 := x86_64-w64-mingw32-gcc
 6 | CC_x86 := i686-w64-mingw32-gcc
 7 | CC=x86_64-w64-mingw32-clang
 8 | 
 9 | all:
10 | 	$(CC_x64) -o $(BOFNAME).x64.o $(COMINCLUDE) -Os -c entry.c -DBOF 
11 | 	$(CC_x86) -o $(BOFNAME).x86.o $(COMINCLUDE) -Os -c entry.c -DBOF
12 | 
13 | clean:
14 | 	rm $(BOFNAME).*.exe


--------------------------------------------------------------------------------
/BOF/src/midl_user.c:
--------------------------------------------------------------------------------
 1 | #define WIN32_LEAN_AND_MEAN
 2 | #include <windows.h>
 3 | #include <rpc.h>
 4 | #include "bofdefs.h"
 5 | 
 6 | void __RPC_FAR* __RPC_API midl_user_allocate(size_t cBytes);
 7 | void __RPC_API midl_user_free(void __RPC_FAR* p);
 8 | 
 9 | void __RPC_FAR* __RPC_API midl_user_allocate(size_t cBytes)
10 | {
11 | 	return intAlloc(cBytes);
12 | }
13 | 
14 | void __RPC_API midl_user_free(void __RPC_FAR* p)
15 | {
16 | 	intFree(p);
17 | }
18 | 


--------------------------------------------------------------------------------
/MS-lsat-poc/midl_user.c:
--------------------------------------------------------------------------------
 1 | #define WIN32_LEAN_AND_MEAN
 2 | #include <Windows.h>
 3 | #include <rpc.h>
 4 | 
 5 | void __RPC_FAR* __RPC_API midl_user_allocate(size_t cBytes);
 6 | void __RPC_API midl_user_free(void __RPC_FAR* p);
 7 | 
 8 | void __RPC_FAR* __RPC_API midl_user_allocate(size_t cBytes)
 9 | {
10 | 	return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cBytes);
11 | }
12 | 
13 | void __RPC_API midl_user_free(void __RPC_FAR* p)
14 | {
15 | 	HeapFree(GetProcessHeap(), 0, p);
16 | }
17 | 


--------------------------------------------------------------------------------
/WindowsRpcHelper/framework.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
 4 | #define WIN32_NO_STATUS // This magic incantation lets us safely use NTSTATUS macros in userland
 5 | #include <windows.h>
 6 | #undef WIN32_NO_STATUS
 7 | #include <winternl.h>
 8 | #include <ntstatus.h>
 9 | #include <rpc.h>
10 | #include <stdio.h>
11 | 
12 | #ifdef _DEBUG
13 | #define DEBUG_PRINT(x, ...) printf(x, ##__VA_ARGS__)
14 | #else
15 | #define DEBUG_PRINT(x, ...)
16 | #endif
17 | 


--------------------------------------------------------------------------------
/WindowsRpcHelper/pch.h:
--------------------------------------------------------------------------------
 1 | // pch.h: This is a precompiled header file.
 2 | // Files listed below are compiled only once, improving build performance for future builds.
 3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
 4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
 5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
 6 | 
 7 | #ifndef PCH_H
 8 | #define PCH_H
 9 | 
10 | // add headers that you want to pre-compile here
11 | #include "framework.h"
12 | 
13 | #endif //PCH_H
14 | 


--------------------------------------------------------------------------------
/WindowsRpcHelper/rpc_helpers.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include <Windows.h>
3 | #include <rpc.h>
4 | 
5 | typedef int (*RPC_CALLBACK)(RPC_BINDING_HANDLE *hrpc, va_list args); // callback function taking a va_list such that any number of args may be passed to it
6 | void make_unicode_str(PUNICODE_STRING ustr, const wchar_t* string); // Just a basic helper function to setup wide char strings as unicode strings
7 | 
8 | //This is a helper function that will bind to a given rpc service over an smb named pipe and on success call your callback function with the connected rpc binding handle
9 | int make_rpc_request(RPC_IF_HANDLE spec, wchar_t* targetServer, RPC_WSTR pipename, BYTE authtype, const wchar_t* service, const wchar_t* username, const wchar_t* password, const wchar_t* uuid, BOOL use_rpc_auth, RPC_CALLBACK callback, ...);


--------------------------------------------------------------------------------
/MS-lsat-poc/ms-lsar.c:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | 
 3 | //code taken from reactos lsa.c
 4 | handle_t __RPC_USER PLSAPR_SERVER_NAME_bind(LPWSTR pszSystemName)
 5 | {
 6 |     handle_t hBinding = NULL;
 7 |     LPWSTR pszStringBinding;
 8 |     RPC_STATUS status;
 9 | 
10 |     status = RpcStringBindingComposeW(NULL,
11 |         L"ncacn_np",
12 |         pszSystemName,
13 |         L"\\pipe\\lsarpc",
14 |         NULL,
15 |         &pszStringBinding);
16 |     if (status)
17 |     {
18 |         return NULL;
19 |     }
20 | 
21 |     /* Set the binding handle that will be used to bind to the server. */
22 |     status = RpcBindingFromStringBindingW(pszStringBinding,
23 |         &hBinding);
24 |     status = RpcStringFreeW(&pszStringBinding);
25 |     return hBinding;
26 | }
27 | 
28 | 
29 | void __RPC_USER PLSAPR_SERVER_NAME_unbind(LPWSTR pszSystemName,
30 |     handle_t hBinding)
31 | {
32 |     RPC_STATUS status;
33 |     status = RpcBindingFree(&hBinding);
34 | }
35 | 
36 | #ifdef _WIN64
37 | #include "ms-lsar_x64.c"
38 | #else
39 | #include "ms-lsar_win32.c"
40 | #endif
41 | 


--------------------------------------------------------------------------------
/BOF/src/ms-lsar.c:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | 
 3 | //code taken from reactos lsa.c
 4 | handle_t __RPC_USER PLSAPR_SERVER_NAME_bind(LPWSTR pszSystemName)
 5 | {
 6 |     handle_t hBinding = NULL;
 7 |     LPWSTR pszStringBinding;
 8 |     RPC_STATUS status;
 9 | 
10 |     status = RPCRT4$RpcStringBindingComposeW(NULL,
11 |         L"ncacn_np",
12 |         pszSystemName,
13 |         L"\\pipe\\lsarpc",
14 |         NULL,
15 |         &pszStringBinding);
16 |     if (status)
17 |     {
18 |         return NULL;
19 |     }
20 | 
21 |     /* Set the binding handle that will be used to bind to the server. */
22 |     status = RPCRT4$RpcBindingFromStringBindingW(pszStringBinding,
23 |         &hBinding);
24 |     status = RPCRT4$RpcStringFreeW(&pszStringBinding);
25 |     return hBinding;
26 | }
27 | 
28 | 
29 | void __RPC_USER PLSAPR_SERVER_NAME_unbind(LPWSTR pszSystemName,
30 |     handle_t hBinding)
31 | {
32 |     RPC_STATUS status;
33 |     status = RPCRT4$RpcBindingFree(&hBinding);
34 | }
35 | 
36 | #ifdef _WIN64
37 | #include "ms-lsar_x64.c"
38 | #else
39 | #include "ms-lsar_win32.c"
40 | #endif
41 | 


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) [year] [fullname]
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/BOF/src/lsar.cna:
--------------------------------------------------------------------------------
 1 | sub readbof {
 2 | 	local('$barch $handle $data $msg $ttp');
 3 | 	$barch  = barch($1);
 4 | 
 5 | 	# read in the right BOF file
 6 |     println(script_resource("$2 $+ . $+ $barch $+ .o"));
 7 | 	$handle = openf(script_resource("$2 $+ . $+ $barch $+ .o"));
 8 | 	$data   = readb($handle, -1);
 9 | 	closef($handle);
10 | 	if(strlen($data) == 0)
11 | 	{
12 | 		berror($1, "could not read bof file");
13 | 	}
14 | 	
15 | 	$ttp = iff( ($4 eq $null || $4 eq ""), "", $4);
16 | 	$msg = iff( ($3 eq $null || $3 eq ""), "Running $2", $3);
17 | 	$msg = iff( ($ttp ne $null && $ttp ne ""), $msg . " (" . $ttp . ")", $msg);
18 | 	# announce what we're doing
19 | 	blog($1, $msg);
20 | 	btask($1, $msg, $ttp);
21 | 	return $data;
22 | }
23 | 
24 | alias check_service {
25 |     local('$args $target $svc');
26 | 
27 |     if(size(@_) < 3)
28 |     {
29 |         berror($1, beacon_command_detail("check_service"));
30 |         return;
31 |     }
32 |     $target = $2;
33 |     $svc = $3;
34 |     $args = bof_pack($1, "ZZ", $target, $svc);
35 |     beacon_inline_execute($1, readbof($1, "lsar"), "go", $args);
36 | 
37 | }
38 | 
39 | beacon_command_register("check_service",
40 | "check if a service exists on a target machine",
41 | "Synopis: check_service
42 | check_service <target> <svcname>");


--------------------------------------------------------------------------------
/WindowsRpcHelper/WindowsRpcHelper.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="framework.h">
19 |       <Filter>Header Files</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="pch.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="rpc_helpers.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="WindowsRpcHelper.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="pch.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |     <ClCompile Include="rpc_helpers.cpp">
36 |       <Filter>Source Files</Filter>
37 |     </ClCompile>
38 |   </ItemGroup>
39 | </Project>


--------------------------------------------------------------------------------
/MS-lsat-poc/MS-lsat-poc.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="idl">
17 |       <UniqueIdentifier>{ea381fe7-4dac-4fda-bf17-3c93dded5c41}</UniqueIdentifier>
18 |     </Filter>
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClCompile Include="MS-lsat-poc.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |     <ClCompile Include="midl_user.c">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |     <ClCompile Include="ms-lsar.c">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClInclude Include="compiled_idl\ms-dtyp.h">
33 |       <Filter>Header Files</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="compiled_idl\ms-lsar.h">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |   </ItemGroup>
39 | </Project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Windows RPC Example
 2 | 
 3 | This repository is a companion document to the blog available at [TrustedSec](https://trustedsec.com/blog/rpc-programming-for-the-aspiring-windows-developer) Its main purpose is to help show what an example of calling an RPC function from the generated code of an IDL might look like.
 4 | 
 5 | Once you open the solution you will find two projects
 6 | 
 7 | ### MS-lsat-poc
 8 | 
 9 | This project simply makes two calls to aquire a policy object handle and then attempt to translate a couple service names to sids.  Succesfull translation means the service exists on the target machine.  This can be done at a user level as of the writing of this post.
10 | 
11 | The reason this works is because since windows vista every windows service has an associated virtual account created with the same name as the service itself.  We can take advantage of this to see if a service with a known name exists.  If you want to see how true this is use `sc create` to create a service on your windows machine and then call `sc showsid` on that service to see the virtual account's sid.
12 | 
13 | ### WindowsRpcHelper
14 | 
15 | This project is a static library that goes largely unused in the MS-lsat-poc.  It provides a framework to help with prototyping more standard smb based rpc connections.  The main function from this library is `make_rpc_request`.  It takes all the arguments required to bind an rpc connection and then on success calls a callback function you specify, passing in a va_list that can be unpacked using va_arg.
16 | 
17 | ### Credits
18 | 
19 | [reactos project](https://github.com/reactos/reactos)
20 | 
21 | [mimikatz](https://github.com/gentilkiwi/mimikatz)
22 | 
23 | 
24 | This project will not be maintained beyond its intial release.  Its intended purely as a learning tool with the released blog, and as a helper for others learning RPC.  Any pull requests to this repository will be closed without review.
25 | 


--------------------------------------------------------------------------------
/MS-lsat-poc.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.4.33205.214
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MS-lsat-poc", "MS-lsat-poc\MS-lsat-poc.vcxproj", "{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WindowsRpcHelper", "WindowsRpcHelper\WindowsRpcHelper.vcxproj", "{39678A98-23B0-4EAB-BA56-F6607080509E}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Debug|x64.Build.0 = Debug|x64
20 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Debug|x64.Deploy.0 = Debug|x64
21 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Debug|x86.ActiveCfg = Debug|Win32
22 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Debug|x86.Build.0 = Debug|Win32
23 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Release|x64.ActiveCfg = Release|x64
24 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Release|x64.Build.0 = Release|x64
25 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Release|x86.ActiveCfg = Release|Win32
26 | 		{89D8E4DB-06B1-4549-99B3-E49BDD07EF57}.Release|x86.Build.0 = Release|Win32
27 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Debug|x64.ActiveCfg = Debug|x64
28 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Debug|x64.Build.0 = Debug|x64
29 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Debug|x86.Build.0 = Debug|Win32
31 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Release|x64.ActiveCfg = Release|x64
32 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Release|x64.Build.0 = Release|x64
33 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Release|x86.ActiveCfg = Release|Win32
34 | 		{39678A98-23B0-4EAB-BA56-F6607080509E}.Release|x86.Build.0 = Release|Win32
35 | 	EndGlobalSection
36 | 	GlobalSection(SolutionProperties) = preSolution
37 | 		HideSolutionNode = FALSE
38 | 	EndGlobalSection
39 | 	GlobalSection(ExtensibilityGlobals) = postSolution
40 | 		SolutionGuid = {38275861-6821-42AD-BC59-A045F19B221A}
41 | 	EndGlobalSection
42 | EndGlobal
43 | 


--------------------------------------------------------------------------------
/BOF/src/entry.c:
--------------------------------------------------------------------------------
 1 | #define WIN32_LEAN_AND_MEAN
 2 | #define WIN32_NO_STATUS // This magic incantation lets us safely use NTSTATUS macros in userland
 3 | #include <windows.h>
 4 | #undef WIN32_NO_STATUS
 5 | #include <winternl.h>
 6 | #include <ntstatus.h>
 7 | #include "beacon.h"
 8 | #include "bofdefs.h"
 9 | #include "ms-lsar.h"
10 | #include "base.c"
11 | #define printf internal_printf
12 | #include "midl_user.c"
13 | #include "ms-lsar.c"
14 | #include "MS-lsat-poc.c"
15 | 
16 | typedef struct Params {
17 | 	wchar_t servicename[280];
18 | 	wchar_t target_server[1024];
19 | } Params;
20 | 
21 | unsigned __stdcall BeginStub(void * p)
22 | {
23 | 	Params * params = (Params *)p;
24 | 	list_names(params->target_server, params->servicename);
25 | 	return 0;
26 | }
27 | 
28 | LONG PvectoredExceptionHandler(EXCEPTION_POINTERS* ExceptionInfo)
29 | {
30 |     MSVCRT$_endthreadex(ExceptionInfo->ExceptionRecord->ExceptionCode);
31 |     return EXCEPTION_CONTINUE_EXECUTION;
32 | }
33 | 
34 | VOID go( 
35 | 	IN PCHAR Buffer, 
36 | 	IN ULONG Length 
37 | ) 
38 | {
39 | 	datap parser;
40 | 	DWORD exitcode = 0;
41 | 	const wchar_t * targetpath = NULL;
42 |     const wchar_t * servicenameptr = NULL;
43 | 	HANDLE thread = NULL;
44 | 	PVOID handler = NULL;
45 | 	Params * params = NULL;
46 |     wchar_t servicename[280] = {0};
47 | 	BeaconDataParse(&parser, Buffer, Length);
48 | 	targetpath = (const wchar_t*) BeaconDataExtract(&parser, NULL);
49 |     servicenameptr = (const wchar_t*)BeaconDataExtract(&parser, NULL);
50 |     MSVCRT$wcscpy(servicename, L"NT SERVICE\\");
51 |     MSVCRT$wcsncat(servicename, servicenameptr, 255); //Yes an operator could break this, but a legit service has a max length of 255 which we will fit
52 | 	params = intAlloc(sizeof(Params));
53 | 	MSVCRT$wcscpy(params->servicename, servicename);
54 | 	MSVCRT$wcscpy(params->target_server, targetpath);
55 | 
56 | 
57 | 	if(!bofstart())
58 | 	{
59 | 		return;
60 | 	}
61 | 
62 |     handler = KERNEL32$AddVectoredExceptionHandler(0, (PVECTORED_EXCEPTION_HANDLER)PvectoredExceptionHandler);
63 |     thread = (HANDLE)MSVCRT$_beginthreadex(NULL, 0, BeginStub, params, 0, NULL);
64 |     KERNEL32$WaitForSingleObject(thread, INFINITE);
65 |     KERNEL32$GetExitCodeThread(thread, &exitcode);
66 | 	if(exitcode != 0)
67 | 	{
68 | 		BeaconPrintf(CALLBACK_ERROR, "An exception occured while running: %x\n", exitcode);
69 | 	}
70 | 	if(thread) {KERNEL32$CloseHandle(thread);}
71 |     if(handler) {KERNEL32$RemoveVectoredExceptionHandler(handler);}
72 | 	if(params) {intFree(params);}
73 | 	printoutput(TRUE);
74 | };


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/BOF/src/beacon.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Beacon Object Files (BOF)
 3 |  * -------------------------
 4 |  * A Beacon Object File is a light-weight post exploitation tool that runs
 5 |  * with Beacon's inline-execute command.
 6 |  *
 7 |  * Cobalt Strike 4.1.
 8 |  */
 9 | 
10 | /* data API */
11 | #pragma once
12 | 
13 | typedef struct {
14 | 	char * original; /* the original buffer [so we can free it] */
15 | 	char * buffer;   /* current pointer into our buffer */
16 | 	int    length;   /* remaining length of data */
17 | 	int    size;     /* total size of this buffer */
18 | } datap;
19 | 
20 | DECLSPEC_IMPORT void    BeaconDataParse(datap * parser, char * buffer, int size);
21 | DECLSPEC_IMPORT int     BeaconDataInt(datap * parser);
22 | DECLSPEC_IMPORT short   BeaconDataShort(datap * parser);
23 | DECLSPEC_IMPORT int     BeaconDataLength(datap * parser);
24 | DECLSPEC_IMPORT char *  BeaconDataExtract(datap * parser, int * size);
25 | 
26 | /* format API */
27 | typedef struct {
28 | 	char * original; /* the original buffer [so we can free it] */
29 | 	char * buffer;   /* current pointer into our buffer */
30 | 	int    length;   /* remaining length of data */
31 | 	int    size;     /* total size of this buffer */
32 | } formatp;
33 | 
34 | DECLSPEC_IMPORT void    BeaconFormatAlloc(formatp * format, int maxsz);
35 | DECLSPEC_IMPORT void    BeaconFormatReset(formatp * format);
36 | DECLSPEC_IMPORT void    BeaconFormatFree(formatp * format);
37 | DECLSPEC_IMPORT void    BeaconFormatAppend(formatp * format, char * text, int len);
38 | DECLSPEC_IMPORT void    BeaconFormatPrintf(formatp * format, char * fmt, ...);
39 | DECLSPEC_IMPORT char *  BeaconFormatToString(formatp * format, int * size);
40 | DECLSPEC_IMPORT void    BeaconFormatInt(formatp * format, int value);
41 | 
42 | /* Output Functions */
43 | #define CALLBACK_OUTPUT      0x0
44 | #define CALLBACK_OUTPUT_OEM  0x1e
45 | #define CALLBACK_ERROR       0x0d
46 | #define CALLBACK_OUTPUT_UTF8 0x20
47 | 
48 | DECLSPEC_IMPORT void   BeaconPrintf(int type, char * fmt, ...);
49 | DECLSPEC_IMPORT void   BeaconOutput(int type, char * data, int len);
50 | 
51 | /* Token Functions */
52 | DECLSPEC_IMPORT BOOL   BeaconUseToken(HANDLE token);
53 | DECLSPEC_IMPORT void   BeaconRevertToken();
54 | DECLSPEC_IMPORT BOOL   BeaconIsAdmin();
55 | 
56 | /* Spawn+Inject Functions */
57 | DECLSPEC_IMPORT void   BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
58 | DECLSPEC_IMPORT void   BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
59 | DECLSPEC_IMPORT void   BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
60 | DECLSPEC_IMPORT void   BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
61 | 
62 | /* Utility Functions */
63 | DECLSPEC_IMPORT BOOL   toWideChar(char * src, wchar_t * dst, int max);


--------------------------------------------------------------------------------
/MS-lsat-poc/MS-lsat-poc.cpp:
--------------------------------------------------------------------------------
 1 | // MS-lsat-poc.cpp : This file contains the 'main' function. Program execution begins and ends there.
 2 | //
 3 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
 4 | #define WIN32_NO_STATUS // This magic incantation lets us safely use NTSTATUS macros in userland
 5 | #include <windows.h>
 6 | #undef WIN32_NO_STATUS
 7 | #include <winternl.h>
 8 | #include <ntstatus.h>
 9 | #include <stdio.h>
10 | #include "rpc_helpers.h"
11 | #include <sddl.h>
12 | #include "ms-lsar.h"
13 | 
14 | #define POLICY_VIEW_LOCAL_INFORMATION              0x00000001L
15 | #define POLICY_VIEW_AUDIT_INFORMATION              0x00000002L
16 | #define POLICY_GET_PRIVATE_INFORMATION             0x00000004L
17 | #define POLICY_TRUST_ADMIN                         0x00000008L
18 | #define POLICY_CREATE_ACCOUNT                      0x00000010L
19 | #define POLICY_CREATE_SECRET                       0x00000020L
20 | #define POLICY_CREATE_PRIVILEGE                    0x00000040L
21 | #define POLICY_SET_DEFAULT_QUOTA_LIMITS            0x00000080L
22 | #define POLICY_SET_AUDIT_REQUIREMENTS              0x00000100L
23 | #define POLICY_AUDIT_LOG_ADMIN                     0x00000200L
24 | #define POLICY_SERVER_ADMIN                        0x00000400L
25 | #define POLICY_LOOKUP_NAMES                        0x00000800L
26 | #define POLICY_NOTIFICATION                        0x00001000L
27 | 
28 | 
29 | RPC_UNICODE_STRING strings;
30 | 
31 | void usage()
32 | {
33 |     printf("<prog.exe> <target>");
34 | }
35 | 
36 | 
37 | 
38 | int list_names(wchar_t* target)
39 | {
40 |     LSAPR_OBJECT_ATTRIBUTES lsa_obj = { 0 }; // sets root dir to null
41 |     LSAPR_HANDLE hlsa = INVALID_HANDLE_VALUE;
42 |     HRESULT hr = S_OK;
43 |     RPC_UNICODE_STRING strings[2] = { 0 };
44 |     LSAPR_REVISION_INFO rev_info = { 0 }, out_rev_info = { 0 };
45 |     rev_info.V1.Revision = 1;
46 |     rev_info.V1.SupportedFeatures = 0;
47 |     ULONG out_rev_ver = 0;
48 |     PLSAPR_REFERENCED_DOMAIN_LIST ref_dom = NULL;
49 |     LSAPR_TRANSLATED_SIDS ts = { 0 };
50 |     unsigned long count = 0;
51 | 
52 | 
53 |     make_unicode_str((PUNICODE_STRING) & (strings[0]), L"NT Service\\RasMan");
54 |     make_unicode_str((PUNICODE_STRING) & (strings[1]), L"NT Service\\ThisSHouldNotExist");
55 |     LSAPR_POLICY_PRIMARY_DOM_INFO pdi = { 0 };
56 |     RpcTryExcept
57 |     hr = LsarOpenPolicy3(target, &lsa_obj,  POLICY_LOOKUP_NAMES, 1,&rev_info, &out_rev_ver, &out_rev_info, &hlsa);
58 |     if (!NT_SUCCESS(hr))
59 |     {
60 |         printf("failed to open policy %ld\n", hr);
61 |         return FALSE;
62 |     }
63 |     hr = LsarLookupNames(hlsa, 2, strings, &ref_dom,  &ts, LsapLookupWksta, &count);
64 |     if (!NT_SUCCESS(hr))
65 |     {
66 |         printf("translation failed %ld\n", hr);
67 |         LsarClose(&hlsa);
68 |         return FALSE;
69 |     }
70 |     else
71 |     {
72 |         printf("it worked!\n");
73 |         for (int i = 0; i < ts.Entries; i++)
74 |         {
75 |             printf("%ls %s\n", strings[i].Buffer, (ts.Sids[i].DomainIndex == -1) ? "Does not exist" : "Exists");
76 |         }
77 |     }
78 |     RpcExcept(RpcExceptionFilter(RpcExceptionCode()))
79 |         printf("An exception occured while attempting to make the RPC call, recovering and bailing: %lu\n", RpcExceptionCode());
80 |     RpcEndExcept
81 |     LsarClose(&hlsa);
82 | 
83 | }
84 | 
85 | int wmain(int argc, wchar_t ** argv)
86 | {
87 |     if (argc != 2)
88 |     {
89 |         usage();
90 |         return (1);
91 |     }
92 |     //If this used a more traditional interface, here is what a setup call would have looked like
93 |     //make_rpc_request(lsarpc_v0_0_c_ifspec, argv[1], (RPC_WSTR)(L"\\pipe\\lsarpc"), 0, L"host", NULL, NULL, L"12345778-1234-ABCD-EF00-0123456789AB", TRUE, list_names, argv[2]);
94 |     //but it doesn't so we just call into it
95 |     list_names(argv[1]);
96 | 
97 | }
98 | 
99 | 


--------------------------------------------------------------------------------
/BOF/src/MS-lsat-poc.c:
--------------------------------------------------------------------------------
  1 | // MS-lsat-poc.cpp : This file contains the 'main' function. Program execution begins and ends there.
  2 | //
  3 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
  4 | #define WIN32_NO_STATUS // This magic incantation lets us safely use NTSTATUS macros in userland
  5 | #include <windows.h>
  6 | #undef WIN32_NO_STATUS
  7 | #include <winternl.h>
  8 | #include <ntstatus.h>
  9 | #include <stdio.h>
 10 | #include <sddl.h>
 11 | #include "ms-lsar.h"
 12 | 
 13 | #define POLICY_VIEW_LOCAL_INFORMATION              0x00000001L
 14 | #define POLICY_VIEW_AUDIT_INFORMATION              0x00000002L
 15 | #define POLICY_GET_PRIVATE_INFORMATION             0x00000004L
 16 | #define POLICY_TRUST_ADMIN                         0x00000008L
 17 | #define POLICY_CREATE_ACCOUNT                      0x00000010L
 18 | #define POLICY_CREATE_SECRET                       0x00000020L
 19 | #define POLICY_CREATE_PRIVILEGE                    0x00000040L
 20 | #define POLICY_SET_DEFAULT_QUOTA_LIMITS            0x00000080L
 21 | #define POLICY_SET_AUDIT_REQUIREMENTS              0x00000100L
 22 | #define POLICY_AUDIT_LOG_ADMIN                     0x00000200L
 23 | #define POLICY_SERVER_ADMIN                        0x00000400L
 24 | #define POLICY_LOOKUP_NAMES                        0x00000800L
 25 | #define POLICY_NOTIFICATION                        0x00001000L
 26 | 
 27 | #ifndef _MSC_VER
 28 | #define RpcTryExcept
 29 | 
 30 | #endif
 31 | 
 32 | RPC_UNICODE_STRING strings;
 33 | 
 34 | void usage()
 35 | {
 36 |     printf("<prog.exe> <target>");
 37 | }
 38 | DWORD intstrlen(const char* s, BOOL u)
 39 | {
 40 | 	DWORD i = 0;
 41 | 	if (u)
 42 | 	{
 43 | 		while (s[i] || s[i + 1])
 44 | 		{
 45 | 			i++;
 46 | 		}
 47 | 		return i + i % 2;
 48 | 	}
 49 | 	else
 50 | 		while (s[i])
 51 | 		{
 52 | 			i++;
 53 | 		}
 54 | 	return i;
 55 | }
 56 | 
 57 | void make_unicode_str(PUNICODE_STRING ustr, const wchar_t* string)
 58 | {
 59 | 
 60 | 	ustr->Buffer = (wchar_t*)string;
 61 | 	ustr->Length = intstrlen((const char*)string, TRUE);
 62 | 	ustr->MaximumLength = ustr->Length + 2;
 63 | 
 64 | }
 65 | 
 66 | 
 67 | void list_names(wchar_t* target, wchar_t* svcname)
 68 | {
 69 |     LSAPR_OBJECT_ATTRIBUTES lsa_obj = { 0 }; // sets root dir to null
 70 |     LSAPR_HANDLE hlsa = INVALID_HANDLE_VALUE;
 71 |     HRESULT hr = S_OK;
 72 |     RPC_UNICODE_STRING strings[1] = { 0 };
 73 |     LSAPR_REVISION_INFO rev_info = { 0 }, out_rev_info = { 0 };
 74 |     rev_info.V1.Revision = 1;
 75 |     rev_info.V1.SupportedFeatures = 0;
 76 |     ULONG out_rev_ver = 0;
 77 |     PLSAPR_REFERENCED_DOMAIN_LIST ref_dom = NULL;
 78 |     LSAPR_TRANSLATED_SIDS ts = { 0 };
 79 |     unsigned long count = 0;
 80 | 
 81 | 
 82 |     make_unicode_str((PUNICODE_STRING) & (strings[0]), svcname);
 83 |     LSAPR_POLICY_PRIMARY_DOM_INFO pdi = { 0 };
 84 |     internal_printf("targeting %ls for svc %ls\n", target, svcname);
 85 |     RpcTryExcept
 86 |     hr = LsarOpenPolicy3(target, &lsa_obj,  POLICY_LOOKUP_NAMES, 1,&rev_info, &out_rev_ver, &out_rev_info, &hlsa);
 87 |     if (!NT_SUCCESS(hr))
 88 |     {
 89 |         printf("failed to open policy %ld\n", hr);
 90 |         return;
 91 |     }
 92 |     hr = LsarLookupNames(hlsa, 1, strings, &ref_dom,  &ts, LsapLookupWksta, &count);
 93 |     if (!NT_SUCCESS(hr))
 94 |     {
 95 |         printf("translation failed %x\n", hr);
 96 |         LsarClose(&hlsa);
 97 |         return;
 98 |     }
 99 |     else
100 |     {
101 |         printf("it worked!\n");
102 |         for (int i = 0; i < ts.Entries; i++)
103 |         {
104 |             printf("%ls %s\n", strings[i].Buffer, (ts.Sids[i].DomainIndex == -1) ? "Does not exist" : "Exists");
105 |         }
106 |     }
107 |     #ifdef _MSC_VER
108 |     RpcExcept(RPCRT4$RpcExceptionFilter(RpcExceptionCode()))
109 |         printf("An exception occured while attempting to make the RPC call, recovering and bailing: %lu\n", RpcExceptionCode());
110 |     RpcEndExcept
111 |     #endif
112 |     LsarClose(&hlsa);
113 | 
114 | }
115 | 
116 | 


--------------------------------------------------------------------------------
/MS-lsat-poc/idl/ms-dtyp.idl:
--------------------------------------------------------------------------------
  1 | typedef unsigned short wchar_t;
  2 |  typedef void* ADCONNECTION_HANDLE;
  3 |  typedef int BOOL, *PBOOL, *LPBOOL;
  4 |  typedef unsigned char BYTE, *PBYTE, *LPBYTE;
  5 |  typedef BYTE BOOLEAN, *PBOOLEAN;
  6 |  typedef wchar_t WCHAR, *PWCHAR;
  7 |  typedef WCHAR* BSTR;
  8 |  typedef char CHAR, *PCHAR;
  9 |  typedef double DOUBLE;
 10 |  typedef unsigned long DWORD, *PDWORD, *LPDWORD;
 11 |  typedef unsigned int DWORD32;
 12 |  typedef unsigned __int64 DWORD64, *PDWORD64;
 13 |  typedef unsigned __int64 ULONGLONG;
 14 |  typedef ULONGLONG DWORDLONG, *PDWORDLONG;
 15 |  typedef unsigned long error_status_t;
 16 |  typedef float FLOAT;
 17 |  typedef unsigned char UCHAR, *PUCHAR;
 18 |  typedef short SHORT;
 19 |   
 20 |  typedef void* HANDLE;  
 21 |  typedef DWORD HCALL;
 22 |  typedef int INT, *LPINT;
 23 |  typedef signed char INT8;
 24 |  typedef signed short INT16;
 25 |  typedef signed int INT32;
 26 |  typedef signed __int64 INT64;
 27 |  typedef void* LDAP_UDP_HANDLE;
 28 |  typedef const wchar_t* LMCSTR; 
 29 |  typedef WCHAR* LMSTR;
 30 |  typedef long LONG, *PLONG, *LPLONG;
 31 |  typedef signed __int64 LONGLONG;
 32 |  typedef LONG HRESULT;
 33 |   
 34 |  typedef __int3264 LONG_PTR;
 35 |  typedef unsigned __int3264 ULONG_PTR;
 36 |   
 37 |  typedef signed int LONG32;
 38 |  typedef signed __int64 LONG64, *PLONG64;
 39 |  typedef const char* LPCSTR;
 40 |  typedef const void* LPCVOID;
 41 |  typedef const wchar_t* LPCWSTR;
 42 |  typedef char* PSTR, *LPSTR;
 43 |   
 44 |  typedef wchar_t* LPWSTR, *PWSTR;
 45 |  typedef DWORD NET_API_STATUS;
 46 |  typedef long NTSTATUS;
 47 |  typedef [context_handle] void* PCONTEXT_HANDLE; 
 48 |  typedef [ref] PCONTEXT_HANDLE* PPCONTEXT_HANDLE;
 49 |   
 50 |  typedef unsigned __int64 QWORD;
 51 |  typedef void* RPC_BINDING_HANDLE;
 52 |  typedef UCHAR* STRING;
 53 |   
 54 |  typedef unsigned int UINT;
 55 |  typedef unsigned char UINT8;
 56 |  typedef unsigned short UINT16;
 57 |  typedef unsigned int UINT32;
 58 |  typedef unsigned __int64 UINT64;
 59 |  typedef unsigned long ULONG, *PULONG;
 60 |   
 61 |  typedef ULONG_PTR DWORD_PTR;
 62 |  typedef ULONG_PTR SIZE_T;
 63 |  typedef unsigned int ULONG32;
 64 |  typedef unsigned __int64 ULONG64;
 65 |  typedef wchar_t UNICODE;
 66 |  typedef unsigned short USHORT;
 67 |  typedef void VOID, *PVOID, *LPVOID;
 68 |  typedef unsigned short WORD, *PWORD, *LPWORD;
 69 |   
 70 |  typedef struct _FILETIME {
 71 |    DWORD dwLowDateTime;
 72 |    DWORD dwHighDateTime;
 73 |  } FILETIME, 
 74 |   *PFILETIME, 
 75 |   *LPFILETIME;
 76 |   
 77 |  typedef struct _GUID {
 78 |    unsigned long Data1;
 79 |    unsigned short Data2;
 80 |    unsigned short Data3;
 81 |    byte Data4[8];
 82 |  } GUID, 
 83 |    UUID, 
 84 |   *PGUID;
 85 |   
 86 |  typedef struct _LARGE_INTEGER {
 87 |    signed __int64 QuadPart;
 88 |  } LARGE_INTEGER, *PLARGE_INTEGER;
 89 |   
 90 |  typedef struct _EVENT_DESCRIPTOR {
 91 |    USHORT    Id;
 92 |    UCHAR     Version;
 93 |    UCHAR     Channel;
 94 |    UCHAR     Level;
 95 |    UCHAR     Opcode;
 96 |    USHORT    Task;
 97 |    ULONGLONG Keyword;
 98 |  } EVENT_DESCRIPTOR, 
 99 |   *PEVENT_DESCRIPTOR,
100 |   *PCEVENT_DESCRIPTOR;
101 |   
102 |  typedef struct _EVENT_HEADER {
103 |    USHORT           Size;
104 |    USHORT           HeaderType;
105 |    USHORT           Flags;
106 |    USHORT           EventProperty;
107 |    ULONG            ThreadId;
108 |    ULONG            ProcessId;
109 |    LARGE_INTEGER    TimeStamp;
110 |    GUID             ProviderId;
111 |    EVENT_DESCRIPTOR EventDescriptor;
112 |    union {
113 |      struct {
114 |        ULONG KernelTime;
115 |        ULONG UserTime;
116 |      };
117 |      ULONG64 ProcessorTime;
118 |    };
119 |    GUID             ActivityId;
120 |  } EVENT_HEADER, 
121 |   *PEVENT_HEADER;
122 |   
123 |  typedef DWORD LCID;
124 |   
125 |  typedef struct _LUID {
126 |    DWORD LowPart;
127 |    LONG HighPart;
128 |  } LUID, 
129 |   *PLUID;
130 |   
131 |  typedef struct _MULTI_SZ { 
132 |    wchar_t* Value; 
133 |    DWORD nChar; 
134 |  } MULTI_SZ;
135 |   
136 |  typedef struct _RPC_UNICODE_STRING {
137 |    unsigned short Length;
138 |    unsigned short MaximumLength;
139 |    [size_is(MaximumLength/2), length_is(Length/2)] 
140 |      WCHAR* Buffer;
141 |  } RPC_UNICODE_STRING, 
142 |   *PRPC_UNICODE_STRING;
143 |   
144 |  typedef struct _SERVER_INFO_100 {
145 |    DWORD sv100_platform_id;
146 |    [string] wchar_t* sv100_name;
147 |  } SERVER_INFO_100, 
148 |   *PSERVER_INFO_100, 
149 |   *LPSERVER_INFO_100;
150 |   
151 |  typedef struct _SERVER_INFO_101 {
152 |    DWORD sv101_platform_id;
153 |    [string] wchar_t* sv101_name;
154 |    DWORD sv101_version_major;
155 |    DWORD sv101_version_minor;
156 |    DWORD sv101_version_type;
157 |    [string] wchar_t* sv101_comment;
158 |  } SERVER_INFO_101, 
159 |   *PSERVER_INFO_101, 
160 |   *LPSERVER_INFO_101;
161 |   
162 |  typedef struct _SYSTEMTIME {
163 |    WORD wYear;
164 |    WORD wMonth;
165 |    WORD wDayOfWeek;
166 |    WORD wDay;
167 |    WORD wHour;
168 |    WORD wMinute;
169 |    WORD wSecond;
170 |    WORD wMilliseconds;
171 |  } SYSTEMTIME, 
172 |   *PSYSTEMTIME;
173 |   
174 |  typedef struct _UINT128 {
175 |    UINT64 lower;
176 |    UINT64 upper;
177 |  } UINT128, 
178 |   *PUINT128;
179 |   
180 |  typedef struct _ULARGE_INTEGER {
181 |      unsigned __int64 QuadPart;
182 |  } ULARGE_INTEGER, *PULARGE_INTEGER;
183 |   
184 |  typedef struct _RPC_SID_IDENTIFIER_AUTHORITY {
185 |    byte Value[6];
186 |  } RPC_SID_IDENTIFIER_AUTHORITY;
187 |   
188 |  typedef DWORD ACCESS_MASK; 
189 |  typedef ACCESS_MASK *PACCESS_MASK;
190 |   
191 |  typedef struct _OBJECT_TYPE_LIST {
192 |    WORD Level;
193 |    ACCESS_MASK Remaining;
194 |    GUID* ObjectType;
195 |  } OBJECT_TYPE_LIST, 
196 |   *POBJECT_TYPE_LIST;
197 |   
198 |  typedef struct _ACE_HEADER {
199 |    UCHAR AceType;
200 |    UCHAR AceFlags;
201 |    USHORT AceSize;
202 |  } ACE_HEADER, 
203 |   *PACE_HEADER;
204 |   
205 |  typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
206 |    ACE_HEADER Header;
207 |    ACCESS_MASK Mask;
208 |    DWORD SidStart;
209 |  } SYSTEM_MANDATORY_LABEL_ACE, 
210 |   *PSYSTEM_MANDATORY_LABEL_ACE;
211 |   
212 |  typedef struct _TOKEN_MANDATORY_POLICY {
213 |    DWORD Policy;
214 |  } TOKEN_MANDATORY_POLICY, 
215 |   *PTOKEN_MANDATORY_POLICY;
216 |   
217 |  typedef struct _MANDATORY_INFORMATION {
218 |    ACCESS_MASK AllowedAccess;
219 |    BOOLEAN WriteAllowed;
220 |    BOOLEAN ReadAllowed;
221 |    BOOLEAN ExecuteAllowed;
222 |    TOKEN_MANDATORY_POLICY MandatoryPolicy;
223 |  } MANDATORY_INFORMATION, 
224 |   *PMANDATORY_INFORMATION;
225 |   
226 |  typedef struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE {
227 |    DWORD Length;
228 |    BYTE OctetString[];
229 |  } CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE, 
230 |   *PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE;
231 |   
232 |  typedef struct _CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 {
233 |    DWORD Name;
234 |    WORD ValueType;
235 |    WORD Reserved;
236 |    DWORD Flags;
237 |    DWORD ValueCount;
238 |    union {
239 |      PLONG64 pInt64[];
240 |      PDWORD64 pUint64[];
241 |      PWSTR ppString[];
242 |      PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE pOctetString[];
243 |    } Values;
244 |  } CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1, 
245 |   *PCLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;
246 |   
247 |   
248 |  typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
249 |   
250 |  typedef struct _RPC_SID {
251 |    unsigned char Revision;
252 |    unsigned char SubAuthorityCount;
253 |    RPC_SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
254 |    [size_is(SubAuthorityCount)] unsigned long SubAuthority[];
255 |  } RPC_SID, 
256 |   *PRPC_SID, 
257 |   *PSID;
258 |   
259 |  typedef struct _ACL {
260 |    unsigned char AclRevision;
261 |    unsigned char Sbz1;
262 |    unsigned short AclSize;
263 |    unsigned short AceCount;
264 |    unsigned short Sbz2;
265 |  } ACL,
266 |   *PACL;
267 |   
268 |  typedef struct _SECURITY_DESCRIPTOR {
269 |    UCHAR Revision; 
270 |    UCHAR Sbz1; 
271 |    USHORT Control; 
272 |    PSID Owner; 
273 |    PSID Group; 
274 |    PACL Sacl; 
275 |    PACL Dacl; 
276 |  } SECURITY_DESCRIPTOR, 
277 |   *PSECURITY_DESCRIPTOR;


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Ww][Ii][Nn]32/
 27 | [Aa][Rr][Mm]/
 28 | [Aa][Rr][Mm]64/
 29 | bld/
 30 | [Bb]in/
 31 | [Oo]bj/
 32 | [Oo]ut/
 33 | [Ll]og/
 34 | [Ll]ogs/
 35 | 
 36 | # Visual Studio 2015/2017 cache/options directory
 37 | .vs/
 38 | # Uncomment if you have tasks that create the project's static files in wwwroot
 39 | #wwwroot/
 40 | 
 41 | # Visual Studio 2017 auto generated files
 42 | Generated\ Files/
 43 | 
 44 | # MSTest test Results
 45 | [Tt]est[Rr]esult*/
 46 | [Bb]uild[Ll]og.*
 47 | 
 48 | # NUnit
 49 | *.VisualState.xml
 50 | TestResult.xml
 51 | nunit-*.xml
 52 | 
 53 | # Build Results of an ATL Project
 54 | [Dd]ebugPS/
 55 | [Rr]eleasePS/
 56 | dlldata.c
 57 | 
 58 | # Benchmark Results
 59 | BenchmarkDotNet.Artifacts/
 60 | 
 61 | # .NET Core
 62 | project.lock.json
 63 | project.fragment.lock.json
 64 | artifacts/
 65 | 
 66 | # ASP.NET Scaffolding
 67 | ScaffoldingReadMe.txt
 68 | 
 69 | # StyleCop
 70 | StyleCopReport.xml
 71 | 
 72 | # Files built by Visual Studio
 73 | *_i.c
 74 | *_p.c
 75 | *_h.h
 76 | *.ilk
 77 | *.meta
 78 | *.obj
 79 | *.iobj
 80 | *.pch
 81 | *.pdb
 82 | *.ipdb
 83 | *.pgc
 84 | *.pgd
 85 | *.rsp
 86 | *.sbr
 87 | *.tlb
 88 | *.tli
 89 | *.tlh
 90 | *.tmp
 91 | *.tmp_proj
 92 | *_wpftmp.csproj
 93 | *.log
 94 | *.vspscc
 95 | *.vssscc
 96 | .builds
 97 | *.pidb
 98 | *.svclog
 99 | *.scc
100 | 
101 | # Chutzpah Test files
102 | _Chutzpah*
103 | 
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 | 
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 | 
121 | # Visual Studio Trace Files
122 | *.e2e
123 | 
124 | # TFS 2012 Local Workspace
125 | $tf/
126 | 
127 | # Guidance Automation Toolkit
128 | *.gpState
129 | 
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 | 
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 | 
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 | 
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 | 
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 | 
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 | 
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 | 
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 | 
163 | # Web workbench (sass)
164 | .sass-cache/
165 | 
166 | # Installshield output folder
167 | [Ee]xpress/
168 | 
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 | 
179 | # Click-Once directory
180 | publish/
181 | 
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 | 
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 | 
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 | 
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 | 
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 | 
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 | 
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 | 
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 | 
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 | 
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 | 
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 | 
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 | 
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 | 
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 | 
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 | 
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 | 
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 | 
288 | # Visual Studio 6 build log
289 | *.plg
290 | 
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 | 
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 | 
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 | 
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 | 
309 | # FAKE - F# Make
310 | .fake/
311 | 
312 | # CodeRush personal settings
313 | .cr/personal
314 | 
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 | 
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 | 
323 | # Tabs Studio
324 | *.tss
325 | 
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 | 
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 | 
335 | # OpenCover UI analysis results
336 | OpenCover/
337 | 
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 | 
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 | 
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 | 
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 | 
350 | # Local History for Visual Studio
351 | .localhistory/
352 | 
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 | 
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 | 
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 | 
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd


--------------------------------------------------------------------------------
/BOF/src/base.c:
--------------------------------------------------------------------------------
  1 | #include <windows.h>
  2 | #include "bofdefs.h"
  3 | #include "beacon.h"
  4 | #ifndef bufsize
  5 | #define bufsize 8192
  6 | #endif
  7 | 
  8 | 
  9 | 
 10 | 
 11 | 
 12 | #ifdef _MSC_VER
 13 | char * output= 0;  // this is just done so its we don't go into .bss which isn't handled properly
 14 | WORD currentoutsize = 0;
 15 | HANDLE trash = NULL; // Needed for x64 to not give relocation error
 16 | #else
 17 | char * output __attribute__((section (".data"))) = 0;  // this is just done so its we don't go into .bss which isn't handled properly
 18 | WORD currentoutsize __attribute__((section (".data"))) = 0;
 19 | HANDLE trash __attribute__((section (".data"))) = NULL; // Needed for x64 to not give relocation error
 20 | #endif
 21 | 
 22 | #ifdef BOF
 23 | int bofstart();
 24 | void internal_printf(const char* format, ...);
 25 | void printoutput(BOOL done);
 26 | #endif
 27 | char * Utf16ToUtf8(const wchar_t* input);
 28 | #ifdef BOF
 29 | int bofstart()
 30 | {   
 31 |     output = (char*)MSVCRT$calloc(bufsize, 1);
 32 |     currentoutsize = 0;
 33 |     trash = NULL;
 34 |     return 1;
 35 | }
 36 | 
 37 | void internal_printf(const char* format, ...){
 38 |     int buffersize = 0;
 39 |     int transfersize = 0;
 40 |     char * curloc = NULL;
 41 |     char* intBuffer = NULL;
 42 |     va_list args;
 43 |     va_start(args, format);
 44 |     buffersize = MSVCRT$vsnprintf(NULL, 0, format, args); // +1 because vsprintf goes to buffersize-1 , and buffersize won't return with the null
 45 |     va_end(args);
 46 |     
 47 |     // vsnprintf will return -1 on encoding failure (ex. non latin characters in Wide string)
 48 |     if (buffersize == -1)
 49 |         return;
 50 |     
 51 |     char* transferBuffer = (char*)intAlloc(bufsize);
 52 |     intBuffer = (char*)intAlloc(buffersize);
 53 |     /*Print string to memory buffer*/
 54 |     va_start(args, format);
 55 |     MSVCRT$vsnprintf(intBuffer, buffersize, format, args); // tmpBuffer2 has a null terminated string
 56 |     va_end(args);
 57 |     if(buffersize + currentoutsize < bufsize) // If this print doesn't overflow our output buffer, just buffer it to the end
 58 |     {
 59 |         //BeaconFormatPrintf(&output, intBuffer);
 60 |         memcpy(output+currentoutsize, intBuffer, buffersize);
 61 |         currentoutsize += buffersize;
 62 |     }
 63 |     else // If this print does overflow our output buffer, lets print what we have and clear any thing else as it is likely this is a large print
 64 |     {
 65 |         curloc = intBuffer;
 66 |         while(buffersize > 0)
 67 |         {
 68 |             transfersize = bufsize - currentoutsize; // what is the max we could transfer this request
 69 |             if(buffersize < transfersize) //if I have less then that, lets just transfer what's left
 70 |             {
 71 |                 transfersize = buffersize;
 72 |             }
 73 |             memcpy(output+currentoutsize, curloc, transfersize); // copy data into our transfer buffer
 74 |             currentoutsize += transfersize;
 75 |             //BeaconFormatPrintf(&output, transferBuffer); // copy it to cobalt strikes output buffer
 76 |             if(currentoutsize == bufsize)
 77 |             {
 78 |             printoutput(FALSE); // sets currentoutsize to 0 and prints
 79 |             }
 80 |             memset(transferBuffer, 0, transfersize); // reset our transfer buffer
 81 |             curloc += transfersize; // increment by how much data we just wrote
 82 |             buffersize -= transfersize; // subtract how much we just wrote from how much we are writing overall
 83 |         }
 84 |     }
 85 |     intFree(intBuffer);
 86 |     intFree(transferBuffer);
 87 | }
 88 | 
 89 | void printoutput(BOOL done)
 90 | {
 91 | 
 92 |     char * msg = NULL;
 93 |     BeaconOutput(CALLBACK_OUTPUT, output, currentoutsize);
 94 |     currentoutsize = 0;
 95 |     MSVCRT$memset(output, 0, bufsize);
 96 |     if(done) {MSVCRT$free(output); output=NULL;}
 97 | }
 98 | #else
 99 | #define internal_printf printf
100 | #define printoutput 
101 | #define bofstart 
102 | #endif
103 | 
104 | // Changes to address issue #65.
105 | // We can't use more dynamic resolve functions in this file, which means a call to HeapRealloc is unacceptable.
106 | // To that end if you're going to use this function, declare how many libraries you'll be loading out of, multiple functions out of 1 library count as one
107 | // Normallize your library name to uppercase, yes I could do it, yes I'm also lazy and putting that on the developer.
108 | // Finally I'm going to assume actual string constants are passed in, which is to say don't pass in something to this you plan to free yourself
109 | // If you must then free it after bofstop is called
110 | #ifdef DYNAMIC_LIB_COUNT
111 | 
112 | 
113 | typedef struct loadedLibrary {
114 |     HMODULE hMod; // mod handle
115 |     const char * name; // name normalized to uppercase
116 | }loadedLibrary, *ploadedLibrary;
117 | loadedLibrary loadedLibraries[DYNAMIC_LIB_COUNT] __attribute__((section (".data"))) = {0};
118 | DWORD loadedLibrariesCount __attribute__((section (".data"))) = 0;
119 | 
120 | BOOL intstrcmp(LPCSTR szLibrary, LPCSTR sztarget)
121 | {
122 |     BOOL bmatch = FALSE;
123 |     DWORD pos = 0;
124 |     while(szLibrary[pos] && sztarget[pos])
125 |     {
126 |         if(szLibrary[pos] != sztarget[pos])
127 |         {
128 |             goto end;
129 |         }
130 |         pos++;
131 |     }
132 |     if(szLibrary[pos] | sztarget[pos]) // if either of these down't equal null then they can't match
133 |         {goto end;}
134 |     bmatch = TRUE;
135 | 
136 |     end:
137 |     return bmatch;
138 | }
139 | 
140 | //GetProcAddress, LoadLibraryA, GetModuleHandle, and FreeLibrary are gimmie functions
141 | //
142 | // DynamicLoad
143 | // Retrieves a function pointer given the BOF library-function name
144 | // szLibrary           - The library containing the function you want to load
145 | // szFunction          - The Function that you want to load
146 | // Returns a FARPROC function pointer if successful, or NULL if lookup fails
147 | //
148 | FARPROC DynamicLoad(const char * szLibrary, const char * szFunction)
149 | {
150 |     FARPROC fp = NULL;
151 |     HMODULE hMod = NULL;
152 |     DWORD i = 0;
153 |     DWORD liblen = 0;
154 |     for(i = 0; i < loadedLibrariesCount; i++)
155 |     {
156 |         if(intstrcmp(szLibrary, loadedLibraries[i].name))
157 |         {
158 |             hMod = loadedLibraries[i].hMod;
159 |         }
160 |     }
161 |     if(!hMod)
162 |     {
163 |         hMod = LoadLibraryA(szLibrary);
164 |         if(!hMod){ 
165 |             BeaconPrintf(CALLBACK_ERROR, "*** DynamicLoad(%s) FAILED!\nCould not find library to load.", szLibrary);
166 |             return NULL;
167 |         }
168 |         loadedLibraries[loadedLibrariesCount].hMod = hMod;
169 |         loadedLibraries[loadedLibrariesCount].name = szLibrary; //And this is why this HAS to be a constant or not freed before bofstop
170 |         loadedLibrariesCount++;
171 |     }
172 |     fp = GetProcAddress(hMod, szFunction);
173 | 
174 |     if (NULL == fp)
175 |     {
176 |         BeaconPrintf(CALLBACK_ERROR, "*** DynamicLoad(%s) FAILED!\n", szFunction);
177 |     }
178 |     return fp;
179 | }
180 | #endif
181 | 
182 | 
183 | char* Utf16ToUtf8(const wchar_t* input)
184 | {
185 |     int ret = Kernel32$WideCharToMultiByte(
186 |         CP_UTF8,
187 |         0,
188 |         input,
189 |         -1,
190 |         NULL,
191 |         0,
192 |         NULL,
193 |         NULL
194 |     );
195 | 
196 |     char* newString = (char*)intAlloc(sizeof(char) * ret);
197 | 
198 |     ret = Kernel32$WideCharToMultiByte(
199 |         CP_UTF8,
200 |         0,
201 |         input,
202 |         -1,
203 |         newString,
204 |         sizeof(char) * ret,
205 |         NULL,
206 |         NULL
207 |     );
208 | 
209 |     if (0 == ret)
210 |     {
211 |         goto fail;
212 |     }
213 | 
214 | retloc:
215 |     return newString;
216 | /*location to free everything centrally*/
217 | fail:
218 |     if (newString){
219 |         intFree(newString);
220 |         newString = NULL;
221 |     };
222 |     goto retloc;
223 | }
224 | 
225 | //release any global functions here
226 | void bofstop()
227 | {
228 | #ifdef DYNAMIC_LIB_COUNT
229 |     DWORD i;
230 |     for(i = 0; i < loadedLibrariesCount; i++)
231 |     {
232 |         FreeLibrary(loadedLibraries[i].hMod);
233 |     }
234 | #endif
235 | 	return;
236 | }


--------------------------------------------------------------------------------
/MS-lsat-poc/MS-lsat-poc.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{89d8e4db-06b1-4549-99b3-e49bdd07ef57}</ProjectGuid>
 25 |     <RootNamespace>MSlsatpoc</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |       <AdditionalIncludeDirectories>$(projectdir)compiled_idl;$(solutiondir)WindowsRpcHelper;</AdditionalIncludeDirectories>
 80 |     </ClCompile>
 81 |     <Link>
 82 |       <SubSystem>Console</SubSystem>
 83 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 84 |       <AdditionalDependencies>rpcrt4.lib;advapi32.lib;;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
 85 |     </Link>
 86 |   </ItemDefinitionGroup>
 87 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 88 |     <ClCompile>
 89 |       <WarningLevel>Level3</WarningLevel>
 90 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 91 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 92 |       <SDLCheck>true</SDLCheck>
 93 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 94 |       <ConformanceMode>true</ConformanceMode>
 95 |       <AdditionalIncludeDirectories>$(projectdir)compiled_idl;$(solutiondir)WindowsRpcHelper;</AdditionalIncludeDirectories>
 96 |     </ClCompile>
 97 |     <Link>
 98 |       <SubSystem>Console</SubSystem>
 99 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
100 |       <OptimizeReferences>true</OptimizeReferences>
101 |       <GenerateDebugInformation>true</GenerateDebugInformation>
102 |       <AdditionalDependencies>rpcrt4.lib;advapi32.lib;;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
103 |     </Link>
104 |   </ItemDefinitionGroup>
105 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
106 |     <ClCompile>
107 |       <WarningLevel>Level3</WarningLevel>
108 |       <SDLCheck>true</SDLCheck>
109 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
110 |       <ConformanceMode>true</ConformanceMode>
111 |       <AdditionalIncludeDirectories>$(projectdir)compiled_idl;$(solutiondir)WindowsRpcHelper;</AdditionalIncludeDirectories>
112 |     </ClCompile>
113 |     <Link>
114 |       <SubSystem>Console</SubSystem>
115 |       <GenerateDebugInformation>true</GenerateDebugInformation>
116 |       <AdditionalDependencies>rpcrt4.lib;advapi32.lib;;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
117 |     </Link>
118 |   </ItemDefinitionGroup>
119 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
120 |     <ClCompile>
121 |       <WarningLevel>Level3</WarningLevel>
122 |       <FunctionLevelLinking>true</FunctionLevelLinking>
123 |       <IntrinsicFunctions>true</IntrinsicFunctions>
124 |       <SDLCheck>true</SDLCheck>
125 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
126 |       <ConformanceMode>true</ConformanceMode>
127 |       <AdditionalIncludeDirectories>$(projectdir)compiled_idl;$(solutiondir)WindowsRpcHelper;</AdditionalIncludeDirectories>
128 |     </ClCompile>
129 |     <Link>
130 |       <SubSystem>Console</SubSystem>
131 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
132 |       <OptimizeReferences>true</OptimizeReferences>
133 |       <GenerateDebugInformation>true</GenerateDebugInformation>
134 |       <AdditionalDependencies>rpcrt4.lib;advapi32.lib;;$(CoreLibraryDependencies);%(AdditionalDependencies)</AdditionalDependencies>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemGroup>
138 |     <ClCompile Include="midl_user.c" />
139 |     <ClCompile Include="ms-lsar.c" />
140 |     <ClCompile Include="MS-lsat-poc.cpp" />
141 |   </ItemGroup>
142 |   <ItemGroup>
143 |     <ClInclude Include="compiled_idl\ms-dtyp.h" />
144 |     <ClInclude Include="compiled_idl\ms-lsar.h" />
145 |   </ItemGroup>
146 |   <ItemGroup>
147 |     <ProjectReference Include="..\WindowsRpcHelper\WindowsRpcHelper.vcxproj">
148 |       <Project>{39678a98-23b0-4eab-ba56-f6607080509e}</Project>
149 |     </ProjectReference>
150 |   </ItemGroup>
151 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
152 |   <ImportGroup Label="ExtensionTargets">
153 |   </ImportGroup>
154 | </Project>


--------------------------------------------------------------------------------
/WindowsRpcHelper/WindowsRpcHelper.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{39678a98-23b0-4eab-ba56-f6607080509e}</ProjectGuid>
 25 |     <RootNamespace>WindowsRpcHelper</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |       <PrecompiledHeader>Use</PrecompiledHeader>
 80 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
 81 |     </ClCompile>
 82 |     <Link>
 83 |       <SubSystem>
 84 |       </SubSystem>
 85 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 86 |     </Link>
 87 |     <Lib>
 88 |       <AdditionalDependencies>rpcrt4.lib;mpr.lib</AdditionalDependencies>
 89 |     </Lib>
 90 |   </ItemDefinitionGroup>
 91 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 92 |     <ClCompile>
 93 |       <WarningLevel>Level3</WarningLevel>
 94 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 95 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 96 |       <SDLCheck>true</SDLCheck>
 97 |       <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 98 |       <ConformanceMode>true</ConformanceMode>
 99 |       <PrecompiledHeader>Use</PrecompiledHeader>
100 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
101 |     </ClCompile>
102 |     <Link>
103 |       <SubSystem>
104 |       </SubSystem>
105 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
106 |       <OptimizeReferences>true</OptimizeReferences>
107 |       <GenerateDebugInformation>true</GenerateDebugInformation>
108 |     </Link>
109 |     <Lib>
110 |       <AdditionalDependencies>rpcrt4.lib;mpr.lib</AdditionalDependencies>
111 |     </Lib>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <SDLCheck>true</SDLCheck>
117 |       <PreprocessorDefinitions>_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <ConformanceMode>true</ConformanceMode>
119 |       <PrecompiledHeader>Use</PrecompiledHeader>
120 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>
124 |       </SubSystem>
125 |       <GenerateDebugInformation>true</GenerateDebugInformation>
126 |     </Link>
127 |     <Lib>
128 |       <AdditionalDependencies>rpcrt4.lib;mpr.lib</AdditionalDependencies>
129 |     </Lib>
130 |   </ItemDefinitionGroup>
131 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
132 |     <ClCompile>
133 |       <WarningLevel>Level3</WarningLevel>
134 |       <FunctionLevelLinking>true</FunctionLevelLinking>
135 |       <IntrinsicFunctions>true</IntrinsicFunctions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <PreprocessorDefinitions>NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
138 |       <ConformanceMode>true</ConformanceMode>
139 |       <PrecompiledHeader>Use</PrecompiledHeader>
140 |       <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
141 |     </ClCompile>
142 |     <Link>
143 |       <SubSystem>
144 |       </SubSystem>
145 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
146 |       <OptimizeReferences>true</OptimizeReferences>
147 |       <GenerateDebugInformation>true</GenerateDebugInformation>
148 |     </Link>
149 |     <Lib>
150 |       <AdditionalDependencies>rpcrt4.lib;mpr.lib</AdditionalDependencies>
151 |     </Lib>
152 |   </ItemDefinitionGroup>
153 |   <ItemGroup>
154 |     <ClInclude Include="framework.h" />
155 |     <ClInclude Include="pch.h" />
156 |     <ClInclude Include="rpc_helpers.h" />
157 |   </ItemGroup>
158 |   <ItemGroup>
159 |     <ClCompile Include="pch.cpp">
160 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
161 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
162 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
163 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
164 |     </ClCompile>
165 |     <ClCompile Include="rpc_helpers.cpp" />
166 |     <ClCompile Include="WindowsRpcHelper.cpp" />
167 |   </ItemGroup>
168 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
169 |   <ImportGroup Label="ExtensionTargets">
170 |   </ImportGroup>
171 | </Project>


--------------------------------------------------------------------------------
/BOF/src/ms-dtyp.h:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | /* this ALWAYS GENERATED file contains the definitions for the interfaces */
  4 | 
  5 | 
  6 |  /* File created by MIDL compiler version 8.01.0626 */
  7 | /* at Mon Jan 18 19:14:07 2038
  8 |  */
  9 | /* Compiler settings for ms-dtyp.idl:
 10 |     Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0626 
 11 |     protocol : dce , ms_ext, c_ext, robust
 12 |     error checks: allocation ref bounds_check enum stub_data 
 13 |     VC __declspec() decoration level: 
 14 |          __declspec(uuid()), __declspec(selectany), __declspec(novtable)
 15 |          DECLSPEC_UUID(), MIDL_INTERFACE()
 16 | */
 17 | /* @@MIDL_FILE_HEADING(  ) */
 18 | 
 19 | #pragma warning( disable: 4049 )  /* more than 64k source lines */
 20 | 
 21 | 
 22 | /* verify that the <rpcndr.h> version is high enough to compile this file*/
 23 | #ifndef __REQUIRED_RPCNDR_H_VERSION__
 24 | #define __REQUIRED_RPCNDR_H_VERSION__ 475
 25 | #endif
 26 | 
 27 | #include "rpc.h"
 28 | #include "rpcndr.h"
 29 | 
 30 | #ifndef __RPCNDR_H_VERSION__
 31 | #error this stub requires an updated version of <rpcndr.h>
 32 | #endif /* __RPCNDR_H_VERSION__ */
 33 | 
 34 | 
 35 | #ifndef __ms2Ddtyp_x64_h__
 36 | #define __ms2Ddtyp_x64_h__
 37 | 
 38 | #if defined(_MSC_VER) && (_MSC_VER >= 1020)
 39 | #pragma once
 40 | #endif
 41 | 
 42 | #ifndef DECLSPEC_XFGVIRT
 43 | #if _CONTROL_FLOW_GUARD_XFG
 44 | #define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func))
 45 | #else
 46 | #define DECLSPEC_XFGVIRT(base, func)
 47 | #endif
 48 | #endif
 49 | 
 50 | /* Forward Declarations */ 
 51 | 
 52 | #ifdef __cplusplus
 53 | extern "C"{
 54 | #endif 
 55 | 
 56 | 
 57 | /* interface __MIDL_itf_ms2Ddtyp_0000_0000 */
 58 | /* [local] */ 
 59 | 
 60 | //typedef unsigned short wchar_t;
 61 | 
 62 | typedef void *ADCONNECTION_HANDLE;
 63 | 
 64 | typedef int BOOL;
 65 | 
 66 | typedef int *PBOOL;
 67 | 
 68 | typedef int *LPBOOL;
 69 | 
 70 | typedef unsigned char BYTE;
 71 | 
 72 | typedef unsigned char *PBYTE;
 73 | 
 74 | typedef unsigned char *LPBYTE;
 75 | 
 76 | typedef BYTE BOOLEAN;
 77 | 
 78 | typedef BYTE *PBOOLEAN;
 79 | 
 80 | typedef wchar_t WCHAR;
 81 | 
 82 | typedef wchar_t *PWCHAR;
 83 | 
 84 | typedef WCHAR *BSTR;
 85 | 
 86 | typedef double DOUBLE;
 87 | 
 88 | typedef unsigned long DWORD;
 89 | 
 90 | typedef unsigned long *PDWORD;
 91 | 
 92 | typedef unsigned long *LPDWORD;
 93 | 
 94 | typedef unsigned int DWORD32;
 95 | 
 96 | typedef unsigned __int64 DWORD64;
 97 | 
 98 | typedef unsigned __int64 *PDWORD64;
 99 | 
100 | typedef unsigned __int64 ULONGLONG;
101 | 
102 | typedef ULONGLONG DWORDLONG;
103 | 
104 | typedef ULONGLONG *PDWORDLONG;
105 | 
106 | typedef unsigned long error_status_t;
107 | 
108 | typedef float FLOAT;
109 | 
110 | typedef unsigned char UCHAR;
111 | 
112 | typedef unsigned char *PUCHAR;
113 | 
114 | typedef short SHORT;
115 | 
116 | typedef void *HANDLE;
117 | 
118 | typedef DWORD HCALL;
119 | 
120 | typedef int INT;
121 | 
122 | typedef int *LPINT;
123 | 
124 | typedef signed char INT8;
125 | 
126 | typedef short INT16;
127 | 
128 | typedef int INT32;
129 | 
130 | typedef __int64 INT64;
131 | 
132 | typedef void *LDAP_UDP_HANDLE;
133 | 
134 | typedef const wchar_t *LMCSTR;
135 | 
136 | typedef WCHAR *LMSTR;
137 | 
138 | typedef long LONG;
139 | 
140 | typedef long *PLONG;
141 | 
142 | typedef long *LPLONG;
143 | 
144 | typedef __int64 LONGLONG;
145 | 
146 | typedef LONG HRESULT;
147 | 
148 | //typedef /* [custom] */ __int3264 LONG_PTR;
149 | 
150 | //typedef /* [custom] */ unsigned __int3264 ULONG_PTR;
151 | 
152 | typedef int LONG32;
153 | 
154 | typedef __int64 LONG64;
155 | 
156 | typedef __int64 *PLONG64;
157 | 
158 | typedef const void *LPCVOID;
159 | 
160 | typedef wchar_t *LPWSTR;
161 | 
162 | typedef wchar_t *PWSTR;
163 | 
164 | typedef DWORD NET_API_STATUS;
165 | 
166 | typedef long NTSTATUS;
167 | 
168 | typedef /* [context_handle] */ void *PCONTEXT_HANDLE;
169 | 
170 | typedef /* [ref] */ PCONTEXT_HANDLE *PPCONTEXT_HANDLE;
171 | 
172 | typedef unsigned __int64 QWORD;
173 | 
174 | typedef void *RPC_BINDING_HANDLE;
175 | 
176 | //typedef UCHAR *STRING;
177 | 
178 | typedef unsigned int UINT;
179 | 
180 | typedef unsigned char UINT8;
181 | 
182 | typedef unsigned short UINT16;
183 | 
184 | typedef unsigned int UINT32;
185 | 
186 | typedef unsigned __int64 UINT64;
187 | 
188 | typedef unsigned long ULONG;
189 | 
190 | typedef unsigned long *PULONG;
191 | 
192 | typedef ULONG_PTR DWORD_PTR;
193 | 
194 | typedef ULONG_PTR SIZE_T;
195 | 
196 | typedef unsigned int ULONG32;
197 | 
198 | typedef unsigned __int64 ULONG64;
199 | 
200 | typedef unsigned short USHORT;
201 | 
202 | typedef void *PVOID;
203 | 
204 | typedef void *LPVOID;
205 | 
206 | typedef unsigned short WORD;
207 | 
208 | typedef unsigned short *PWORD;
209 | 
210 | typedef unsigned short *LPWORD;
211 | 
212 | typedef struct _FILETIME *PFILETIME;
213 | 
214 | typedef struct _FILETIME *LPFILETIME;
215 | 
216 | typedef struct _GUID UUID;
217 | 
218 | typedef struct _GUID *PGUID;
219 | 
220 | typedef struct _EVENT_DESCRIPTOR
221 |     {
222 |     USHORT Id;
223 |     UCHAR Version;
224 |     UCHAR Channel;
225 |     UCHAR Level;
226 |     UCHAR Opcode;
227 |     USHORT Task;
228 |     ULONGLONG Keyword;
229 |     } 	EVENT_DESCRIPTOR;
230 | 
231 | typedef struct _EVENT_DESCRIPTOR *PEVENT_DESCRIPTOR;
232 | 
233 | typedef struct _EVENT_DESCRIPTOR *PCEVENT_DESCRIPTOR;
234 | 
235 | typedef struct _EVENT_HEADER
236 |     {
237 |     USHORT Size;
238 |     USHORT HeaderType;
239 |     USHORT Flags;
240 |     USHORT EventProperty;
241 |     ULONG ThreadId;
242 |     ULONG ProcessId;
243 |     LARGE_INTEGER TimeStamp;
244 |     GUID ProviderId;
245 |     EVENT_DESCRIPTOR EventDescriptor;
246 |     union 
247 |         {
248 |         struct 
249 |             {
250 |             ULONG KernelTime;
251 |             ULONG UserTime;
252 |             } 	;
253 |         ULONG64 ProcessorTime;
254 |         } 	;
255 |     GUID ActivityId;
256 |     } 	EVENT_HEADER;
257 | 
258 | typedef struct _EVENT_HEADER *PEVENT_HEADER;
259 | 
260 | typedef DWORD LCID;
261 | 
262 | typedef struct _LUID *PLUID;
263 | 
264 | typedef struct _MULTI_SZ
265 |     {
266 |     wchar_t *Value;
267 |     DWORD nChar;
268 |     } 	MULTI_SZ;
269 | 
270 | typedef struct _RPC_UNICODE_STRING
271 |     {
272 |     unsigned short Length;
273 |     unsigned short MaximumLength;
274 |     /* [length_is][size_is] */ WCHAR *Buffer;
275 |     } 	RPC_UNICODE_STRING;
276 | 
277 | typedef struct _RPC_UNICODE_STRING *PRPC_UNICODE_STRING;
278 | 
279 | typedef struct _SERVER_INFO_100
280 |     {
281 |     DWORD sv100_platform_id;
282 |     /* [string] */ wchar_t *sv100_name;
283 |     } 	SERVER_INFO_100;
284 | 
285 | typedef struct _SERVER_INFO_100 *PSERVER_INFO_100;
286 | 
287 | typedef struct _SERVER_INFO_100 *LPSERVER_INFO_100;
288 | 
289 | typedef struct _SERVER_INFO_101
290 |     {
291 |     DWORD sv101_platform_id;
292 |     /* [string] */ wchar_t *sv101_name;
293 |     DWORD sv101_version_major;
294 |     DWORD sv101_version_minor;
295 |     DWORD sv101_version_type;
296 |     /* [string] */ wchar_t *sv101_comment;
297 |     } 	SERVER_INFO_101;
298 | 
299 | typedef struct _SERVER_INFO_101 *PSERVER_INFO_101;
300 | 
301 | typedef struct _SERVER_INFO_101 *LPSERVER_INFO_101;
302 | 
303 | typedef struct _SYSTEMTIME *PSYSTEMTIME;
304 | 
305 | typedef struct _UINT128
306 |     {
307 |     UINT64 lower;
308 |     UINT64 upper;
309 |     } 	UINT128;
310 | 
311 | typedef struct _UINT128 *PUINT128;
312 | 
313 | typedef struct _RPC_SID_IDENTIFIER_AUTHORITY
314 |     {
315 |     byte Value[ 6 ];
316 |     } 	RPC_SID_IDENTIFIER_AUTHORITY;
317 | 
318 | typedef DWORD ACCESS_MASK;
319 | 
320 | typedef ACCESS_MASK *PACCESS_MASK;
321 | 
322 | 
323 | typedef struct _OBJECT_TYPE_LIST *POBJECT_TYPE_LIST;
324 | 
325 | typedef struct _ACE_HEADER *PACE_HEADER;
326 | 
327 | typedef struct _SYSTEM_MANDATORY_LABEL_ACE *PSYSTEM_MANDATORY_LABEL_ACE;
328 | 
329 | typedef struct _TOKEN_MANDATORY_POLICY *PTOKEN_MANDATORY_POLICY;
330 | 
331 | typedef struct _MANDATORY_INFORMATION
332 |     {
333 |     ACCESS_MASK AllowedAccess;
334 |     BOOLEAN WriteAllowed;
335 |     BOOLEAN ReadAllowed;
336 |     BOOLEAN ExecuteAllowed;
337 |     TOKEN_MANDATORY_POLICY MandatoryPolicy;
338 |     } 	MANDATORY_INFORMATION;
339 | 
340 | typedef struct _MANDATORY_INFORMATION *PMANDATORY_INFORMATION;
341 | 
342 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE
343 |     {
344 |     DWORD Length;
345 |     BYTE OctetString[ 1 ];
346 |     } 	CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE;
347 | 
348 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE *PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE;
349 | 
350 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *PCLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;
351 | 
352 | typedef DWORD SECURITY_INFORMATION;
353 | 
354 | typedef DWORD *PSECURITY_INFORMATION;
355 | 
356 | typedef struct _RPC_SID
357 |     {
358 |     unsigned char Revision;
359 |     unsigned char SubAuthorityCount;
360 |     RPC_SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
361 |     /* [size_is] */ unsigned long SubAuthority[ 1 ];
362 |     } 	RPC_SID;
363 | 
364 | typedef struct _RPC_SID *PRPC_SID;
365 | 
366 | typedef struct _ACL *PACL;
367 | 
368 | 
369 | 
370 | extern RPC_IF_HANDLE __MIDL_itf_ms2Ddtyp_0000_0000_v0_0_c_ifspec;
371 | extern RPC_IF_HANDLE __MIDL_itf_ms2Ddtyp_0000_0000_v0_0_s_ifspec;
372 | 
373 | /* Additional Prototypes for ALL interfaces */
374 | 
375 | /* end of Additional Prototypes */
376 | 
377 | #ifdef __cplusplus
378 | }
379 | #endif
380 | 
381 | #endif
382 | 
383 | 
384 | 


--------------------------------------------------------------------------------
/MS-lsat-poc/compiled_idl/ms-dtyp.h:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | /* this ALWAYS GENERATED file contains the definitions for the interfaces */
  4 | 
  5 | 
  6 |  /* File created by MIDL compiler version 8.01.0626 */
  7 | /* at Mon Jan 18 19:14:07 2038
  8 |  */
  9 | /* Compiler settings for ms-dtyp.idl:
 10 |     Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0626 
 11 |     protocol : dce , ms_ext, c_ext, robust
 12 |     error checks: allocation ref bounds_check enum stub_data 
 13 |     VC __declspec() decoration level: 
 14 |          __declspec(uuid()), __declspec(selectany), __declspec(novtable)
 15 |          DECLSPEC_UUID(), MIDL_INTERFACE()
 16 | */
 17 | /* @@MIDL_FILE_HEADING(  ) */
 18 | 
 19 | #pragma warning( disable: 4049 )  /* more than 64k source lines */
 20 | 
 21 | 
 22 | /* verify that the <rpcndr.h> version is high enough to compile this file*/
 23 | #ifndef __REQUIRED_RPCNDR_H_VERSION__
 24 | #define __REQUIRED_RPCNDR_H_VERSION__ 475
 25 | #endif
 26 | 
 27 | #include "rpc.h"
 28 | #include "rpcndr.h"
 29 | 
 30 | #ifndef __RPCNDR_H_VERSION__
 31 | #error this stub requires an updated version of <rpcndr.h>
 32 | #endif /* __RPCNDR_H_VERSION__ */
 33 | 
 34 | 
 35 | #ifndef __ms2Ddtyp_x64_h__
 36 | #define __ms2Ddtyp_x64_h__
 37 | 
 38 | #if defined(_MSC_VER) && (_MSC_VER >= 1020)
 39 | #pragma once
 40 | #endif
 41 | 
 42 | #ifndef DECLSPEC_XFGVIRT
 43 | #if _CONTROL_FLOW_GUARD_XFG
 44 | #define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func))
 45 | #else
 46 | #define DECLSPEC_XFGVIRT(base, func)
 47 | #endif
 48 | #endif
 49 | 
 50 | /* Forward Declarations */ 
 51 | 
 52 | #ifdef __cplusplus
 53 | extern "C"{
 54 | #endif 
 55 | 
 56 | 
 57 | /* interface __MIDL_itf_ms2Ddtyp_0000_0000 */
 58 | /* [local] */ 
 59 | 
 60 | //typedef unsigned short wchar_t;
 61 | 
 62 | typedef void *ADCONNECTION_HANDLE;
 63 | 
 64 | typedef int BOOL;
 65 | 
 66 | typedef int *PBOOL;
 67 | 
 68 | typedef int *LPBOOL;
 69 | 
 70 | typedef unsigned char BYTE;
 71 | 
 72 | typedef unsigned char *PBYTE;
 73 | 
 74 | typedef unsigned char *LPBYTE;
 75 | 
 76 | typedef BYTE BOOLEAN;
 77 | 
 78 | typedef BYTE *PBOOLEAN;
 79 | 
 80 | typedef wchar_t WCHAR;
 81 | 
 82 | typedef wchar_t *PWCHAR;
 83 | 
 84 | typedef WCHAR *BSTR;
 85 | 
 86 | typedef double DOUBLE;
 87 | 
 88 | typedef unsigned long DWORD;
 89 | 
 90 | typedef unsigned long *PDWORD;
 91 | 
 92 | typedef unsigned long *LPDWORD;
 93 | 
 94 | typedef unsigned int DWORD32;
 95 | 
 96 | typedef unsigned __int64 DWORD64;
 97 | 
 98 | typedef unsigned __int64 *PDWORD64;
 99 | 
100 | typedef unsigned __int64 ULONGLONG;
101 | 
102 | typedef ULONGLONG DWORDLONG;
103 | 
104 | typedef ULONGLONG *PDWORDLONG;
105 | 
106 | typedef unsigned long error_status_t;
107 | 
108 | typedef float FLOAT;
109 | 
110 | typedef unsigned char UCHAR;
111 | 
112 | typedef unsigned char *PUCHAR;
113 | 
114 | typedef short SHORT;
115 | 
116 | typedef void *HANDLE;
117 | 
118 | typedef DWORD HCALL;
119 | 
120 | typedef int INT;
121 | 
122 | typedef int *LPINT;
123 | 
124 | typedef signed char INT8;
125 | 
126 | typedef short INT16;
127 | 
128 | typedef int INT32;
129 | 
130 | typedef __int64 INT64;
131 | 
132 | typedef void *LDAP_UDP_HANDLE;
133 | 
134 | typedef const wchar_t *LMCSTR;
135 | 
136 | typedef WCHAR *LMSTR;
137 | 
138 | typedef long LONG;
139 | 
140 | typedef long *PLONG;
141 | 
142 | typedef long *LPLONG;
143 | 
144 | typedef __int64 LONGLONG;
145 | 
146 | typedef LONG HRESULT;
147 | 
148 | //typedef /* [custom] */ __int3264 LONG_PTR;
149 | 
150 | //typedef /* [custom] */ unsigned __int3264 ULONG_PTR;
151 | 
152 | typedef int LONG32;
153 | 
154 | typedef __int64 LONG64;
155 | 
156 | typedef __int64 *PLONG64;
157 | 
158 | typedef const void *LPCVOID;
159 | 
160 | typedef wchar_t *LPWSTR;
161 | 
162 | typedef wchar_t *PWSTR;
163 | 
164 | typedef DWORD NET_API_STATUS;
165 | 
166 | typedef long NTSTATUS;
167 | 
168 | typedef /* [context_handle] */ void *PCONTEXT_HANDLE;
169 | 
170 | typedef /* [ref] */ PCONTEXT_HANDLE *PPCONTEXT_HANDLE;
171 | 
172 | typedef unsigned __int64 QWORD;
173 | 
174 | typedef void *RPC_BINDING_HANDLE;
175 | 
176 | //typedef UCHAR *STRING;
177 | 
178 | typedef unsigned int UINT;
179 | 
180 | typedef unsigned char UINT8;
181 | 
182 | typedef unsigned short UINT16;
183 | 
184 | typedef unsigned int UINT32;
185 | 
186 | typedef unsigned __int64 UINT64;
187 | 
188 | typedef unsigned long ULONG;
189 | 
190 | typedef unsigned long *PULONG;
191 | 
192 | typedef ULONG_PTR DWORD_PTR;
193 | 
194 | typedef ULONG_PTR SIZE_T;
195 | 
196 | typedef unsigned int ULONG32;
197 | 
198 | typedef unsigned __int64 ULONG64;
199 | 
200 | typedef unsigned short USHORT;
201 | 
202 | typedef void *PVOID;
203 | 
204 | typedef void *LPVOID;
205 | 
206 | typedef unsigned short WORD;
207 | 
208 | typedef unsigned short *PWORD;
209 | 
210 | typedef unsigned short *LPWORD;
211 | 
212 | typedef struct _FILETIME *PFILETIME;
213 | 
214 | typedef struct _FILETIME *LPFILETIME;
215 | 
216 | typedef struct _GUID UUID;
217 | 
218 | typedef struct _GUID *PGUID;
219 | 
220 | typedef struct _EVENT_DESCRIPTOR
221 |     {
222 |     USHORT Id;
223 |     UCHAR Version;
224 |     UCHAR Channel;
225 |     UCHAR Level;
226 |     UCHAR Opcode;
227 |     USHORT Task;
228 |     ULONGLONG Keyword;
229 |     } 	EVENT_DESCRIPTOR;
230 | 
231 | typedef struct _EVENT_DESCRIPTOR *PEVENT_DESCRIPTOR;
232 | 
233 | typedef struct _EVENT_DESCRIPTOR *PCEVENT_DESCRIPTOR;
234 | 
235 | typedef struct _EVENT_HEADER
236 |     {
237 |     USHORT Size;
238 |     USHORT HeaderType;
239 |     USHORT Flags;
240 |     USHORT EventProperty;
241 |     ULONG ThreadId;
242 |     ULONG ProcessId;
243 |     LARGE_INTEGER TimeStamp;
244 |     GUID ProviderId;
245 |     EVENT_DESCRIPTOR EventDescriptor;
246 |     union 
247 |         {
248 |         struct 
249 |             {
250 |             ULONG KernelTime;
251 |             ULONG UserTime;
252 |             } 	;
253 |         ULONG64 ProcessorTime;
254 |         } 	;
255 |     GUID ActivityId;
256 |     } 	EVENT_HEADER;
257 | 
258 | typedef struct _EVENT_HEADER *PEVENT_HEADER;
259 | 
260 | typedef DWORD LCID;
261 | 
262 | typedef struct _LUID *PLUID;
263 | 
264 | typedef struct _MULTI_SZ
265 |     {
266 |     wchar_t *Value;
267 |     DWORD nChar;
268 |     } 	MULTI_SZ;
269 | 
270 | typedef struct _RPC_UNICODE_STRING
271 |     {
272 |     unsigned short Length;
273 |     unsigned short MaximumLength;
274 |     /* [length_is][size_is] */ WCHAR *Buffer;
275 |     } 	RPC_UNICODE_STRING;
276 | 
277 | typedef struct _RPC_UNICODE_STRING *PRPC_UNICODE_STRING;
278 | 
279 | typedef struct _SERVER_INFO_100
280 |     {
281 |     DWORD sv100_platform_id;
282 |     /* [string] */ wchar_t *sv100_name;
283 |     } 	SERVER_INFO_100;
284 | 
285 | typedef struct _SERVER_INFO_100 *PSERVER_INFO_100;
286 | 
287 | typedef struct _SERVER_INFO_100 *LPSERVER_INFO_100;
288 | 
289 | typedef struct _SERVER_INFO_101
290 |     {
291 |     DWORD sv101_platform_id;
292 |     /* [string] */ wchar_t *sv101_name;
293 |     DWORD sv101_version_major;
294 |     DWORD sv101_version_minor;
295 |     DWORD sv101_version_type;
296 |     /* [string] */ wchar_t *sv101_comment;
297 |     } 	SERVER_INFO_101;
298 | 
299 | typedef struct _SERVER_INFO_101 *PSERVER_INFO_101;
300 | 
301 | typedef struct _SERVER_INFO_101 *LPSERVER_INFO_101;
302 | 
303 | typedef struct _SYSTEMTIME *PSYSTEMTIME;
304 | 
305 | typedef struct _UINT128
306 |     {
307 |     UINT64 lower;
308 |     UINT64 upper;
309 |     } 	UINT128;
310 | 
311 | typedef struct _UINT128 *PUINT128;
312 | 
313 | typedef struct _RPC_SID_IDENTIFIER_AUTHORITY
314 |     {
315 |     byte Value[ 6 ];
316 |     } 	RPC_SID_IDENTIFIER_AUTHORITY;
317 | 
318 | typedef DWORD ACCESS_MASK;
319 | 
320 | typedef ACCESS_MASK *PACCESS_MASK;
321 | 
322 | 
323 | typedef struct _OBJECT_TYPE_LIST *POBJECT_TYPE_LIST;
324 | 
325 | typedef struct _ACE_HEADER *PACE_HEADER;
326 | 
327 | typedef struct _SYSTEM_MANDATORY_LABEL_ACE *PSYSTEM_MANDATORY_LABEL_ACE;
328 | 
329 | typedef struct _TOKEN_MANDATORY_POLICY *PTOKEN_MANDATORY_POLICY;
330 | 
331 | typedef struct _MANDATORY_INFORMATION
332 |     {
333 |     ACCESS_MASK AllowedAccess;
334 |     BOOLEAN WriteAllowed;
335 |     BOOLEAN ReadAllowed;
336 |     BOOLEAN ExecuteAllowed;
337 |     TOKEN_MANDATORY_POLICY MandatoryPolicy;
338 |     } 	MANDATORY_INFORMATION;
339 | 
340 | typedef struct _MANDATORY_INFORMATION *PMANDATORY_INFORMATION;
341 | 
342 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE
343 |     {
344 |     DWORD Length;
345 |     BYTE OctetString[ 1 ];
346 |     } 	CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE;
347 | 
348 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE *PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE;
349 | 
350 | typedef struct _CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *PCLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;
351 | 
352 | typedef DWORD SECURITY_INFORMATION;
353 | 
354 | typedef DWORD *PSECURITY_INFORMATION;
355 | 
356 | typedef struct _RPC_SID
357 |     {
358 |     unsigned char Revision;
359 |     unsigned char SubAuthorityCount;
360 |     RPC_SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
361 |     /* [size_is] */ unsigned long SubAuthority[ 1 ];
362 |     } 	RPC_SID;
363 | 
364 | typedef struct _RPC_SID *PRPC_SID;
365 | 
366 | typedef struct _ACL *PACL;
367 | 
368 | 
369 | 
370 | extern RPC_IF_HANDLE __MIDL_itf_ms2Ddtyp_0000_0000_v0_0_c_ifspec;
371 | extern RPC_IF_HANDLE __MIDL_itf_ms2Ddtyp_0000_0000_v0_0_s_ifspec;
372 | 
373 | /* Additional Prototypes for ALL interfaces */
374 | 
375 | /* end of Additional Prototypes */
376 | 
377 | #ifdef __cplusplus
378 | }
379 | #endif
380 | 
381 | #endif
382 | 
383 | 
384 | 


--------------------------------------------------------------------------------
/WindowsRpcHelper/rpc_helpers.cpp:
--------------------------------------------------------------------------------
  1 | #include "pch.h"
  2 | #include <rpc.h>
  3 | #include "rpc_helpers.h"
  4 | 
  5 | #define HIDWORD(i) (DWORD)(((ULONG64)i >> 32) & 0xffffffff)
  6 | #define LODWORD(i) (DWORD)((ULONG64)i & 0xffffffff)
  7 | 
  8 | BOOL alloc_string_sprintfW(PWSTR* outBuffer, PCWSTR format, ...)
  9 | {
 10 | 	BOOL status = FALSE;
 11 | 	int varBuf;
 12 | 	va_list args;
 13 | 	va_start(args, format);
 14 | 	varBuf = _vscwprintf(format, args);
 15 | 	if (varBuf > 0)
 16 | 	{
 17 | 		varBuf++;
 18 | 		if (*outBuffer = (PWSTR)LocalAlloc(LPTR, varBuf * sizeof(wchar_t)))
 19 | 		{
 20 | 			varBuf = vswprintf_s(*outBuffer, varBuf, format, args);
 21 | 			if (varBuf > 0)
 22 | 				status = TRUE;
 23 | 			else *outBuffer = (PWSTR)LocalFree(outBuffer);
 24 | 		}
 25 | 	}
 26 | 	return status;
 27 | }
 28 | 
 29 | BOOL alloc_string_sprintfA(PSTR* outBuffer, PCSTR format, ...)
 30 | {
 31 | 	BOOL status = FALSE;
 32 | 	int varBuf;
 33 | 	va_list args;
 34 | 	va_start(args, format);
 35 | 	varBuf = _vscprintf(format, args);
 36 | 	if (varBuf > 0)
 37 | 	{
 38 | 		varBuf++;
 39 | 		if (*outBuffer = (PSTR)LocalAlloc(LPTR, varBuf * sizeof(char)))
 40 | 		{
 41 | 			varBuf = vsprintf_s(*outBuffer, varBuf, format, args);
 42 | 			if (varBuf > 0)
 43 | 				status = TRUE;
 44 | 			else *outBuffer = (PSTR)LocalFree(outBuffer);
 45 | 		}
 46 | 	}
 47 | 	return status;
 48 | }
 49 | 
 50 | DWORD intstrlen(const char* s, BOOL u)
 51 | {
 52 | 	DWORD i = 0;
 53 | 	if (u)
 54 | 	{
 55 | 		while (s[i] || s[i + 1])
 56 | 		{
 57 | 			i++;
 58 | 		}
 59 | 		return i + i % 2;
 60 | 	}
 61 | 	else
 62 | 		while (s[i])
 63 | 		{
 64 | 			i++;
 65 | 		}
 66 | 	return i;
 67 | }
 68 | 
 69 | void make_unicode_str(PUNICODE_STRING ustr, const wchar_t* string)
 70 | {
 71 | 
 72 | 	ustr->Buffer = (wchar_t*)string;
 73 | 	ustr->Length = intstrlen((const char*)string, TRUE);
 74 | 	ustr->MaximumLength = ustr->Length + 2;
 75 | 
 76 | }
 77 | 
 78 | BOOL rpc_deleteBinding(RPC_BINDING_HANDLE* hBinding)
 79 | {
 80 | 	BOOL status = FALSE;
 81 | 	if (status = (RpcBindingFree(hBinding) == RPC_S_OK))
 82 | 		*hBinding = NULL;
 83 | 	return status;
 84 | }
 85 | 
 86 | BOOL rpc_createBinding(BOOL use_rpc_auth, LPCWSTR uuid, LPCWSTR ProtSeq, LPCWSTR NetworkAddr, LPCWSTR Endpoint, LPCWSTR Service, BOOL addServiceToNetworkAddr, DWORD AuthnSvc, RPC_AUTH_IDENTITY_HANDLE hAuth, DWORD ImpersonationType, RPC_BINDING_HANDLE* hBinding, void (RPC_ENTRY* RpcSecurityCallback)(void*))
 87 | {
 88 | 	BOOL status = FALSE;
 89 | 	RPC_STATUS rpcStatus;
 90 | 	RPC_WSTR StringBinding = NULL;
 91 | 	RPC_SECURITY_QOS SecurityQOS = { RPC_C_SECURITY_QOS_VERSION, RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH | (ImpersonationType == RPC_C_IMP_LEVEL_DELEGATE) ? RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE : 0, RPC_C_QOS_IDENTITY_STATIC, ImpersonationType };
 92 | 	LPWSTR fullServer = NULL;
 93 | 
 94 | 	*hBinding = NULL;
 95 | 	rpcStatus = RpcStringBindingCompose((RPC_WSTR)uuid, (RPC_WSTR)ProtSeq, (RPC_WSTR)NetworkAddr, (RPC_WSTR)Endpoint, NULL, &StringBinding);
 96 | 	if (rpcStatus == RPC_S_OK)
 97 | 	{
 98 | 		DEBUG_PRINT("string binding: %ls\n", StringBinding);
 99 | 		rpcStatus = RpcBindingFromStringBinding(StringBinding, hBinding);
100 | 		if (rpcStatus == RPC_S_OK)
101 | 		{
102 | 			if (*hBinding)
103 | 			{
104 | 				if (AuthnSvc != RPC_C_AUTHN_NONE)
105 | 				{
106 | 					if (addServiceToNetworkAddr)
107 | 					{
108 | 						if (Service && NetworkAddr)
109 | 						{
110 | 							alloc_string_sprintfW(&fullServer, L"%s/%s", Service, NetworkAddr);
111 | 							DEBUG_PRINT("Using Service spn %ls\n", (RPC_WSTR)(fullServer ? fullServer : (Service ? Service : L"svcchk")));
112 | 						}
113 | 						else DEBUG_PRINT("Cannot add Service to NetworkAddr if NULL\n");
114 | 					}
115 | 
116 | 					if ((!addServiceToNetworkAddr || fullServer) && use_rpc_auth)
117 | 					{
118 | 						DEBUG_PRINT("binding with auth\n");
119 | 						status = TRUE;
120 | 						rpcStatus = RpcBindingSetAuthInfoEx(*hBinding, (RPC_WSTR)(fullServer ? fullServer : (Service ? Service : L"svcchk")), RPC_C_AUTHN_LEVEL_PKT_PRIVACY, AuthnSvc, hAuth, RPC_C_AUTHZ_NONE, &SecurityQOS);
121 | 						if (rpcStatus == RPC_S_OK)
122 | 						{
123 | 							DEBUG_PRINT("binding with auth ok\n");
124 | 							if (RpcSecurityCallback)
125 | 							{
126 | 								rpcStatus = RpcBindingSetOption(*hBinding, RPC_C_OPT_SECURITY_CALLBACK, (ULONG_PTR)RpcSecurityCallback);
127 | 								status = (rpcStatus == RPC_S_OK);
128 | 								if (!status)
129 | 									DEBUG_PRINT("RpcBindingSetOption: 0x%08x (%u)\n", rpcStatus, rpcStatus);
130 | 							}
131 | 							else status = TRUE;
132 | 						}
133 | 						else DEBUG_PRINT("RpcBindingSetAuthInfoEx: 0x%08x (%u)\n", rpcStatus, rpcStatus);
134 | 					}
135 | 					else
136 | 					{
137 | 						status = TRUE;
138 | 						DEBUG_PRINT("binding without rpc level auth\n");
139 | 					}
140 | 				}
141 | 				else
142 | 				{
143 | 					status = TRUE;
144 | 					DEBUG_PRINT("Null rpc auth\n");
145 | 				}
146 | 
147 | 				if (!status)
148 | 				{
149 | 					rpcStatus = RpcBindingFree(hBinding);
150 | 					if (rpcStatus == RPC_S_OK)
151 | 						*hBinding = NULL;
152 | 					else DEBUG_PRINT("RpcBindingFree: 0x%08x (%u)\n", rpcStatus, rpcStatus);
153 | 				}
154 | 			}
155 | 			else DEBUG_PRINT("No Binding!\n");
156 | 		}
157 | 		else DEBUG_PRINT("RpcBindingFromStringBinding: 0x%08x (%u)\n", rpcStatus, rpcStatus);
158 | 		RpcStringFree(&StringBinding);
159 | 	}
160 | 	else DEBUG_PRINT("RpcStringBindingCompose: 0x%08x (%u)\n", rpcStatus, rpcStatus);
161 | 
162 | 	if (fullServer)
163 | 	{
164 | 		LocalFree(fullServer);
165 | 	}
166 | 
167 | 	return status;
168 | }
169 | 
170 | 
171 | 
172 | int make_rpc_request(RPC_IF_HANDLE spec, wchar_t * targetServer, RPC_WSTR pipename, BYTE authtype, const wchar_t* service, const wchar_t* username, const wchar_t* password, const wchar_t* uuid, BOOL rpc_use_auth, RPC_CALLBACK callback, ...)
173 | {
174 |     BOOL retcode = FALSE;
175 |     NTSTATUS status = 0;
176 |     HRESULT hr = 0;
177 |     handle_t hrpcHandle = NULL;
178 |     DWORD dwRet = 0, authSvc = 0;
179 |     long ret = 0;
180 |     NETRESOURCE nr = { 0, RESOURCETYPE_DISK,	0, 0, NULL, NULL, NULL, NULL };
181 | 
182 |     SEC_WINNT_AUTH_IDENTITY secIdentity = { NULL, 0, NULL, 0, NULL, 0, SEC_WINNT_AUTH_IDENTITY_UNICODE };
183 | 
184 |     switch (authtype)
185 |     {
186 |     case 0: // default
187 |         authSvc = RPC_C_AUTHN_DEFAULT;
188 |         DEBUG_PRINT("Using current user context\n");
189 |         break;
190 |     case 1: //noauth
191 |         authSvc = RPC_C_AUTHN_NONE;
192 |         DEBUG_PRINT("Using NULL / NONE auth\n");
193 |         username = password = L"";
194 |         break;
195 |     case 2: //explicit auth
196 |         authSvc = RPC_C_AUTHN_GSS_NEGOTIATE;
197 |         DEBUG_PRINT("Using explicit auth with user %S : password %S\n", username, password);
198 |         secIdentity.User = (unsigned short *)username;
199 |         secIdentity.UserLength = lstrlenW(username);
200 | 		secIdentity.Password = (unsigned short *)(password);
201 |         secIdentity.PasswordLength = lstrlenW(password);
202 |         break;
203 |     }
204 | 
205 |     if (!alloc_string_sprintfW(&nr.lpRemoteName, L"\\\\%s\\IPC$", targetServer))
206 |     {
207 |         DEBUG_PRINT("out of memory");
208 |         goto end;
209 |     }
210 |     DEBUG_PRINT("Disconnecting any exsiting IPC$ mapping\n");
211 |     dwRet = WNetCancelConnection2(nr.lpRemoteName, 0, TRUE);
212 |     if ((dwRet == NO_ERROR) || (dwRet == ERROR_NOT_CONNECTED))
213 |     {
214 |         DEBUG_PRINT("binding %S with specified cred method\n", nr.lpRemoteName);
215 |         dwRet = WNetAddConnection2(&nr, password, username, CONNECT_TEMPORARY);
216 |         if (dwRet == NO_ERROR)
217 |         {
218 |             DEBUG_PRINT("Connected\n");
219 |             if (rpc_createBinding(rpc_use_auth, uuid, L"ncacn_np", targetServer, reinterpret_cast<LPCWSTR>(pipename), service, TRUE, authSvc, secIdentity.UserLength ? &secIdentity : NULL, RPC_C_IMP_LEVEL_DELEGATE, &hrpcHandle, NULL))
220 |             {
221 |                 DEBUG_PRINT("Resolve Endpoint: \n");
222 |                 status = RpcEpResolveBinding(hrpcHandle, spec);
223 |                 if (status == RPC_S_OK)
224 |                 {
225 |                     DEBUG_PRINT("Endpoint Resolved\n");
226 |                     va_list args;
227 |                     va_start(args, callback);
228 |                     RpcTryExcept
229 |                     if (callback(&hrpcHandle, args))
230 |                     {
231 |                         retcode = TRUE;
232 |                     }
233 |                     RpcExcept(RpcExceptionFilter(RpcExceptionCode()))
234 |                         DEBUG_PRINT("An exception occured while attempting to make the RPC call, recovering and bailing: %lu\n", RpcExceptionCode());
235 |                     RpcEndExcept
236 |                 }
237 |                 else { DEBUG_PRINT("Resolve binding failed: %d\n", dwRet); }// resolveBinding
238 |                 rpc_deleteBinding(&hrpcHandle);
239 |             }
240 |             else { DEBUG_PRINT("CreatingBinding Failed: %d\n", dwRet); }//createBinding
241 |             DEBUG_PRINT("Disconnecting IPC$:\n");
242 |             dwRet = WNetCancelConnection2W(nr.lpRemoteName, 0, TRUE);
243 |             if (dwRet == NO_ERROR)
244 |             {
245 |                 DEBUG_PRINT("Disconnected\n");
246 |             }
247 |             else
248 |             {
249 |                 DEBUG_PRINT("Error disconnecting %d\n", dwRet);
250 |             }
251 |         }
252 |         else { DEBUG_PRINT("Adding connection failed: %d\n", dwRet); }// WAddConnect
253 |     }
254 |     else { DEBUG_PRINT("diconnect failed\n"); }//CancelConnect
255 | 
256 | end:
257 |     if (nr.lpRemoteName) { LocalFree(nr.lpRemoteName); }
258 |     return retcode;
259 | }


--------------------------------------------------------------------------------
/MS-lsat-poc/idl/ms-lsar.idl:
--------------------------------------------------------------------------------
   1 | /*
   2 | *
   3 | * Intellectual Property Rights Notice for Open Specifications Documentation
   4 | *
   5 | * Technical Documentation. Microsoft publishes Open Specifications documentation (�this documentation�) for protocols, file formats, 
   6 | *    data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships 
   7 | *    and interactions.
   8 | *
   9 | * Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained 
  10 | *    in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop 
  11 | *    implementations of the technologies that are described in this documentation and can distribute portions of it in your 
  12 | *    implementations that use these technologies or in your documentation as necessary to properly document the implementation. 
  13 | *    You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are 
  14 | *    included in the documentation. This permission also applies to any documents that are referenced 
  15 | *    in the Open Specifications documentation.
  16 | *
  17 | * No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
  18 | *
  19 | * Patents. Microsoft has patents that might cover your implementations of the technologies described 
  20 | *    in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses 
  21 | *    under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by 
  22 | *    the Microsoft Open Specifications Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646765) 
  23 | *    or the Microsoft Community Promise (available here: https://msdn.microsoft.com/en-US/openspecifications/dn646766). 
  24 | *    If you would prefer a written license, or if the technologies described in this documentation are not covered by 
  25 | *    the Open Specifications Promise or Community Promise, as applicable, patent licenses are available 
  26 | *    by contacting iplg@microsoft.com.
  27 | *
  28 | * License Programs. To see all of the protocols in scope under a specific license program and the associated patents, 
  29 | *    visit the Patent Map (available here: https://msdn.microsoft.com/en-us/openspecifications/dn750984).
  30 | *
  31 | * Trademarks. The names of companies and products contained in this documentation might be covered by trademarks 
  32 | *    or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list 
  33 | *    of Microsoft trademarks, visit www.microsoft.com/trademarks.
  34 | *
  35 | * Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, 
  36 | *    and events that are depicted in this documentation are fictitious. No association with any real company, organization, 
  37 | *    product, domain name, email address, logo, person, place, or event is intended or should be inferred.
  38 | *
  39 | * Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than as specifically 
  40 | *    described above, whether by implication, estoppel, or otherwise.
  41 | *
  42 | * Tools. The Open Specifications documentation does not require the use of Microsoft programming tools or programming environments 
  43 | *    in order for you to develop an implementation. If you have access to Microsoft programming tools and environments, 
  44 | *    you are free to take advantage of them. Certain Open Specifications documents are intended for use in conjunction with 
  45 | *    publicly available standards specifications and network programming art and, as such, assume that the reader 
  46 | *    either is familiar with the aforementioned material or has immediate access to it.
  47 | *
  48 | * Support. For questions and support, please contact dochelp@microsoft.com.
  49 | *
  50 | */
  51 | 
  52 | import "ms-dtyp.idl";
  53 | 
  54 | [
  55 |     uuid(12345778-1234-ABCD-EF00-0123456789AB),
  56 |     version(0.0),
  57 |     ms_union,
  58 |     pointer_default(unique)
  59 | ]
  60 | 
  61 | interface lsarpc
  62 | {
  63 | 
  64 | //
  65 | // Type definitions.
  66 | //
  67 | 
  68 | 
  69 | //
  70 | // Start of common types.
  71 | //
  72 | 
  73 | typedef [context_handle] void * LSAPR_HANDLE;
  74 | 
  75 | typedef unsigned char SECURITY_CONTEXT_TRACKING_MODE,
  76 |                       *PSECURITY_CONTEXT_TRACKING_MODE;
  77 | 
  78 | typedef unsigned short SECURITY_DESCRIPTOR_CONTROL,
  79 |                        *PSECURITY_DESCRIPTOR_CONTROL;
  80 | 
  81 | typedef struct _STRING {
  82 |     unsigned short Length;
  83 |     unsigned short MaximumLength;
  84 |     [size_is(MaximumLength), length_is(Length)]
  85 |      char * Buffer;
  86 | } STRING, *PSTRING;
  87 | 
  88 | typedef struct _LSAPR_ACL {
  89 |     unsigned char AclRevision;
  90 |     unsigned char Sbz1;
  91 |     unsigned short AclSize;
  92 |     [size_is(AclSize - 4)] unsigned char Dummy1[*];
  93 | } LSAPR_ACL, *PLSAPR_ACL;
  94 | 
  95 | typedef struct _LSAPR_SECURITY_DESCRIPTOR {
  96 |     unsigned char Revision;
  97 |     unsigned char Sbz1;
  98 |     SECURITY_DESCRIPTOR_CONTROL Control;
  99 |     PRPC_SID Owner;
 100 |     PRPC_SID Group;
 101 |     PLSAPR_ACL Sacl;
 102 |     PLSAPR_ACL Dacl;
 103 | } LSAPR_SECURITY_DESCRIPTOR, *PLSAPR_SECURITY_DESCRIPTOR;
 104 | 
 105 | typedef enum _SECURITY_IMPERSONATION_LEVEL {
 106 |     SecurityAnonymous = 0,
 107 |     SecurityIdentification = 1,
 108 |     SecurityImpersonation = 2,
 109 |     SecurityDelegation = 3
 110 | } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
 111 | 
 112 | typedef struct _SECURITY_QUALITY_OF_SERVICE {
 113 |     unsigned long Length;
 114 |     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 115 |     SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
 116 |     unsigned char EffectiveOnly;
 117 | } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;
 118 | 
 119 | typedef struct _LSAPR_OBJECT_ATTRIBUTES {
 120 |     unsigned long Length;
 121 |     unsigned char * RootDirectory;
 122 |     PSTRING ObjectName;
 123 |     unsigned long Attributes;
 124 |     PLSAPR_SECURITY_DESCRIPTOR SecurityDescriptor;
 125 |     PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
 126 | } LSAPR_OBJECT_ATTRIBUTES, *PLSAPR_OBJECT_ATTRIBUTES;
 127 | 
 128 | typedef struct _LSAPR_TRUST_INFORMATION {
 129 |     RPC_UNICODE_STRING Name;
 130 |     PRPC_SID Sid;
 131 | } LSAPR_TRUST_INFORMATION, *PLSAPR_TRUST_INFORMATION;
 132 | 
 133 | //
 134 | // End of common types.
 135 | //
 136 | 
 137 | 
 138 | typedef enum _POLICY_INFORMATION_CLASS {
 139 |     PolicyAuditLogInformation = 1,
 140 |     PolicyAuditEventsInformation,
 141 |     PolicyPrimaryDomainInformation,
 142 |     PolicyPdAccountInformation,
 143 |     PolicyAccountDomainInformation,
 144 |     PolicyLsaServerRoleInformation,
 145 |     PolicyReplicaSourceInformation,
 146 |     PolicyInformationNotUsedOnWire,
 147 |     PolicyModificationInformation,
 148 |     PolicyAuditFullSetInformation,
 149 |     PolicyAuditFullQueryInformation,
 150 |     PolicyDnsDomainInformation,
 151 |     PolicyDnsDomainInformationInt,
 152 |     PolicyLocalAccountDomainInformation,
 153 |     PolicyMachineAccountInformation,
 154 |     PolicyLastEntry
 155 | } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
 156 | 
 157 | typedef enum _POLICY_AUDIT_EVENT_TYPE {
 158 |     AuditCategorySystem = 0,
 159 |     AuditCategoryLogon,
 160 |     AuditCategoryObjectAccess,
 161 |     AuditCategoryPrivilegeUse,
 162 |     AuditCategoryDetailedTracking,
 163 |     AuditCategoryPolicyChange,
 164 |     AuditCategoryAccountManagement,
 165 |     AuditCategoryDirectoryServiceAccess,
 166 |     AuditCategoryAccountLogon 
 167 | } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
 168 | 
 169 | typedef RPC_UNICODE_STRING LSA_UNICODE_STRING,
 170 |                            *PLSA_UNICODE_STRING;
 171 | 
 172 | typedef struct _POLICY_AUDIT_LOG_INFO {
 173 |     unsigned long AuditLogPercentFull;
 174 |     unsigned long MaximumLogSize;
 175 |     LARGE_INTEGER AuditRetentionPeriod;
 176 |     unsigned char AuditLogFullShutdownInProgress;
 177 |     LARGE_INTEGER TimeToShutdown;
 178 |     unsigned long NextAuditRecordId;
 179 | } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO;
 180 | 
 181 | typedef enum _POLICY_LSA_SERVER_ROLE {
 182 |     PolicyServerRoleBackup = 2,
 183 |     PolicyServerRolePrimary
 184 | } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
 185 | 
 186 | typedef struct _POLICY_LSA_SERVER_ROLE_INFO {
 187 |     POLICY_LSA_SERVER_ROLE LsaServerRole;
 188 | } POLICY_LSA_SERVER_ROLE_INFO, *PPOLICY_LSA_SERVER_ROLE_INFO;
 189 | 
 190 | typedef struct _POLICY_MODIFICATION_INFO {
 191 |     LARGE_INTEGER ModifiedId;
 192 |     LARGE_INTEGER DatabaseCreationTime;
 193 | } POLICY_MODIFICATION_INFO, *PPOLICY_MODIFICATION_INFO;
 194 | 
 195 | typedef struct _POLICY_AUDIT_FULL_SET_INFO {
 196 |     unsigned char ShutDownOnFull;
 197 | } POLICY_AUDIT_FULL_SET_INFO, 
 198 | *PPOLICY_AUDIT_FULL_SET_INFO;
 199 | 
 200 | typedef struct _POLICY_AUDIT_FULL_QUERY_INFO {
 201 |     unsigned char ShutDownOnFull;
 202 |     unsigned char LogIsFull;
 203 | } POLICY_AUDIT_FULL_QUERY_INFO, 
 204 | *PPOLICY_AUDIT_FULL_QUERY_INFO;
 205 | 
 206 | typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
 207 |     PolicyDomainQualityOfServiceInformation = 1,
 208 |     PolicyDomainEfsInformation = 2,
 209 |     PolicyDomainKerberosTicketInformation = 3
 210 | } POLICY_DOMAIN_INFORMATION_CLASS, 
 211 | *PPOLICY_DOMAIN_INFORMATION_CLASS;
 212 | 
 213 | typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO {
 214 |     unsigned long AuthenticationOptions;
 215 |     LARGE_INTEGER MaxServiceTicketAge;
 216 |     LARGE_INTEGER MaxTicketAge;
 217 |     LARGE_INTEGER MaxRenewAge;
 218 |     LARGE_INTEGER MaxClockSkew;
 219 |     LARGE_INTEGER Reserved;
 220 | } POLICY_DOMAIN_KERBEROS_TICKET_INFO,
 221 |   *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
 222 | 
 223 | typedef struct _TRUSTED_POSIX_OFFSET_INFO {
 224 |     unsigned long Offset;
 225 | } TRUSTED_POSIX_OFFSET_INFO, 
 226 | *PTRUSTED_POSIX_OFFSET_INFO;
 227 | 
 228 | typedef enum _TRUSTED_INFORMATION_CLASS {
 229 |     TrustedDomainNameInformation = 1,
 230 |     TrustedControllersInformation,
 231 |     TrustedPosixOffsetInformation,
 232 |     TrustedPasswordInformation,
 233 |     TrustedDomainInformationBasic,
 234 |     TrustedDomainInformationEx,
 235 |     TrustedDomainAuthInformation,
 236 |     TrustedDomainFullInformation,
 237 |     TrustedDomainAuthInformationInternal,
 238 |     TrustedDomainFullInformationInternal,
 239 |     TrustedDomainInformationEx2Internal,
 240 |     TrustedDomainFullInformation2Internal,
 241 |     TrustedDomainSupportedEncryptionTypes
 242 | } TRUSTED_INFORMATION_CLASS, 
 243 | *PTRUSTED_INFORMATION_CLASS;
 244 | 
 245 | typedef enum _LSA_FOREST_TRUST_RECORD_TYPE {
 246 |     ForestTrustTopLevelName = 0,
 247 |     ForestTrustTopLevelNameEx = 1,
 248 |     ForestTrustDomainInfo = 2
 249 | } LSA_FOREST_TRUST_RECORD_TYPE;
 250 | 
 251 | typedef struct _LSA_FOREST_TRUST_BINARY_DATA {
 252 |     [range(0, 131072)] unsigned long Length;
 253 |     [size_is( Length )] unsigned char * Buffer;
 254 | } LSA_FOREST_TRUST_BINARY_DATA, 
 255 | *PLSA_FOREST_TRUST_BINARY_DATA;
 256 | 
 257 | typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO {
 258 |     PRPC_SID Sid;
 259 |     LSA_UNICODE_STRING DnsName;
 260 |     LSA_UNICODE_STRING NetbiosName;
 261 | } LSA_FOREST_TRUST_DOMAIN_INFO, 
 262 | *PLSA_FOREST_TRUST_DOMAIN_INFO;
 263 | 
 264 | typedef struct _LSA_FOREST_TRUST_RECORD {
 265 |     unsigned long Flags;
 266 |     LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType;
 267 |     LARGE_INTEGER Time;
 268 |     [switch_type( LSA_FOREST_TRUST_RECORD_TYPE ),
 269 |         switch_is( ForestTrustType )]
 270 |     union
 271 |     {
 272 |         [case( ForestTrustTopLevelName, 
 273 |              ForestTrustTopLevelNameEx )]
 274 |             LSA_UNICODE_STRING TopLevelName;
 275 |         [case( ForestTrustDomainInfo )]
 276 |             LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
 277 |         [default] LSA_FOREST_TRUST_BINARY_DATA Data;
 278 |     } ForestTrustData;
 279 | } LSA_FOREST_TRUST_RECORD, *PLSA_FOREST_TRUST_RECORD;
 280 | 
 281 | typedef struct _LSA_FOREST_TRUST_INFORMATION {
 282 |     [range(0,4000)] unsigned long RecordCount;
 283 |     [size_is( RecordCount )] PLSA_FOREST_TRUST_RECORD * Entries;
 284 | } LSA_FOREST_TRUST_INFORMATION, *PLSA_FOREST_TRUST_INFORMATION;
 285 | 
 286 | typedef enum _LSA_FOREST_TRUST_COLLISION_RECORD_TYPE {
 287 |     CollisionTdo = 0,
 288 |     CollisionXref,
 289 |     CollisionOther
 290 | } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
 291 | 
 292 | typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD {
 293 |     unsigned long Index;
 294 |     LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type;
 295 |     unsigned long Flags;
 296 |     LSA_UNICODE_STRING Name;
 297 | } LSA_FOREST_TRUST_COLLISION_RECORD,
 298 |   *PLSA_FOREST_TRUST_COLLISION_RECORD;
 299 | 
 300 | typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION {
 301 |     unsigned long RecordCount;
 302 |     [size_is( RecordCount )]
 303 |         PLSA_FOREST_TRUST_COLLISION_RECORD * Entries;
 304 | } LSA_FOREST_TRUST_COLLISION_INFORMATION,
 305 |   *PLSA_FOREST_TRUST_COLLISION_INFORMATION;
 306 | 
 307 | typedef LSAPR_HANDLE *PLSAPR_HANDLE;
 308 | 
 309 | typedef struct _LSAPR_ACCOUNT_INFORMATION {
 310 |     PRPC_SID Sid;
 311 | } LSAPR_ACCOUNT_INFORMATION, *PLSAPR_ACCOUNT_INFORMATION;
 312 | 
 313 | typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER {
 314 |     unsigned long EntriesRead;
 315 |     [size_is(EntriesRead)] PLSAPR_ACCOUNT_INFORMATION Information;
 316 | } LSAPR_ACCOUNT_ENUM_BUFFER, *PLSAPR_ACCOUNT_ENUM_BUFFER;
 317 | 
 318 | typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR {
 319 |     [range(0,262144)] unsigned long Length;
 320 |     [size_is(Length)] unsigned char * SecurityDescriptor;
 321 | } LSAPR_SR_SECURITY_DESCRIPTOR, *PLSAPR_SR_SECURITY_DESCRIPTOR;
 322 | 
 323 | typedef struct _LSAPR_LUID_AND_ATTRIBUTES {
 324 |     LUID Luid;
 325 |     unsigned long Attributes;
 326 | } LSAPR_LUID_AND_ATTRIBUTES, * PLSAPR_LUID_AND_ATTRIBUTES;
 327 | 
 328 | typedef struct _LSAPR_PRIVILEGE_SET {
 329 |     [range(0,1000)] unsigned long PrivilegeCount;
 330 |     unsigned long Control;
 331 |     [size_is(PrivilegeCount)] LSAPR_LUID_AND_ATTRIBUTES Privilege[*];
 332 | } LSAPR_PRIVILEGE_SET, *PLSAPR_PRIVILEGE_SET;
 333 | 
 334 | typedef struct _LSAPR_POLICY_PRIVILEGE_DEF {
 335 |     RPC_UNICODE_STRING Name;
 336 |     LUID LocalValue;
 337 | } LSAPR_POLICY_PRIVILEGE_DEF, *PLSAPR_POLICY_PRIVILEGE_DEF;
 338 | 
 339 | typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER {
 340 |     unsigned long Entries;
 341 |     [size_is(Entries)] PLSAPR_POLICY_PRIVILEGE_DEF Privileges;
 342 | } LSAPR_PRIVILEGE_ENUM_BUFFER, *PLSAPR_PRIVILEGE_ENUM_BUFFER;
 343 | 
 344 | typedef struct _LSAPR_CR_CIPHER_VALUE {
 345 |     [range(0, 131088)] unsigned long Length;
 346 |     [range(0, 131088)] unsigned long MaximumLength;
 347 |     [size_is(MaximumLength), length_is(Length)]
 348 |         unsigned char *Buffer;
 349 | } LSAPR_CR_CIPHER_VALUE, *PLSAPR_CR_CIPHER_VALUE;
 350 | 
 351 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER {
 352 |     unsigned long EntriesRead;
 353 |     [size_is(EntriesRead)] PLSAPR_TRUST_INFORMATION Information;
 354 | } LSAPR_TRUSTED_ENUM_BUFFER, *PLSAPR_TRUSTED_ENUM_BUFFER;
 355 | 
 356 | typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO {
 357 |     RPC_UNICODE_STRING DomainName;
 358 |     PRPC_SID DomainSid;
 359 | } LSAPR_POLICY_ACCOUNT_DOM_INFO, *PLSAPR_POLICY_ACCOUNT_DOM_INFO;
 360 | 
 361 | typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO {
 362 |     RPC_UNICODE_STRING Name;
 363 |     PRPC_SID Sid;
 364 | } LSAPR_POLICY_PRIMARY_DOM_INFO, *PLSAPR_POLICY_PRIMARY_DOM_INFO;
 365 | 
 366 | typedef struct _LSAPR_POLICY_DNS_DOMAIN_INFO {
 367 |     RPC_UNICODE_STRING Name;
 368 |     RPC_UNICODE_STRING DnsDomainName;
 369 |     RPC_UNICODE_STRING DnsForestName;
 370 |     GUID DomainGuid;
 371 |     PRPC_SID Sid;
 372 | } LSAPR_POLICY_DNS_DOMAIN_INFO, *PLSAPR_POLICY_DNS_DOMAIN_INFO;
 373 | 
 374 | typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO {
 375 |     RPC_UNICODE_STRING Name;
 376 | } LSAPR_POLICY_PD_ACCOUNT_INFO, *PLSAPR_POLICY_PD_ACCOUNT_INFO;
 377 | 
 378 | typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO {
 379 |     RPC_UNICODE_STRING ReplicaSource;
 380 |     RPC_UNICODE_STRING ReplicaAccountName;
 381 | } LSAPR_POLICY_REPLICA_SRCE_INFO, *PLSAPR_POLICY_REPLICA_SRCE_INFO;
 382 | 
 383 | typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO {
 384 |     unsigned char AuditingMode;
 385 |     [size_is(MaximumAuditEventCount)]
 386 |         unsigned long *EventAuditingOptions;
 387 |     [range(0,1000)] unsigned long MaximumAuditEventCount;
 388 | } LSAPR_POLICY_AUDIT_EVENTS_INFO, *PLSAPR_POLICY_AUDIT_EVENTS_INFO;
 389 | 
 390 | typedef struct _LSAPR_POLICY_MACHINE_ACCT_INFO {
 391 |     unsigned long Rid;
 392 |     PRPC_SID Sid;
 393 | } LSAPR_POLICY_MACHINE_ACCT_INFO, *PLSAPR_POLICY_MACHINE_ACCT_INFO;
 394 | 
 395 | typedef [switch_type(POLICY_INFORMATION_CLASS)]
 396 | union _LSAPR_POLICY_INFORMATION {
 397 |     [case(PolicyAuditLogInformation)]
 398 |         POLICY_AUDIT_LOG_INFO PolicyAuditLogInfo;
 399 |     [case(PolicyAuditEventsInformation)]
 400 |         LSAPR_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo;
 401 |     [case(PolicyPrimaryDomainInformation)]
 402 |         LSAPR_POLICY_PRIMARY_DOM_INFO PolicyPrimaryDomainInfo;
 403 |     [case(PolicyAccountDomainInformation)]
 404 |         LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo;
 405 |     [case(PolicyPdAccountInformation)]
 406 |         LSAPR_POLICY_PD_ACCOUNT_INFO PolicyPdAccountInfo;
 407 |     [case(PolicyLsaServerRoleInformation)]
 408 |         POLICY_LSA_SERVER_ROLE_INFO PolicyServerRoleInfo;
 409 |     [case(PolicyReplicaSourceInformation)]
 410 |         LSAPR_POLICY_REPLICA_SRCE_INFO PolicyReplicaSourceInfo;
 411 |     [case(PolicyModificationInformation)]
 412 |         POLICY_MODIFICATION_INFO PolicyModificationInfo;
 413 |     [case(PolicyAuditFullSetInformation)]
 414 |         POLICY_AUDIT_FULL_SET_INFO PolicyAuditFullSetInfo;
 415 |     [case(PolicyAuditFullQueryInformation)]
 416 |         POLICY_AUDIT_FULL_QUERY_INFO PolicyAuditFullQueryInfo;
 417 |     [case(PolicyDnsDomainInformation)]
 418 |         LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfo;
 419 |     [case(PolicyDnsDomainInformationInt)]
 420 |         LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfoInt;
 421 |     [case(PolicyLocalAccountDomainInformation)]
 422 |         LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyLocalAccountDomainInfo;
 423 |     [case(PolicyMachineAccountInformation)]
 424 |         LSAPR_POLICY_MACHINE_ACCT_INFO PolicyMachineAccountInfo;
 425 | } LSAPR_POLICY_INFORMATION, *PLSAPR_POLICY_INFORMATION;
 426 | 
 427 | typedef struct _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO {
 428 |     unsigned long QualityOfService;
 429 | } POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO, 
 430 | *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
 431 | 
 432 | 
 433 | typedef struct _LSAPR_POLICY_DOMAIN_EFS_INFO {
 434 |     unsigned long InfoLength;
 435 |     [size_is(InfoLength)] unsigned char * EfsBlob;
 436 | } LSAPR_POLICY_DOMAIN_EFS_INFO, *PLSAPR_POLICY_DOMAIN_EFS_INFO;
 437 | 
 438 | typedef [switch_type(POLICY_DOMAIN_INFORMATION_CLASS)]
 439 | union _LSAPR_POLICY_DOMAIN_INFORMATION {
 440 |     [case(PolicyDomainQualityOfServiceInformation)]
 441 |         POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
 442 |             PolicyDomainQualityOfServiceInfo;
 443 |     [case(PolicyDomainEfsInformation)]
 444 |         LSAPR_POLICY_DOMAIN_EFS_INFO PolicyDomainEfsInfo;
 445 |     [case(PolicyDomainKerberosTicketInformation)]
 446 |         POLICY_DOMAIN_KERBEROS_TICKET_INFO
 447 |             PolicyDomainKerbTicketInfo;
 448 | } LSAPR_POLICY_DOMAIN_INFORMATION, *PLSAPR_POLICY_DOMAIN_INFORMATION;
 449 | 
 450 | typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO {
 451 |     RPC_UNICODE_STRING Name;
 452 | } LSAPR_TRUSTED_DOMAIN_NAME_INFO, *PLSAPR_TRUSTED_DOMAIN_NAME_INFO;
 453 | 
 454 | typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO {
 455 |     [range(0,5)] unsigned long Entries;
 456 |     [size_is(Entries)] PRPC_UNICODE_STRING Names;
 457 | } LSAPR_TRUSTED_CONTROLLERS_INFO, *PLSAPR_TRUSTED_CONTROLLERS_INFO;
 458 | 
 459 | typedef struct _LSAPR_TRUSTED_PASSWORD_INFO {
 460 |     PLSAPR_CR_CIPHER_VALUE Password;
 461 |     PLSAPR_CR_CIPHER_VALUE OldPassword;
 462 | } LSAPR_TRUSTED_PASSWORD_INFO, *PLSAPR_TRUSTED_PASSWORD_INFO;
 463 | 
 464 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX {
 465 |     RPC_UNICODE_STRING Name;
 466 |     RPC_UNICODE_STRING FlatName;
 467 |     PRPC_SID Sid;
 468 |     unsigned long TrustDirection;
 469 |     unsigned long TrustType;
 470 |     unsigned long TrustAttributes;
 471 | } LSAPR_TRUSTED_DOMAIN_INFORMATION_EX,
 472 |   *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX;
 473 | 
 474 | typedef struct _LSAPR_AUTH_INFORMATION {
 475 |     LARGE_INTEGER LastUpdateTime;
 476 |     unsigned long AuthType;
 477 |     [range(0,65536)] unsigned long AuthInfoLength;
 478 |     [size_is(AuthInfoLength)] unsigned char * AuthInfo;
 479 | } LSAPR_AUTH_INFORMATION, *PLSAPR_AUTH_INFORMATION;
 480 | 
 481 |  #define MAX_AUTHBLOB_SIZE ( 64 * 1024 )
 482 |   
 483 |  typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES {
 484 |      UCHAR AuthData[64];
 485 |      UCHAR Salt[16];
 486 |      [range(0, MAX_AUTHBLOB_SIZE)] ULONG cbCipher;
 487 |      [size_is(cbCipher)] PUCHAR Cipher;
 488 |  } LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES,  *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES;
 489 | 
 490 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION {
 491 |     [range(0,1)] unsigned long IncomingAuthInfos;
 492 |     PLSAPR_AUTH_INFORMATION IncomingAuthenticationInformation;
 493 |     PLSAPR_AUTH_INFORMATION
 494 |         IncomingPreviousAuthenticationInformation;
 495 |     [range(0,1)] unsigned long OutgoingAuthInfos;
 496 |     PLSAPR_AUTH_INFORMATION OutgoingAuthenticationInformation;
 497 |     PLSAPR_AUTH_INFORMATION
 498 |         OutgoingPreviousAuthenticationInformation;
 499 | } LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION,
 500 |   *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION;
 501 | 
 502 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION {
 503 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
 504 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 505 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
 506 | } LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION,
 507 |   *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION;
 508 | 
 509 | typedef LSAPR_TRUST_INFORMATION
 510 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC;
 511 | 
 512 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB {
 513 |     [range(0, 65536)] unsigned long AuthSize;
 514 |     [size_is( AuthSize )] unsigned char * AuthBlob;
 515 | } LSAPR_TRUSTED_DOMAIN_AUTH_BLOB, *PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB;
 516 | 
 517 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL {
 518 |     LSAPR_TRUSTED_DOMAIN_AUTH_BLOB AuthBlob;
 519 | } LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL,
 520 |   *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL;
 521 | 
 522 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL {
 523 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
 524 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 525 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthInformation;
 526 | } LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL,
 527 |   *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL;
 528 | 
 529 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 {
 530 |     RPC_UNICODE_STRING Name;
 531 |     RPC_UNICODE_STRING FlatName;
 532 |     PRPC_SID Sid;
 533 |     unsigned long TrustDirection;
 534 |     unsigned long TrustType;
 535 |     unsigned long TrustAttributes;
 536 |     unsigned long ForestTrustLength;
 537 |     [size_is(ForestTrustLength)] unsigned char * ForestTrustInfo;
 538 | } LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2,
 539 |   *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX2;
 540 | 
 541 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 {
 542 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 Information;
 543 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 544 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
 545 | } LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2,
 546 |   *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2;
 547 | 
 548 | typedef struct _TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES {
 549 |    unsigned long SupportedEncryptionTypes;
 550 | } TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES,
 551 |   *PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
 552 | 
 553 | typedef [switch_type(TRUSTED_INFORMATION_CLASS)]
 554 | union _LSAPR_TRUSTED_DOMAIN_INFO {
 555 |     [case(TrustedDomainNameInformation)]
 556 |         LSAPR_TRUSTED_DOMAIN_NAME_INFO TrustedDomainNameInfo;
 557 |     [case(TrustedControllersInformation)]
 558 |         LSAPR_TRUSTED_CONTROLLERS_INFO TrustedControllersInfo;
 559 |     [case(TrustedPosixOffsetInformation)]
 560 |         TRUSTED_POSIX_OFFSET_INFO TrustedPosixOffsetInfo;
 561 |     [case(TrustedPasswordInformation)]
 562 |         LSAPR_TRUSTED_PASSWORD_INFO TrustedPasswordInfo;
 563 |     [case(TrustedDomainInformationBasic)]
 564 |         LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC TrustedDomainInfoBasic;
 565 |     [case(TrustedDomainInformationEx)]
 566 |         LSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInfoEx;
 567 |     [case(TrustedDomainAuthInformation)]
 568 |         LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION TrustedAuthInfo;
 569 |     [case(TrustedDomainFullInformation)]
 570 |         LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION TrustedFullInfo;
 571 |     [case(TrustedDomainAuthInformationInternal)]
 572 |         LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
 573 |             TrustedAuthInfoInternal;
 574 |     [case(TrustedDomainFullInformationInternal)]
 575 |         LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL
 576 |             TrustedFullInfoInternal;
 577 |     [case(TrustedDomainInformationEx2Internal)]
 578 |         LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 TrustedDomainInfoEx2;
 579 |     [case(TrustedDomainFullInformation2Internal)]
 580 |         LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 TrustedFullInfo2;
 581 |     [case(TrustedDomainSupportedEncryptionTypes)]
 582 |         TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES TrustedDomainSETs;
 583 | } LSAPR_TRUSTED_DOMAIN_INFO, *PLSAPR_TRUSTED_DOMAIN_INFO;
 584 | 
 585 | typedef struct _LSAPR_USER_RIGHT_SET {
 586 |     [range(0,256)] unsigned long Entries;
 587 |     [size_is(Entries)] PRPC_UNICODE_STRING UserRights;
 588 | } LSAPR_USER_RIGHT_SET, *PLSAPR_USER_RIGHT_SET;
 589 | 
 590 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER_EX {
 591 |     unsigned long EntriesRead;
 592 |     [size_is(EntriesRead)]
 593 |         PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX EnumerationBuffer;
 594 | } LSAPR_TRUSTED_ENUM_BUFFER_EX, *PLSAPR_TRUSTED_ENUM_BUFFER_EX;
 595 | 
 596 | typedef struct _LSAPR_REFERENCED_DOMAIN_LIST {
 597 |     unsigned long Entries;
 598 |     [size_is(Entries)] PLSAPR_TRUST_INFORMATION Domains;
 599 |     unsigned long MaxEntries;
 600 | } LSAPR_REFERENCED_DOMAIN_LIST, *PLSAPR_REFERENCED_DOMAIN_LIST;
 601 | 
 602 | typedef enum _SID_NAME_USE {
 603 |     SidTypeUser = 1,
 604 |     SidTypeGroup,
 605 |     SidTypeDomain,
 606 |     SidTypeAlias,
 607 |     SidTypeWellKnownGroup,
 608 |     SidTypeDeletedAccount,
 609 |     SidTypeInvalid,
 610 |     SidTypeUnknown,
 611 |     SidTypeComputer,
 612 |     SidTypeLabel
 613 | } SID_NAME_USE, *PSID_NAME_USE;
 614 | 
 615 | typedef struct _LSA_TRANSLATED_SID {
 616 |     SID_NAME_USE Use;
 617 |     unsigned long RelativeId;
 618 |     long DomainIndex;
 619 | } LSA_TRANSLATED_SID, *PLSA_TRANSLATED_SID;
 620 | 
 621 | typedef struct _LSAPR_TRANSLATED_SIDS {
 622 |     [range(0,1000)] unsigned long Entries;
 623 |     [size_is(Entries)] PLSA_TRANSLATED_SID Sids;
 624 | } LSAPR_TRANSLATED_SIDS, *PLSAPR_TRANSLATED_SIDS;
 625 | 
 626 | typedef enum _LSAP_LOOKUP_LEVEL {
 627 |     LsapLookupWksta = 1,
 628 |     LsapLookupPDC,
 629 |     LsapLookupTDL,
 630 |     LsapLookupGC,
 631 |     LsapLookupXForestReferral,
 632 |     LsapLookupXForestResolve,
 633 |     LsapLookupRODCReferralToFullDC
 634 | } LSAP_LOOKUP_LEVEL, *PLSAP_LOOKUP_LEVEL;
 635 | 
 636 | typedef struct _LSAPR_SID_INFORMATION {
 637 |     PRPC_SID Sid;
 638 | } LSAPR_SID_INFORMATION, *PLSAPR_SID_INFORMATION;
 639 | 
 640 | typedef struct _LSAPR_SID_ENUM_BUFFER {
 641 |     [range(0, 20480)] unsigned long Entries;
 642 |     [size_is(Entries)] PLSAPR_SID_INFORMATION SidInfo;
 643 | } LSAPR_SID_ENUM_BUFFER, *PLSAPR_SID_ENUM_BUFFER;
 644 | 
 645 | typedef struct _LSAPR_TRANSLATED_NAME {
 646 |     SID_NAME_USE Use;
 647 |     RPC_UNICODE_STRING Name;
 648 |     long DomainIndex;
 649 | } LSAPR_TRANSLATED_NAME, *PLSAPR_TRANSLATED_NAME;
 650 | 
 651 | typedef struct _LSAPR_TRANSLATED_NAMES {
 652 |     [range(0, 20480)] unsigned long Entries;
 653 |     [size_is(Entries)] PLSAPR_TRANSLATED_NAME Names;
 654 | } LSAPR_TRANSLATED_NAMES, *PLSAPR_TRANSLATED_NAMES;
 655 | 
 656 | typedef struct _LSAPR_TRANSLATED_NAME_EX {
 657 |     SID_NAME_USE Use;
 658 |     RPC_UNICODE_STRING Name;
 659 |     long DomainIndex;
 660 |     unsigned long Flags;
 661 | } LSAPR_TRANSLATED_NAME_EX, *PLSAPR_TRANSLATED_NAME_EX;
 662 | 
 663 | typedef struct _LSAPR_TRANSLATED_NAMES_EX {
 664 |     [range(0, 20480)] unsigned long Entries;
 665 |     [size_is(Entries)] PLSAPR_TRANSLATED_NAME_EX Names;
 666 | } LSAPR_TRANSLATED_NAMES_EX, *PLSAPR_TRANSLATED_NAMES_EX;
 667 | 
 668 | typedef struct _LSAPR_TRANSLATED_SID_EX {
 669 |     SID_NAME_USE Use;
 670 |     unsigned long RelativeId;
 671 |     long DomainIndex;
 672 |     unsigned long Flags;
 673 | } LSAPR_TRANSLATED_SID_EX, *PLSAPR_TRANSLATED_SID_EX;
 674 | 
 675 | typedef struct _LSAPR_TRANSLATED_SIDS_EX {
 676 |     [range (0,1000)] unsigned long Entries;
 677 |     [size_is(Entries)] PLSAPR_TRANSLATED_SID_EX Sids;
 678 | } LSAPR_TRANSLATED_SIDS_EX, *PLSAPR_TRANSLATED_SIDS_EX;
 679 | 
 680 | typedef struct _LSAPR_TRANSLATED_SID_EX2 {
 681 |     SID_NAME_USE Use;
 682 |     PRPC_SID Sid;
 683 |     long DomainIndex;
 684 |     unsigned long Flags;
 685 | } LSAPR_TRANSLATED_SID_EX2, *PLSAPR_TRANSLATED_SID_EX2;
 686 | 
 687 | typedef struct _LSAPR_TRANSLATED_SIDS_EX2 {
 688 |     [range (0,1000)] unsigned long Entries;
 689 |     [size_is(Entries)] PLSAPR_TRANSLATED_SID_EX2 Sids;
 690 | } LSAPR_TRANSLATED_SIDS_EX2, *PLSAPR_TRANSLATED_SIDS_EX2;
 691 | 
 692 | 
 693 | //
 694 | // Methods
 695 | //
 696 | //
 697 | // The following notation conventions are used for some IDL methods:
 698 | //
 699 | // void OpnumXXNotUsedOnWire(void);
 700 | //
 701 | //   (where XX represents the opnum.)
 702 | //
 703 | //   This notation indicates that the method is defined in this
 704 | //   interface but is not seen on the wire.
 705 | //
 706 | 
 707 | // Opnum 0
 708 | NTSTATUS
 709 | LsarClose(
 710 |     [in,out] LSAPR_HANDLE *ObjectHandle
 711 |     );
 712 | 
 713 | // Opnum 1
 714 | void Opnum1NotUsedOnWire(void);
 715 | 
 716 | // Opnum 2
 717 | NTSTATUS
 718 | LsarEnumeratePrivileges(
 719 |     [in] LSAPR_HANDLE PolicyHandle,
 720 |     [in, out] unsigned long *EnumerationContext,
 721 |     [out] PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
 722 |     [in] unsigned long PreferedMaximumLength
 723 |     );
 724 | 
 725 | // Opnum 3
 726 | NTSTATUS
 727 | LsarQuerySecurityObject(
 728 |     [in] LSAPR_HANDLE ObjectHandle,
 729 |     [in] SECURITY_INFORMATION SecurityInformation,
 730 |     [out] PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor
 731 |     );
 732 | 
 733 | // Opnum 4
 734 | NTSTATUS
 735 | LsarSetSecurityObject(
 736 |     [in] LSAPR_HANDLE ObjectHandle,
 737 |     [in] SECURITY_INFORMATION SecurityInformation,
 738 |     [in] PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
 739 |     );
 740 | 
 741 | // Opnum 5
 742 | void Opnum5NotUsedOnWire(void);
 743 | 
 744 | // Opnum 6
 745 | NTSTATUS
 746 | LsarOpenPolicy(
 747 |     [in,unique] wchar_t *SystemName,
 748 |     [in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
 749 |     [in] ACCESS_MASK DesiredAccess,
 750 |     [out] LSAPR_HANDLE *PolicyHandle
 751 |     );
 752 | 
 753 | // Opnum 7
 754 | NTSTATUS
 755 | LsarQueryInformationPolicy(
 756 |     [in] LSAPR_HANDLE PolicyHandle,
 757 |     [in] POLICY_INFORMATION_CLASS InformationClass,
 758 |     [out, switch_is(InformationClass)]
 759 |         PLSAPR_POLICY_INFORMATION *PolicyInformation
 760 |     );
 761 | 
 762 | // Opnum 8
 763 | NTSTATUS
 764 | LsarSetInformationPolicy(
 765 |     [in] LSAPR_HANDLE PolicyHandle,
 766 |     [in] POLICY_INFORMATION_CLASS InformationClass,
 767 |     [in, switch_is(InformationClass)]
 768 |         PLSAPR_POLICY_INFORMATION PolicyInformation
 769 |     );
 770 | 
 771 | // Opnum 9
 772 | void Opnum9NotUsedOnWire(void);
 773 | 
 774 | // Opnum 10
 775 | NTSTATUS
 776 | LsarCreateAccount(
 777 |     [in] LSAPR_HANDLE PolicyHandle,
 778 |     [in] PRPC_SID AccountSid,
 779 |     [in] ACCESS_MASK DesiredAccess,
 780 |     [out] LSAPR_HANDLE *AccountHandle
 781 |     );
 782 | 
 783 | // Opnum 11
 784 | NTSTATUS
 785 | LsarEnumerateAccounts(
 786 |     [in] LSAPR_HANDLE PolicyHandle,
 787 |     [in] [out] unsigned long *EnumerationContext,
 788 |     [out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
 789 |     [in] unsigned long PreferedMaximumLength
 790 |     );
 791 | 
 792 | // Opnum 12
 793 | NTSTATUS
 794 | LsarCreateTrustedDomain(
 795 |     [in] LSAPR_HANDLE PolicyHandle,
 796 |     [in] PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
 797 |     [in] ACCESS_MASK DesiredAccess,
 798 |     [out] LSAPR_HANDLE *TrustedDomainHandle
 799 |     );
 800 | 
 801 | // Opnum 13
 802 | NTSTATUS
 803 | LsarEnumerateTrustedDomains(
 804 |     [in] LSAPR_HANDLE PolicyHandle,
 805 |     [in] [out] unsigned long *EnumerationContext,
 806 |     [out] PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
 807 |     [in] unsigned long PreferedMaximumLength
 808 |     );
 809 | 
 810 | // Opnum 14
 811 | NTSTATUS
 812 | LsarLookupNames(
 813 |     [in] LSAPR_HANDLE PolicyHandle,
 814 |     [in, range(0,1000)] unsigned long Count,
 815 |     [in, size_is(Count)] PRPC_UNICODE_STRING Names,
 816 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
 817 |     [in, out] PLSAPR_TRANSLATED_SIDS TranslatedSids,
 818 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
 819 |     [in, out] unsigned long *MappedCount
 820 |     );
 821 | 
 822 | // Opnum 15
 823 | NTSTATUS
 824 | LsarLookupSids(
 825 |     [in] LSAPR_HANDLE PolicyHandle,
 826 |     [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
 827 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
 828 |     [in, out] PLSAPR_TRANSLATED_NAMES TranslatedNames,
 829 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
 830 |     [in, out] unsigned long *MappedCount
 831 |     );
 832 | 
 833 | // Opnum 16
 834 | NTSTATUS
 835 | LsarCreateSecret(
 836 |     [in] LSAPR_HANDLE PolicyHandle,
 837 |     [in] PRPC_UNICODE_STRING SecretName,
 838 |     [in] ACCESS_MASK DesiredAccess,
 839 |     [out] LSAPR_HANDLE *SecretHandle
 840 |     );
 841 | 
 842 | // Opnum 17
 843 | NTSTATUS
 844 | LsarOpenAccount(
 845 |     [in] LSAPR_HANDLE PolicyHandle,
 846 |     [in] PRPC_SID AccountSid,
 847 |     [in] ACCESS_MASK DesiredAccess,
 848 |     [out] LSAPR_HANDLE *AccountHandle
 849 |     );
 850 | 
 851 | // Opnum 18
 852 | NTSTATUS
 853 | LsarEnumeratePrivilegesAccount(
 854 |     [in] LSAPR_HANDLE AccountHandle,
 855 |     [out] PLSAPR_PRIVILEGE_SET *Privileges
 856 |     );
 857 | 
 858 | // Opnum 19
 859 | NTSTATUS
 860 | LsarAddPrivilegesToAccount(
 861 |     [in] LSAPR_HANDLE AccountHandle,
 862 |     [in] PLSAPR_PRIVILEGE_SET Privileges
 863 |     );
 864 | 
 865 | // Opnum 20
 866 | NTSTATUS
 867 | LsarRemovePrivilegesFromAccount(
 868 |     [in] LSAPR_HANDLE AccountHandle,
 869 |     [in] unsigned char AllPrivileges,
 870 |     [in, unique] PLSAPR_PRIVILEGE_SET Privileges
 871 |     );
 872 | 
 873 | // Opnum 21
 874 | void Opnum21NotUsedOnWire(void);
 875 | 
 876 | // Opnum 22
 877 | void Opnum22NotUsedOnWire(void);
 878 | 
 879 | // Opnum 23
 880 | NTSTATUS
 881 | LsarGetSystemAccessAccount(
 882 |     [in] LSAPR_HANDLE AccountHandle,
 883 |     [out] unsigned long  *SystemAccess
 884 |     );
 885 | 
 886 | // Opnum 24
 887 | NTSTATUS
 888 | LsarSetSystemAccessAccount(
 889 |     [in] LSAPR_HANDLE AccountHandle,
 890 |     [in] unsigned long SystemAccess
 891 |     );
 892 | 
 893 | // Opnum 25
 894 | NTSTATUS
 895 | LsarOpenTrustedDomain(
 896 |     [in] LSAPR_HANDLE PolicyHandle,
 897 |     [in] PRPC_SID TrustedDomainSid,
 898 |     [in] ACCESS_MASK DesiredAccess,
 899 |     [out] LSAPR_HANDLE *TrustedDomainHandle
 900 |     );
 901 | 
 902 | // Opnum 26
 903 | NTSTATUS
 904 | LsarQueryInfoTrustedDomain(
 905 |     [in] LSAPR_HANDLE TrustedDomainHandle,
 906 |     [in] TRUSTED_INFORMATION_CLASS InformationClass,
 907 |     [out, switch_is(InformationClass)]
 908 |         PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation
 909 |     );
 910 | 
 911 | // Opnum 27
 912 | NTSTATUS
 913 | LsarSetInformationTrustedDomain(
 914 |     [in] LSAPR_HANDLE TrustedDomainHandle,
 915 |     [in] TRUSTED_INFORMATION_CLASS InformationClass,
 916 |     [in, switch_is(InformationClass)]
 917 |         PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
 918 |     );
 919 | 
 920 | // Opnum 28
 921 | NTSTATUS
 922 | LsarOpenSecret(
 923 |     [in] LSAPR_HANDLE PolicyHandle,
 924 |     [in] PRPC_UNICODE_STRING SecretName,
 925 |     [in] ACCESS_MASK DesiredAccess,
 926 |     [out] LSAPR_HANDLE *SecretHandle
 927 |     );
 928 | 
 929 | // Opnum 29
 930 | NTSTATUS
 931 | LsarSetSecret(
 932 |     [in] LSAPR_HANDLE SecretHandle,
 933 |     [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
 934 |     [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
 935 |     );
 936 | 
 937 | // Opnum 30
 938 | NTSTATUS
 939 | LsarQuerySecret(
 940 |     [in] LSAPR_HANDLE SecretHandle,
 941 |     [in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
 942 |     [in, out, unique] PLARGE_INTEGER CurrentValueSetTime,
 943 |     [in, out, unique] PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
 944 |     [in, out, unique] PLARGE_INTEGER OldValueSetTime
 945 |     );
 946 | 
 947 | // Opnum 31
 948 | NTSTATUS
 949 | LsarLookupPrivilegeValue(
 950 |     [in] LSAPR_HANDLE PolicyHandle,
 951 |     [in] PRPC_UNICODE_STRING Name,
 952 |     [out] PLUID Value
 953 |     );
 954 | 
 955 | // Opnum 32
 956 | NTSTATUS
 957 | LsarLookupPrivilegeName(
 958 |     [in] LSAPR_HANDLE PolicyHandle,
 959 |     [in] PLUID Value,
 960 |     [out] PRPC_UNICODE_STRING *Name
 961 |     );
 962 | 
 963 | // Opnum 33
 964 | NTSTATUS
 965 | LsarLookupPrivilegeDisplayName(
 966 |     [in] LSAPR_HANDLE PolicyHandle,
 967 |     [in] PRPC_UNICODE_STRING Name,
 968 |     [in] short ClientLanguage,
 969 |     [in] short ClientSystemDefaultLanguage,
 970 |     [out] PRPC_UNICODE_STRING *DisplayName,
 971 |     [out] unsigned short *LanguageReturned
 972 |     );
 973 | 
 974 | // Opnum 34
 975 | NTSTATUS
 976 | LsarDeleteObject(
 977 |     [in,out] LSAPR_HANDLE *ObjectHandle
 978 |     );
 979 | 
 980 | // Opnum 35
 981 | NTSTATUS
 982 | LsarEnumerateAccountsWithUserRight(
 983 |     [in] LSAPR_HANDLE PolicyHandle,
 984 |     [in,unique] PRPC_UNICODE_STRING UserRight,
 985 |     [out] PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
 986 |     );
 987 | 
 988 | // Opnum 36
 989 | NTSTATUS
 990 | LsarEnumerateAccountRights(
 991 |     [in] LSAPR_HANDLE PolicyHandle,
 992 |     [in] PRPC_SID AccountSid,
 993 |     [out] PLSAPR_USER_RIGHT_SET UserRights
 994 |     );
 995 | 
 996 | // Opnum 37
 997 | NTSTATUS
 998 | LsarAddAccountRights(
 999 |     [in] LSAPR_HANDLE PolicyHandle,
1000 |     [in] PRPC_SID AccountSid,
1001 |     [in] PLSAPR_USER_RIGHT_SET UserRights
1002 |     );
1003 | 
1004 | // Opnum 38
1005 | NTSTATUS
1006 | LsarRemoveAccountRights(
1007 |     [in] LSAPR_HANDLE PolicyHandle,
1008 |     [in] PRPC_SID AccountSid,
1009 |     [in] unsigned char AllRights,
1010 |     [in] PLSAPR_USER_RIGHT_SET UserRights
1011 |     );
1012 | 
1013 | // Opnum 39
1014 | NTSTATUS
1015 | LsarQueryTrustedDomainInfo(
1016 |     [in] LSAPR_HANDLE PolicyHandle,
1017 |     [in] PRPC_SID TrustedDomainSid,
1018 |     [in] TRUSTED_INFORMATION_CLASS InformationClass,
1019 |     [out, switch_is(InformationClass)]
1020 |         PLSAPR_TRUSTED_DOMAIN_INFO * TrustedDomainInformation
1021 |     );
1022 | 
1023 | // Opnum 40
1024 | NTSTATUS
1025 | LsarSetTrustedDomainInfo(
1026 |     [in] LSAPR_HANDLE PolicyHandle,
1027 |     [in] PRPC_SID TrustedDomainSid,
1028 |     [in] TRUSTED_INFORMATION_CLASS InformationClass,
1029 |     [in, switch_is(InformationClass)]
1030 |         PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
1031 |     );
1032 | 
1033 | // Opnum 41
1034 | NTSTATUS
1035 | LsarDeleteTrustedDomain(
1036 |     [in] LSAPR_HANDLE PolicyHandle,
1037 |     [in] PRPC_SID TrustedDomainSid
1038 |     );
1039 | 
1040 | // Opnum 42
1041 | NTSTATUS
1042 | LsarStorePrivateData(
1043 |     [in] LSAPR_HANDLE PolicyHandle,
1044 |     [in] PRPC_UNICODE_STRING KeyName,
1045 |     [in,unique] PLSAPR_CR_CIPHER_VALUE EncryptedData
1046 |     );
1047 | 
1048 | // Opnum 43
1049 | NTSTATUS
1050 | LsarRetrievePrivateData(
1051 |     [in] LSAPR_HANDLE PolicyHandle,
1052 |     [in] PRPC_UNICODE_STRING KeyName,
1053 |     [in, out] PLSAPR_CR_CIPHER_VALUE *EncryptedData
1054 |     );
1055 | 
1056 | // Opnum 44
1057 | NTSTATUS
1058 | LsarOpenPolicy2(
1059 |     [in,unique,string] wchar_t *SystemName,
1060 |     [in] PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
1061 |     [in] ACCESS_MASK DesiredAccess,
1062 |     [out] LSAPR_HANDLE *PolicyHandle
1063 |     );
1064 | 
1065 | // Opnum 45
1066 | NTSTATUS
1067 | LsarGetUserName(
1068 |     [in,unique,string] wchar_t *SystemName,
1069 |     [in,out] PRPC_UNICODE_STRING *UserName,
1070 |     [in,out,unique] PRPC_UNICODE_STRING *DomainName
1071 |     );
1072 | 
1073 | // Opnum 46
1074 | NTSTATUS
1075 | LsarQueryInformationPolicy2(
1076 |     [in] LSAPR_HANDLE PolicyHandle,
1077 |     [in] POLICY_INFORMATION_CLASS InformationClass,
1078 |     [out, switch_is(InformationClass)]
1079 |         PLSAPR_POLICY_INFORMATION *PolicyInformation
1080 |     );
1081 | 
1082 | // Opnum 47
1083 | NTSTATUS
1084 | LsarSetInformationPolicy2(
1085 |     [in] LSAPR_HANDLE PolicyHandle,
1086 |     [in] POLICY_INFORMATION_CLASS InformationClass,
1087 |     [in, switch_is(InformationClass)]
1088 |         PLSAPR_POLICY_INFORMATION PolicyInformation
1089 |     );
1090 | 
1091 | // Opnum 48
1092 | NTSTATUS
1093 | LsarQueryTrustedDomainInfoByName(
1094 |     [in]  LSAPR_HANDLE PolicyHandle,
1095 |     [in]  PRPC_UNICODE_STRING TrustedDomainName,
1096 |     [in]  TRUSTED_INFORMATION_CLASS InformationClass,
1097 |     [out, switch_is(InformationClass)]
1098 |         PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation
1099 |     );
1100 | 
1101 | // Opnum 49
1102 | NTSTATUS
1103 | LsarSetTrustedDomainInfoByName(
1104 |     [in] LSAPR_HANDLE PolicyHandle,
1105 |     [in] PRPC_UNICODE_STRING TrustedDomainName,
1106 |     [in] TRUSTED_INFORMATION_CLASS InformationClass,
1107 |     [in, switch_is(InformationClass)]
1108 |         PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
1109 |     );
1110 | 
1111 | // Opnum 50
1112 | NTSTATUS
1113 | LsarEnumerateTrustedDomainsEx(
1114 |     [in] LSAPR_HANDLE PolicyHandle,
1115 |     [in, out] unsigned long *EnumerationContext,
1116 |     [out] PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
1117 |     [in] unsigned long PreferedMaximumLength
1118 |     );
1119 | 
1120 | // Opnum 51
1121 | NTSTATUS
1122 | LsarCreateTrustedDomainEx(
1123 |     [in] LSAPR_HANDLE PolicyHandle,
1124 |     [in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX
1125 |         TrustedDomainInformation,
1126 |     [in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION
1127 |         AuthenticationInformation,
1128 |     [in] ACCESS_MASK DesiredAccess,
1129 |     [out] LSAPR_HANDLE *TrustedDomainHandle
1130 |     );
1131 | 
1132 | // Opnum 52
1133 | void Opnum52NotUsedOnWire(void);
1134 | 
1135 | // Opnum 53
1136 | NTSTATUS
1137 | LsarQueryDomainInformationPolicy(
1138 |     [in] LSAPR_HANDLE PolicyHandle,
1139 |     [in] POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
1140 |     [out, switch_is(InformationClass)]
1141 |         PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyDomainInformation
1142 |     );
1143 | 
1144 | // Opnum 54
1145 | NTSTATUS
1146 | LsarSetDomainInformationPolicy(
1147 |     [in] LSAPR_HANDLE PolicyHandle,
1148 |     [in] POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
1149 |     [in, unique, switch_is(InformationClass)]
1150 |         PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation
1151 |     );
1152 | 
1153 | // Opnum 55
1154 | NTSTATUS
1155 | LsarOpenTrustedDomainByName(
1156 |     [in] LSAPR_HANDLE PolicyHandle,
1157 |     [in] PRPC_UNICODE_STRING TrustedDomainName,
1158 |     [in] ACCESS_MASK DesiredAccess,
1159 |     [out] LSAPR_HANDLE *TrustedDomainHandle
1160 |     );
1161 | 
1162 | // Opnum 56
1163 | void Opnum56NotUsedOnWire(void);
1164 | 
1165 | // Opnum 57
1166 | NTSTATUS
1167 | LsarLookupSids2(
1168 |     [in] LSAPR_HANDLE PolicyHandle,
1169 |     [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1170 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1171 |     [in, out] PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
1172 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
1173 |     [in, out] unsigned long *MappedCount,
1174 |     [in] unsigned long LookupOptions,
1175 |     [in] unsigned long ClientRevision
1176 |     );
1177 | 
1178 | // Opnum 58
1179 | NTSTATUS
1180 | LsarLookupNames2(
1181 |     [in] LSAPR_HANDLE PolicyHandle,
1182 |     [in, range(0,1000)] unsigned long Count,
1183 |     [in, size_is(Count)] PRPC_UNICODE_STRING Names,
1184 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1185 |     [in, out] PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
1186 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
1187 |     [in, out] unsigned long *MappedCount,
1188 |     [in] unsigned long LookupOptions,
1189 |     [in] unsigned long ClientRevision
1190 |     );
1191 | 
1192 | // Opnum 59
1193 | NTSTATUS
1194 | LsarCreateTrustedDomainEx2(
1195 |     [in] LSAPR_HANDLE PolicyHandle,
1196 |     [in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX
1197 |         TrustedDomainInformation,
1198 |     [in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
1199 |         AuthenticationInformation,
1200 |     [in] ACCESS_MASK DesiredAccess,
1201 |     [out] LSAPR_HANDLE *TrustedDomainHandle
1202 |     );
1203 | 
1204 | // Opnum 60
1205 | void Opnum60NotUsedOnWire(void);
1206 | 
1207 | // Opnum 61
1208 | void Opnum61NotUsedOnWire(void);
1209 | 
1210 | // Opnum 62
1211 | void Opnum62NotUsedOnWire(void);
1212 | 
1213 | // Opnum 63
1214 | void Opnum63NotUsedOnWire(void);
1215 | 
1216 | // Opnum 64
1217 | void Opnum64NotUsedOnWire(void);
1218 | 
1219 | // Opnum 65
1220 | void Opnum65NotUsedOnWire(void);
1221 | 
1222 | // Opnum 66
1223 | void Opnum66NotUsedOnWire(void);
1224 | 
1225 | // Opnum 67
1226 | void Opnum67NotUsedOnWire(void);
1227 | 
1228 | // Opnum 68
1229 | NTSTATUS
1230 | LsarLookupNames3(
1231 |     [in] LSAPR_HANDLE PolicyHandle,
1232 |     [in, range(0,1000)] unsigned long Count,
1233 |     [in, size_is(Count)] PRPC_UNICODE_STRING Names,
1234 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1235 |     [in, out] PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1236 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
1237 |     [in, out] unsigned long *MappedCount,
1238 |     [in] unsigned long LookupOptions,
1239 |     [in] unsigned long ClientRevision
1240 |     );
1241 | 
1242 | // Opnum 69
1243 | void Opnum69NotUsedOnWire(void);
1244 | 
1245 | // Opnum 70
1246 | void Opnum70NotUsedOnWire(void);
1247 | 
1248 | // Opnum 71
1249 | void Opnum71NotUsedOnWire(void);
1250 | 
1251 | // Opnum 72
1252 | void Opnum72NotUsedOnWire(void);
1253 | 
1254 | // Opnum 73
1255 | NTSTATUS
1256 | LsarQueryForestTrustInformation(
1257 |     [in] LSAPR_HANDLE PolicyHandle,
1258 |     [in] PLSA_UNICODE_STRING TrustedDomainName,
1259 |     [in] LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
1260 |     [out] PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
1261 |     );
1262 | 
1263 | // Opnum 74
1264 | NTSTATUS
1265 | LsarSetForestTrustInformation(
1266 |     [in] LSAPR_HANDLE PolicyHandle,
1267 |     [in] PLSA_UNICODE_STRING TrustedDomainName,
1268 |     [in] LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
1269 |     [in] PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
1270 |     [in] unsigned char CheckOnly,
1271 |     [out] PLSA_FOREST_TRUST_COLLISION_INFORMATION * CollisionInfo
1272 |     );
1273 | 
1274 | // Opnum 75
1275 | void Opnum75NotUsedOnWire(void);
1276 | 
1277 | // Opnum 76
1278 | NTSTATUS
1279 | LsarLookupSids3(
1280 |     [in] handle_t RpcHandle,
1281 |     [in] PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1282 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1283 |     [in, out] PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
1284 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
1285 |     [in, out] unsigned long *MappedCount,
1286 |     [in] unsigned long LookupOptions,
1287 |     [in] unsigned long ClientRevision
1288 |     );
1289 | 
1290 | // Opnum 77
1291 | NTSTATUS
1292 | LsarLookupNames4(
1293 |     [in] handle_t RpcHandle,
1294 |     [in, range(0,1000)] unsigned long Count,
1295 |     [in, size_is(Count)] PRPC_UNICODE_STRING Names,
1296 |     [out] PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1297 |     [in, out] PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1298 |     [in] LSAP_LOOKUP_LEVEL LookupLevel,
1299 |     [in, out] unsigned long *MappedCount,
1300 |     [in] unsigned long LookupOptions,
1301 |     [in] unsigned long ClientRevision
1302 |     );
1303 | 
1304 |     // Opnum 78
1305 |  void Opnum78NotUsedOnWire(void);
1306 |   
1307 |  // Opnum 79
1308 |  void Opnum79NotUsedOnWire(void);
1309 |   
1310 |  // Opnum 80
1311 |  void Opnum80NotUsedOnWire(void);
1312 |   
1313 |  // Opnum 81
1314 |  void Opnum81NotUsedOnWire(void);
1315 |   
1316 |  // Opnum 82
1317 |  void Opnum82NotUsedOnWire(void);
1318 |   
1319 |  // Opnum 83
1320 |  void Opnum83NotUsedOnWire(void);
1321 |   
1322 |  // Opnum 84
1323 |  void Opnum84NotUsedOnWire(void);
1324 |   
1325 |  // Opnum 85
1326 |  void Opnum85NotUsedOnWire(void);
1327 |   
1328 |  // Opnum 86
1329 |  void Opnum86NotUsedOnWire(void);
1330 |   
1331 |  // Opnum 87
1332 |  void Opnum87NotUsedOnWire(void);
1333 |   
1334 |  // Opnum 88
1335 |  void Opnum88NotUsedOnWire(void);
1336 |   
1337 |  // Opnum 89
1338 |  void Opnum89NotUsedOnWire(void);
1339 |   
1340 |  // Opnum 90
1341 |  void Opnum90NotUsedOnWire(void);
1342 |   
1343 |  // Opnum 91
1344 |  void Opnum91NotUsedOnWire(void);
1345 |   
1346 |  // Opnum 92
1347 |  void Opnum92NotUsedOnWire(void);
1348 |   
1349 |  // Opnum 93
1350 |  void Opnum93NotUsedOnWire(void);
1351 |   
1352 |  // Opnum 94
1353 |  void Opnum94NotUsedOnWire(void);
1354 |   
1355 |  // Opnum 95
1356 |  void Opnum95NotUsedOnWire(void);
1357 |   
1358 |  // Opnum 96
1359 |  void Opnum96NotUsedOnWire(void);
1360 |   
1361 |  // Opnum 97
1362 |  void Opnum97NotUsedOnWire(void);
1363 |   
1364 |  // Opnum 98
1365 |  void Opnum98NotUsedOnWire(void);
1366 |   
1367 |  // Opnum 99
1368 |  void Opnum99NotUsedOnWire(void);
1369 |   
1370 |  // Opnum 100
1371 |  void Opnum100NotUsedOnWire(void);
1372 |   
1373 |  // Opnum 101
1374 |  void Opnum101NotUsedOnWire(void);
1375 |   
1376 |  // Opnum 102
1377 |  void Opnum102NotUsedOnWire(void);
1378 |   
1379 |  // Opnum 103
1380 |  void Opnum103NotUsedOnWire(void);
1381 |   
1382 |  // Opnum 104
1383 |  void Opnum104NotUsedOnWire(void);
1384 |   
1385 |  // Opnum 105
1386 |  void Opnum105NotUsedOnWire(void);
1387 |   
1388 |  // Opnum 106
1389 |  void Opnum106NotUsedOnWire(void);
1390 |   
1391 |  // Opnum 107
1392 |  void Opnum107NotUsedOnWire(void);
1393 |   
1394 |  // Opnum 108
1395 |  void Opnum108NotUsedOnWire(void);
1396 |   
1397 |  // Opnum 109
1398 |  void Opnum109NotUsedOnWire(void);
1399 |   
1400 |  // Opnum 110
1401 |  void Opnum110NotUsedOnWire(void);
1402 |   
1403 |  // Opnum 111
1404 |  void Opnum111NotUsedOnWire(void);
1405 |   
1406 |  // Opnum 112
1407 |  void Opnum112NotUsedOnWire(void);
1408 |   
1409 |  // Opnum 113
1410 |  void Opnum113NotUsedOnWire(void);
1411 |   
1412 |  // Opnum 114
1413 |  void Opnum114NotUsedOnWire(void);
1414 |   
1415 |  // Opnum 115
1416 |  void Opnum115NotUsedOnWire(void);
1417 |   
1418 |  // Opnum 116
1419 |  void Opnum116NotUsedOnWire(void);
1420 |   
1421 |  // Opnum 117
1422 |  void Opnum117NotUsedOnWire(void);
1423 |   
1424 |  // Opnum 118
1425 |  void Opnum118NotUsedOnWire(void);
1426 |   
1427 |  // Opnum 119
1428 |  void Opnum119NotUsedOnWire(void);
1429 |   
1430 |  // Opnum 120
1431 |  void Opnum120NotUsedOnWire(void);
1432 |   
1433 |  // Opnum 121
1434 |  void Opnum121NotUsedOnWire(void);
1435 |   
1436 |  // Opnum 122
1437 |  void Opnum122NotUsedOnWire(void);
1438 |   
1439 |  // Opnum 123
1440 |  void Opnum123NotUsedOnWire(void);
1441 |   
1442 |  // Opnum 124
1443 |  void Opnum124NotUsedOnWire(void);
1444 |   
1445 |  // Opnum 125
1446 |  void Opnum125NotUsedOnWire(void);
1447 |   
1448 |  // Opnum 126
1449 |  void Opnum126NotUsedOnWire(void);
1450 |   
1451 |  // Opnum 127
1452 |  void Opnum127NotUsedOnWire(void);
1453 |   
1454 |  // Opnum 128
1455 |  void Opnum128NotUsedOnWire(void);
1456 |  // Opnum 129
1457 |  NTSTATUS
1458 |  LsarCreateTrustedDomainEx3(
1459 |      [in] LSAPR_HANDLE                                          PolicyHandle,
1460 |      [in] PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX                  TrustedDomainInformation,
1461 |      [in] PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES   AuthenticationInformation,
1462 |      [in] ACCESS_MASK                                           DesiredAccess,
1463 |      [out] LSAPR_HANDLE*                                        TrustedDomainHandle
1464 |      );
1465 |  
1466 | 
1467 | // Opnum 130
1468 | typedef [handle] LPWSTR PLSAPR_SERVER_NAME, *PPLSAPR_SERVER_NAME;
1469 | 
1470 |      typedef struct _LSAPR_REVISION_INFO_V1
1471 |  {
1472 |      ULONG Revision;
1473 |      ULONG SupportedFeatures;
1474 |   
1475 |  } LSAPR_REVISION_INFO_V1, *PLSAPR_REVISION_INFO_V1;
1476 |   
1477 |  typedef [switch_type(ULONG)] union
1478 |  {
1479 |      [case(1)] LSAPR_REVISION_INFO_V1 V1;
1480 |   
1481 | } LSAPR_REVISION_INFO, *PLSAPR_REVISION_INFO;
1482 |  
1483 |  NTSTATUS
1484 |  LsarOpenPolicy3(
1485 |      [in,unique,string] PLSAPR_SERVER_NAME               SystemName,
1486 |      [in] PLSAPR_OBJECT_ATTRIBUTES                       ObjectAttributes,
1487 |      [in] ACCESS_MASK                                    DesiredAccess,
1488 |      [in] ULONG                                          InVersion,
1489 |      [in] [switch_is(InVersion)] LSAPR_REVISION_INFO*    InRevisionInfo,
1490 |      [out] ULONG*                                        OutVersion,
1491 |      [out] [switch_is(*OutVersion)] LSAPR_REVISION_INFO* OutRevisionInfo,
1492 |      [out] LSAPR_HANDLE*                                 PolicyHandle
1493 |     );
1494 | 
1495 | }
1496 | 


--------------------------------------------------------------------------------
/BOF/src/ms-lsar.h:
--------------------------------------------------------------------------------
   1 | 
   2 | 
   3 | /* this ALWAYS GENERATED file contains the definitions for the interfaces */
   4 | 
   5 | 
   6 |  /* File created by MIDL compiler version 8.01.0626 */
   7 | /* at Mon Jan 18 19:14:07 2038
   8 |  */
   9 | /* Compiler settings for ms-lsar.idl:
  10 |     Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.01.0626 
  11 |     protocol : dce , ms_ext, c_ext, robust
  12 |     error checks: allocation ref bounds_check enum stub_data 
  13 |     VC __declspec() decoration level: 
  14 |          __declspec(uuid()), __declspec(selectany), __declspec(novtable)
  15 |          DECLSPEC_UUID(), MIDL_INTERFACE()
  16 | */
  17 | /* @@MIDL_FILE_HEADING(  ) */
  18 | 
  19 | #pragma warning( disable: 4049 )  /* more than 64k source lines */
  20 | 
  21 | 
  22 | /* verify that the <rpcndr.h> version is high enough to compile this file*/
  23 | #ifndef __REQUIRED_RPCNDR_H_VERSION__
  24 | #define __REQUIRED_RPCNDR_H_VERSION__ 475
  25 | #endif
  26 | 
  27 | #include "rpc.h"
  28 | #include "rpcndr.h"
  29 | 
  30 | #ifndef __RPCNDR_H_VERSION__
  31 | #error this stub requires an updated version of <rpcndr.h>
  32 | #endif /* __RPCNDR_H_VERSION__ */
  33 | 
  34 | 
  35 | #ifndef __ms2Dlsar_h__
  36 | #define __ms2Dlsar_h__
  37 | 
  38 | #if defined(_MSC_VER) && (_MSC_VER >= 1020)
  39 | #pragma once
  40 | #endif
  41 | 
  42 | #ifndef DECLSPEC_XFGVIRT
  43 | #if _CONTROL_FLOW_GUARD_XFG
  44 | #define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func))
  45 | #else
  46 | #define DECLSPEC_XFGVIRT(base, func)
  47 | #endif
  48 | #endif
  49 | 
  50 | /* Forward Declarations */ 
  51 | 
  52 | /* header files for imported files */
  53 | #include "ms-dtyp.h"
  54 | 
  55 | #ifdef __cplusplus
  56 | extern "C"{
  57 | #endif 
  58 | 
  59 | 
  60 | #ifndef __lsarpc_INTERFACE_DEFINED__
  61 | #define __lsarpc_INTERFACE_DEFINED__
  62 | 
  63 | /* interface lsarpc */
  64 | /* [unique][ms_union][version][uuid] */ 
  65 | 
  66 | typedef /* [context_handle] */ void *LSAPR_HANDLE;
  67 | 
  68 | typedef unsigned char SECURITY_CONTEXT_TRACKING_MODE;
  69 | 
  70 | typedef unsigned char *PSECURITY_CONTEXT_TRACKING_MODE;
  71 | 
  72 | typedef unsigned short SECURITY_DESCRIPTOR_CONTROL;
  73 | 
  74 | typedef unsigned short *PSECURITY_DESCRIPTOR_CONTROL;
  75 | 
  76 | typedef struct _STRING *PSTRING;
  77 | 
  78 | typedef struct _LSAPR_ACL
  79 |     {
  80 |     unsigned char AclRevision;
  81 |     unsigned char Sbz1;
  82 |     unsigned short AclSize;
  83 |     /* [size_is] */ unsigned char Dummy1[ 1 ];
  84 |     } 	LSAPR_ACL;
  85 | 
  86 | typedef struct _LSAPR_ACL *PLSAPR_ACL;
  87 | 
  88 | typedef struct _LSAPR_SECURITY_DESCRIPTOR
  89 |     {
  90 |     unsigned char Revision;
  91 |     unsigned char Sbz1;
  92 |     SECURITY_DESCRIPTOR_CONTROL Control;
  93 |     PRPC_SID Owner;
  94 |     PRPC_SID Group;
  95 |     PLSAPR_ACL Sacl;
  96 |     PLSAPR_ACL Dacl;
  97 |     } 	LSAPR_SECURITY_DESCRIPTOR;
  98 | 
  99 | typedef struct _LSAPR_SECURITY_DESCRIPTOR *PLSAPR_SECURITY_DESCRIPTOR;
 100 | 
 101 | typedef enum _SECURITY_IMPERSONATION_LEVEL *PSECURITY_IMPERSONATION_LEVEL;
 102 | 
 103 | typedef struct _SECURITY_QUALITY_OF_SERVICE *PSECURITY_QUALITY_OF_SERVICE;
 104 | 
 105 | typedef struct _LSAPR_OBJECT_ATTRIBUTES
 106 |     {
 107 |     unsigned long Length;
 108 |     unsigned char *RootDirectory;
 109 |     PSTRING ObjectName;
 110 |     unsigned long Attributes;
 111 |     PLSAPR_SECURITY_DESCRIPTOR SecurityDescriptor;
 112 |     PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
 113 |     } 	LSAPR_OBJECT_ATTRIBUTES;
 114 | 
 115 | typedef struct _LSAPR_OBJECT_ATTRIBUTES *PLSAPR_OBJECT_ATTRIBUTES;
 116 | 
 117 | typedef struct _LSAPR_TRUST_INFORMATION
 118 |     {
 119 |     RPC_UNICODE_STRING Name;
 120 |     PRPC_SID Sid;
 121 |     } 	LSAPR_TRUST_INFORMATION;
 122 | 
 123 | typedef struct _LSAPR_TRUST_INFORMATION *PLSAPR_TRUST_INFORMATION;
 124 | 
 125 | typedef 
 126 | enum _POLICY_INFORMATION_CLASS
 127 |     {
 128 |         PolicyAuditLogInformation	= 1,
 129 |         PolicyAuditEventsInformation	= ( PolicyAuditLogInformation + 1 ) ,
 130 |         PolicyPrimaryDomainInformation	= ( PolicyAuditEventsInformation + 1 ) ,
 131 |         PolicyPdAccountInformation	= ( PolicyPrimaryDomainInformation + 1 ) ,
 132 |         PolicyAccountDomainInformation	= ( PolicyPdAccountInformation + 1 ) ,
 133 |         PolicyLsaServerRoleInformation	= ( PolicyAccountDomainInformation + 1 ) ,
 134 |         PolicyReplicaSourceInformation	= ( PolicyLsaServerRoleInformation + 1 ) ,
 135 |         PolicyInformationNotUsedOnWire	= ( PolicyReplicaSourceInformation + 1 ) ,
 136 |         PolicyModificationInformation	= ( PolicyInformationNotUsedOnWire + 1 ) ,
 137 |         PolicyAuditFullSetInformation	= ( PolicyModificationInformation + 1 ) ,
 138 |         PolicyAuditFullQueryInformation	= ( PolicyAuditFullSetInformation + 1 ) ,
 139 |         PolicyDnsDomainInformation	= ( PolicyAuditFullQueryInformation + 1 ) ,
 140 |         PolicyDnsDomainInformationInt	= ( PolicyDnsDomainInformation + 1 ) ,
 141 |         PolicyLocalAccountDomainInformation	= ( PolicyDnsDomainInformationInt + 1 ) ,
 142 |         PolicyMachineAccountInformation	= ( PolicyLocalAccountDomainInformation + 1 ) ,
 143 |         PolicyLastEntry	= ( PolicyMachineAccountInformation + 1 ) 
 144 |     } 	POLICY_INFORMATION_CLASS;
 145 | 
 146 | typedef enum _POLICY_INFORMATION_CLASS *PPOLICY_INFORMATION_CLASS;
 147 | 
 148 | typedef 
 149 | enum _POLICY_AUDIT_EVENT_TYPE
 150 |     {
 151 |         AuditCategorySystem	= 0,
 152 |         AuditCategoryLogon	= ( AuditCategorySystem + 1 ) ,
 153 |         AuditCategoryObjectAccess	= ( AuditCategoryLogon + 1 ) ,
 154 |         AuditCategoryPrivilegeUse	= ( AuditCategoryObjectAccess + 1 ) ,
 155 |         AuditCategoryDetailedTracking	= ( AuditCategoryPrivilegeUse + 1 ) ,
 156 |         AuditCategoryPolicyChange	= ( AuditCategoryDetailedTracking + 1 ) ,
 157 |         AuditCategoryAccountManagement	= ( AuditCategoryPolicyChange + 1 ) ,
 158 |         AuditCategoryDirectoryServiceAccess	= ( AuditCategoryAccountManagement + 1 ) ,
 159 |         AuditCategoryAccountLogon	= ( AuditCategoryDirectoryServiceAccess + 1 ) 
 160 |     } 	POLICY_AUDIT_EVENT_TYPE;
 161 | 
 162 | typedef enum _POLICY_AUDIT_EVENT_TYPE *PPOLICY_AUDIT_EVENT_TYPE;
 163 | 
 164 | typedef RPC_UNICODE_STRING LSA_UNICODE_STRING;
 165 | 
 166 | typedef RPC_UNICODE_STRING *PLSA_UNICODE_STRING;
 167 | 
 168 | typedef struct _POLICY_AUDIT_LOG_INFO
 169 |     {
 170 |     unsigned long AuditLogPercentFull;
 171 |     unsigned long MaximumLogSize;
 172 |     LARGE_INTEGER AuditRetentionPeriod;
 173 |     unsigned char AuditLogFullShutdownInProgress;
 174 |     LARGE_INTEGER TimeToShutdown;
 175 |     unsigned long NextAuditRecordId;
 176 |     } 	POLICY_AUDIT_LOG_INFO;
 177 | 
 178 | typedef struct _POLICY_AUDIT_LOG_INFO *PPOLICY_AUDIT_LOG_INFO;
 179 | 
 180 | typedef 
 181 | enum _POLICY_LSA_SERVER_ROLE
 182 |     {
 183 |         PolicyServerRoleBackup	= 2,
 184 |         PolicyServerRolePrimary	= ( PolicyServerRoleBackup + 1 ) 
 185 |     } 	POLICY_LSA_SERVER_ROLE;
 186 | 
 187 | typedef enum _POLICY_LSA_SERVER_ROLE *PPOLICY_LSA_SERVER_ROLE;
 188 | 
 189 | typedef struct _POLICY_LSA_SERVER_ROLE_INFO
 190 |     {
 191 |     POLICY_LSA_SERVER_ROLE LsaServerRole;
 192 |     } 	POLICY_LSA_SERVER_ROLE_INFO;
 193 | 
 194 | typedef struct _POLICY_LSA_SERVER_ROLE_INFO *PPOLICY_LSA_SERVER_ROLE_INFO;
 195 | 
 196 | typedef struct _POLICY_MODIFICATION_INFO
 197 |     {
 198 |     LARGE_INTEGER ModifiedId;
 199 |     LARGE_INTEGER DatabaseCreationTime;
 200 |     } 	POLICY_MODIFICATION_INFO;
 201 | 
 202 | typedef struct _POLICY_MODIFICATION_INFO *PPOLICY_MODIFICATION_INFO;
 203 | 
 204 | typedef struct _POLICY_AUDIT_FULL_SET_INFO
 205 |     {
 206 |     unsigned char ShutDownOnFull;
 207 |     } 	POLICY_AUDIT_FULL_SET_INFO;
 208 | 
 209 | typedef struct _POLICY_AUDIT_FULL_SET_INFO *PPOLICY_AUDIT_FULL_SET_INFO;
 210 | 
 211 | typedef struct _POLICY_AUDIT_FULL_QUERY_INFO
 212 |     {
 213 |     unsigned char ShutDownOnFull;
 214 |     unsigned char LogIsFull;
 215 |     } 	POLICY_AUDIT_FULL_QUERY_INFO;
 216 | 
 217 | typedef struct _POLICY_AUDIT_FULL_QUERY_INFO *PPOLICY_AUDIT_FULL_QUERY_INFO;
 218 | 
 219 | typedef 
 220 | enum _POLICY_DOMAIN_INFORMATION_CLASS
 221 |     {
 222 |         PolicyDomainQualityOfServiceInformation	= 1,
 223 |         PolicyDomainEfsInformation	= 2,
 224 |         PolicyDomainKerberosTicketInformation	= 3
 225 |     } 	POLICY_DOMAIN_INFORMATION_CLASS;
 226 | 
 227 | typedef enum _POLICY_DOMAIN_INFORMATION_CLASS *PPOLICY_DOMAIN_INFORMATION_CLASS;
 228 | 
 229 | typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO
 230 |     {
 231 |     unsigned long AuthenticationOptions;
 232 |     LARGE_INTEGER MaxServiceTicketAge;
 233 |     LARGE_INTEGER MaxTicketAge;
 234 |     LARGE_INTEGER MaxRenewAge;
 235 |     LARGE_INTEGER MaxClockSkew;
 236 |     LARGE_INTEGER Reserved;
 237 |     } 	POLICY_DOMAIN_KERBEROS_TICKET_INFO;
 238 | 
 239 | typedef struct _POLICY_DOMAIN_KERBEROS_TICKET_INFO *PPOLICY_DOMAIN_KERBEROS_TICKET_INFO;
 240 | 
 241 | typedef struct _TRUSTED_POSIX_OFFSET_INFO
 242 |     {
 243 |     unsigned long Offset;
 244 |     } 	TRUSTED_POSIX_OFFSET_INFO;
 245 | 
 246 | typedef struct _TRUSTED_POSIX_OFFSET_INFO *PTRUSTED_POSIX_OFFSET_INFO;
 247 | 
 248 | typedef 
 249 | enum _TRUSTED_INFORMATION_CLASS
 250 |     {
 251 |         TrustedDomainNameInformation	= 1,
 252 |         TrustedControllersInformation	= ( TrustedDomainNameInformation + 1 ) ,
 253 |         TrustedPosixOffsetInformation	= ( TrustedControllersInformation + 1 ) ,
 254 |         TrustedPasswordInformation	= ( TrustedPosixOffsetInformation + 1 ) ,
 255 |         TrustedDomainInformationBasic	= ( TrustedPasswordInformation + 1 ) ,
 256 |         TrustedDomainInformationEx	= ( TrustedDomainInformationBasic + 1 ) ,
 257 |         TrustedDomainAuthInformation	= ( TrustedDomainInformationEx + 1 ) ,
 258 |         TrustedDomainFullInformation	= ( TrustedDomainAuthInformation + 1 ) ,
 259 |         TrustedDomainAuthInformationInternal	= ( TrustedDomainFullInformation + 1 ) ,
 260 |         TrustedDomainFullInformationInternal	= ( TrustedDomainAuthInformationInternal + 1 ) ,
 261 |         TrustedDomainInformationEx2Internal	= ( TrustedDomainFullInformationInternal + 1 ) ,
 262 |         TrustedDomainFullInformation2Internal	= ( TrustedDomainInformationEx2Internal + 1 ) ,
 263 |         TrustedDomainSupportedEncryptionTypes	= ( TrustedDomainFullInformation2Internal + 1 ) 
 264 |     } 	TRUSTED_INFORMATION_CLASS;
 265 | 
 266 | typedef enum _TRUSTED_INFORMATION_CLASS *PTRUSTED_INFORMATION_CLASS;
 267 | 
 268 | typedef 
 269 | enum _LSA_FOREST_TRUST_RECORD_TYPE
 270 |     {
 271 |         ForestTrustTopLevelName	= 0,
 272 |         ForestTrustTopLevelNameEx	= 1,
 273 |         ForestTrustDomainInfo	= 2
 274 |     } 	LSA_FOREST_TRUST_RECORD_TYPE;
 275 | 
 276 | typedef struct _LSA_FOREST_TRUST_BINARY_DATA
 277 |     {
 278 |     /* [range] */ unsigned long Length;
 279 |     /* [size_is] */ unsigned char *Buffer;
 280 |     } 	LSA_FOREST_TRUST_BINARY_DATA;
 281 | 
 282 | typedef struct _LSA_FOREST_TRUST_BINARY_DATA *PLSA_FOREST_TRUST_BINARY_DATA;
 283 | 
 284 | typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO
 285 |     {
 286 |     PRPC_SID Sid;
 287 |     LSA_UNICODE_STRING DnsName;
 288 |     LSA_UNICODE_STRING NetbiosName;
 289 |     } 	LSA_FOREST_TRUST_DOMAIN_INFO;
 290 | 
 291 | typedef struct _LSA_FOREST_TRUST_DOMAIN_INFO *PLSA_FOREST_TRUST_DOMAIN_INFO;
 292 | 
 293 | typedef struct _LSA_FOREST_TRUST_RECORD
 294 |     {
 295 |     unsigned long Flags;
 296 |     LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType;
 297 |     LARGE_INTEGER Time;
 298 |     /* [switch_is][switch_type] */ union 
 299 |         {
 300 |         /* [case()] */ LSA_UNICODE_STRING TopLevelName;
 301 |         /* [case()] */ LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
 302 |         /* [default] */ LSA_FOREST_TRUST_BINARY_DATA Data;
 303 |         } 	ForestTrustData;
 304 |     } 	LSA_FOREST_TRUST_RECORD;
 305 | 
 306 | typedef struct _LSA_FOREST_TRUST_RECORD *PLSA_FOREST_TRUST_RECORD;
 307 | 
 308 | typedef struct _LSA_FOREST_TRUST_INFORMATION
 309 |     {
 310 |     /* [range] */ unsigned long RecordCount;
 311 |     /* [size_is] */ PLSA_FOREST_TRUST_RECORD *Entries;
 312 |     } 	LSA_FOREST_TRUST_INFORMATION;
 313 | 
 314 | typedef struct _LSA_FOREST_TRUST_INFORMATION *PLSA_FOREST_TRUST_INFORMATION;
 315 | 
 316 | typedef 
 317 | enum _LSA_FOREST_TRUST_COLLISION_RECORD_TYPE
 318 |     {
 319 |         CollisionTdo	= 0,
 320 |         CollisionXref	= ( CollisionTdo + 1 ) ,
 321 |         CollisionOther	= ( CollisionXref + 1 ) 
 322 |     } 	LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
 323 | 
 324 | typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD
 325 |     {
 326 |     unsigned long Index;
 327 |     LSA_FOREST_TRUST_COLLISION_RECORD_TYPE Type;
 328 |     unsigned long Flags;
 329 |     LSA_UNICODE_STRING Name;
 330 |     } 	LSA_FOREST_TRUST_COLLISION_RECORD;
 331 | 
 332 | typedef struct _LSA_FOREST_TRUST_COLLISION_RECORD *PLSA_FOREST_TRUST_COLLISION_RECORD;
 333 | 
 334 | typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION
 335 |     {
 336 |     unsigned long RecordCount;
 337 |     /* [size_is] */ PLSA_FOREST_TRUST_COLLISION_RECORD *Entries;
 338 |     } 	LSA_FOREST_TRUST_COLLISION_INFORMATION;
 339 | 
 340 | typedef struct _LSA_FOREST_TRUST_COLLISION_INFORMATION *PLSA_FOREST_TRUST_COLLISION_INFORMATION;
 341 | 
 342 | typedef LSAPR_HANDLE *PLSAPR_HANDLE;
 343 | 
 344 | typedef struct _LSAPR_ACCOUNT_INFORMATION
 345 |     {
 346 |     PRPC_SID Sid;
 347 |     } 	LSAPR_ACCOUNT_INFORMATION;
 348 | 
 349 | typedef struct _LSAPR_ACCOUNT_INFORMATION *PLSAPR_ACCOUNT_INFORMATION;
 350 | 
 351 | typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER
 352 |     {
 353 |     unsigned long EntriesRead;
 354 |     /* [size_is] */ PLSAPR_ACCOUNT_INFORMATION Information;
 355 |     } 	LSAPR_ACCOUNT_ENUM_BUFFER;
 356 | 
 357 | typedef struct _LSAPR_ACCOUNT_ENUM_BUFFER *PLSAPR_ACCOUNT_ENUM_BUFFER;
 358 | 
 359 | typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR
 360 |     {
 361 |     /* [range] */ unsigned long Length;
 362 |     /* [size_is] */ unsigned char *SecurityDescriptor;
 363 |     } 	LSAPR_SR_SECURITY_DESCRIPTOR;
 364 | 
 365 | typedef struct _LSAPR_SR_SECURITY_DESCRIPTOR *PLSAPR_SR_SECURITY_DESCRIPTOR;
 366 | 
 367 | typedef struct _LSAPR_LUID_AND_ATTRIBUTES
 368 |     {
 369 |     LUID Luid;
 370 |     unsigned long Attributes;
 371 |     } 	LSAPR_LUID_AND_ATTRIBUTES;
 372 | 
 373 | typedef struct _LSAPR_LUID_AND_ATTRIBUTES *PLSAPR_LUID_AND_ATTRIBUTES;
 374 | 
 375 | typedef struct _LSAPR_PRIVILEGE_SET
 376 |     {
 377 |     /* [range] */ unsigned long PrivilegeCount;
 378 |     unsigned long Control;
 379 |     /* [size_is] */ LSAPR_LUID_AND_ATTRIBUTES Privilege[ 1 ];
 380 |     } 	LSAPR_PRIVILEGE_SET;
 381 | 
 382 | typedef struct _LSAPR_PRIVILEGE_SET *PLSAPR_PRIVILEGE_SET;
 383 | 
 384 | typedef struct _LSAPR_POLICY_PRIVILEGE_DEF
 385 |     {
 386 |     RPC_UNICODE_STRING Name;
 387 |     LUID LocalValue;
 388 |     } 	LSAPR_POLICY_PRIVILEGE_DEF;
 389 | 
 390 | typedef struct _LSAPR_POLICY_PRIVILEGE_DEF *PLSAPR_POLICY_PRIVILEGE_DEF;
 391 | 
 392 | typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER
 393 |     {
 394 |     unsigned long Entries;
 395 |     /* [size_is] */ PLSAPR_POLICY_PRIVILEGE_DEF Privileges;
 396 |     } 	LSAPR_PRIVILEGE_ENUM_BUFFER;
 397 | 
 398 | typedef struct _LSAPR_PRIVILEGE_ENUM_BUFFER *PLSAPR_PRIVILEGE_ENUM_BUFFER;
 399 | 
 400 | typedef struct _LSAPR_CR_CIPHER_VALUE
 401 |     {
 402 |     /* [range] */ unsigned long Length;
 403 |     /* [range] */ unsigned long MaximumLength;
 404 |     /* [length_is][size_is] */ unsigned char *Buffer;
 405 |     } 	LSAPR_CR_CIPHER_VALUE;
 406 | 
 407 | typedef struct _LSAPR_CR_CIPHER_VALUE *PLSAPR_CR_CIPHER_VALUE;
 408 | 
 409 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER
 410 |     {
 411 |     unsigned long EntriesRead;
 412 |     /* [size_is] */ PLSAPR_TRUST_INFORMATION Information;
 413 |     } 	LSAPR_TRUSTED_ENUM_BUFFER;
 414 | 
 415 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER *PLSAPR_TRUSTED_ENUM_BUFFER;
 416 | 
 417 | typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO
 418 |     {
 419 |     RPC_UNICODE_STRING DomainName;
 420 |     PRPC_SID DomainSid;
 421 |     } 	LSAPR_POLICY_ACCOUNT_DOM_INFO;
 422 | 
 423 | typedef struct _LSAPR_POLICY_ACCOUNT_DOM_INFO *PLSAPR_POLICY_ACCOUNT_DOM_INFO;
 424 | 
 425 | typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO
 426 |     {
 427 |     RPC_UNICODE_STRING Name;
 428 |     PRPC_SID Sid;
 429 |     } 	LSAPR_POLICY_PRIMARY_DOM_INFO;
 430 | 
 431 | typedef struct _LSAPR_POLICY_PRIMARY_DOM_INFO *PLSAPR_POLICY_PRIMARY_DOM_INFO;
 432 | 
 433 | typedef struct _LSAPR_POLICY_DNS_DOMAIN_INFO
 434 |     {
 435 |     RPC_UNICODE_STRING Name;
 436 |     RPC_UNICODE_STRING DnsDomainName;
 437 |     RPC_UNICODE_STRING DnsForestName;
 438 |     GUID DomainGuid;
 439 |     PRPC_SID Sid;
 440 |     } 	LSAPR_POLICY_DNS_DOMAIN_INFO;
 441 | 
 442 | typedef struct _LSAPR_POLICY_DNS_DOMAIN_INFO *PLSAPR_POLICY_DNS_DOMAIN_INFO;
 443 | 
 444 | typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO
 445 |     {
 446 |     RPC_UNICODE_STRING Name;
 447 |     } 	LSAPR_POLICY_PD_ACCOUNT_INFO;
 448 | 
 449 | typedef struct _LSAPR_POLICY_PD_ACCOUNT_INFO *PLSAPR_POLICY_PD_ACCOUNT_INFO;
 450 | 
 451 | typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO
 452 |     {
 453 |     RPC_UNICODE_STRING ReplicaSource;
 454 |     RPC_UNICODE_STRING ReplicaAccountName;
 455 |     } 	LSAPR_POLICY_REPLICA_SRCE_INFO;
 456 | 
 457 | typedef struct _LSAPR_POLICY_REPLICA_SRCE_INFO *PLSAPR_POLICY_REPLICA_SRCE_INFO;
 458 | 
 459 | typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO
 460 |     {
 461 |     unsigned char AuditingMode;
 462 |     /* [size_is] */ unsigned long *EventAuditingOptions;
 463 |     /* [range] */ unsigned long MaximumAuditEventCount;
 464 |     } 	LSAPR_POLICY_AUDIT_EVENTS_INFO;
 465 | 
 466 | typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO *PLSAPR_POLICY_AUDIT_EVENTS_INFO;
 467 | 
 468 | typedef struct _LSAPR_POLICY_MACHINE_ACCT_INFO
 469 |     {
 470 |     unsigned long Rid;
 471 |     PRPC_SID Sid;
 472 |     } 	LSAPR_POLICY_MACHINE_ACCT_INFO;
 473 | 
 474 | typedef struct _LSAPR_POLICY_MACHINE_ACCT_INFO *PLSAPR_POLICY_MACHINE_ACCT_INFO;
 475 | 
 476 | typedef /* [switch_type] */ union _LSAPR_POLICY_INFORMATION
 477 |     {
 478 |     /* [case()] */ POLICY_AUDIT_LOG_INFO PolicyAuditLogInfo;
 479 |     /* [case()] */ LSAPR_POLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo;
 480 |     /* [case()] */ LSAPR_POLICY_PRIMARY_DOM_INFO PolicyPrimaryDomainInfo;
 481 |     /* [case()] */ LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo;
 482 |     /* [case()] */ LSAPR_POLICY_PD_ACCOUNT_INFO PolicyPdAccountInfo;
 483 |     /* [case()] */ POLICY_LSA_SERVER_ROLE_INFO PolicyServerRoleInfo;
 484 |     /* [case()] */ LSAPR_POLICY_REPLICA_SRCE_INFO PolicyReplicaSourceInfo;
 485 |     /* [case()] */ POLICY_MODIFICATION_INFO PolicyModificationInfo;
 486 |     /* [case()] */ POLICY_AUDIT_FULL_SET_INFO PolicyAuditFullSetInfo;
 487 |     /* [case()] */ POLICY_AUDIT_FULL_QUERY_INFO PolicyAuditFullQueryInfo;
 488 |     /* [case()] */ LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfo;
 489 |     /* [case()] */ LSAPR_POLICY_DNS_DOMAIN_INFO PolicyDnsDomainInfoInt;
 490 |     /* [case()] */ LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyLocalAccountDomainInfo;
 491 |     /* [case()] */ LSAPR_POLICY_MACHINE_ACCT_INFO PolicyMachineAccountInfo;
 492 |     } 	LSAPR_POLICY_INFORMATION;
 493 | 
 494 | typedef /* [switch_type] */ union _LSAPR_POLICY_INFORMATION *PLSAPR_POLICY_INFORMATION;
 495 | 
 496 | typedef struct _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
 497 |     {
 498 |     unsigned long QualityOfService;
 499 |     } 	POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
 500 | 
 501 | typedef struct _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO;
 502 | 
 503 | typedef struct _LSAPR_POLICY_DOMAIN_EFS_INFO
 504 |     {
 505 |     unsigned long InfoLength;
 506 |     /* [size_is] */ unsigned char *EfsBlob;
 507 |     } 	LSAPR_POLICY_DOMAIN_EFS_INFO;
 508 | 
 509 | typedef struct _LSAPR_POLICY_DOMAIN_EFS_INFO *PLSAPR_POLICY_DOMAIN_EFS_INFO;
 510 | 
 511 | typedef /* [switch_type] */ union _LSAPR_POLICY_DOMAIN_INFORMATION
 512 |     {
 513 |     /* [case()] */ POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO PolicyDomainQualityOfServiceInfo;
 514 |     /* [case()] */ LSAPR_POLICY_DOMAIN_EFS_INFO PolicyDomainEfsInfo;
 515 |     /* [case()] */ POLICY_DOMAIN_KERBEROS_TICKET_INFO PolicyDomainKerbTicketInfo;
 516 |     } 	LSAPR_POLICY_DOMAIN_INFORMATION;
 517 | 
 518 | typedef /* [switch_type] */ union _LSAPR_POLICY_DOMAIN_INFORMATION *PLSAPR_POLICY_DOMAIN_INFORMATION;
 519 | 
 520 | typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO
 521 |     {
 522 |     RPC_UNICODE_STRING Name;
 523 |     } 	LSAPR_TRUSTED_DOMAIN_NAME_INFO;
 524 | 
 525 | typedef struct _LSAPR_TRUSTED_DOMAIN_NAME_INFO *PLSAPR_TRUSTED_DOMAIN_NAME_INFO;
 526 | 
 527 | typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO
 528 |     {
 529 |     /* [range] */ unsigned long Entries;
 530 |     /* [size_is] */ PRPC_UNICODE_STRING Names;
 531 |     } 	LSAPR_TRUSTED_CONTROLLERS_INFO;
 532 | 
 533 | typedef struct _LSAPR_TRUSTED_CONTROLLERS_INFO *PLSAPR_TRUSTED_CONTROLLERS_INFO;
 534 | 
 535 | typedef struct _LSAPR_TRUSTED_PASSWORD_INFO
 536 |     {
 537 |     PLSAPR_CR_CIPHER_VALUE Password;
 538 |     PLSAPR_CR_CIPHER_VALUE OldPassword;
 539 |     } 	LSAPR_TRUSTED_PASSWORD_INFO;
 540 | 
 541 | typedef struct _LSAPR_TRUSTED_PASSWORD_INFO *PLSAPR_TRUSTED_PASSWORD_INFO;
 542 | 
 543 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX
 544 |     {
 545 |     RPC_UNICODE_STRING Name;
 546 |     RPC_UNICODE_STRING FlatName;
 547 |     PRPC_SID Sid;
 548 |     unsigned long TrustDirection;
 549 |     unsigned long TrustType;
 550 |     unsigned long TrustAttributes;
 551 |     } 	LSAPR_TRUSTED_DOMAIN_INFORMATION_EX;
 552 | 
 553 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX;
 554 | 
 555 | typedef struct _LSAPR_AUTH_INFORMATION
 556 |     {
 557 |     LARGE_INTEGER LastUpdateTime;
 558 |     unsigned long AuthType;
 559 |     /* [range] */ unsigned long AuthInfoLength;
 560 |     /* [size_is] */ unsigned char *AuthInfo;
 561 |     } 	LSAPR_AUTH_INFORMATION;
 562 | 
 563 | typedef struct _LSAPR_AUTH_INFORMATION *PLSAPR_AUTH_INFORMATION;
 564 | 
 565 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES
 566 |     {
 567 |     UCHAR AuthData[ 64 ];
 568 |     UCHAR Salt[ 16 ];
 569 |     /* [range] */ ULONG cbCipher;
 570 |     /* [size_is] */ PUCHAR Cipher;
 571 |     } 	LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES;
 572 | 
 573 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES;
 574 | 
 575 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION
 576 |     {
 577 |     /* [range] */ unsigned long IncomingAuthInfos;
 578 |     PLSAPR_AUTH_INFORMATION IncomingAuthenticationInformation;
 579 |     PLSAPR_AUTH_INFORMATION IncomingPreviousAuthenticationInformation;
 580 |     /* [range] */ unsigned long OutgoingAuthInfos;
 581 |     PLSAPR_AUTH_INFORMATION OutgoingAuthenticationInformation;
 582 |     PLSAPR_AUTH_INFORMATION OutgoingPreviousAuthenticationInformation;
 583 |     } 	LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION;
 584 | 
 585 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION;
 586 | 
 587 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION
 588 |     {
 589 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
 590 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 591 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
 592 |     } 	LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION;
 593 | 
 594 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION;
 595 | 
 596 | typedef LSAPR_TRUST_INFORMATION LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC;
 597 | 
 598 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
 599 |     {
 600 |     /* [range] */ unsigned long AuthSize;
 601 |     /* [size_is] */ unsigned char *AuthBlob;
 602 |     } 	LSAPR_TRUSTED_DOMAIN_AUTH_BLOB;
 603 | 
 604 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_BLOB *PLSAPR_TRUSTED_DOMAIN_AUTH_BLOB;
 605 | 
 606 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL
 607 |     {
 608 |     LSAPR_TRUSTED_DOMAIN_AUTH_BLOB AuthBlob;
 609 |     } 	LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL;
 610 | 
 611 | typedef struct _LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL *PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL;
 612 | 
 613 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL
 614 |     {
 615 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX Information;
 616 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 617 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthInformation;
 618 |     } 	LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL;
 619 | 
 620 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL;
 621 | 
 622 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
 623 |     {
 624 |     RPC_UNICODE_STRING Name;
 625 |     RPC_UNICODE_STRING FlatName;
 626 |     PRPC_SID Sid;
 627 |     unsigned long TrustDirection;
 628 |     unsigned long TrustType;
 629 |     unsigned long TrustAttributes;
 630 |     unsigned long ForestTrustLength;
 631 |     /* [size_is] */ unsigned char *ForestTrustInfo;
 632 |     } 	LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2;
 633 | 
 634 | typedef struct _LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 *PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX2;
 635 | 
 636 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
 637 |     {
 638 |     LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 Information;
 639 |     TRUSTED_POSIX_OFFSET_INFO PosixOffset;
 640 |     LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
 641 |     } 	LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2;
 642 | 
 643 | typedef struct _LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 *PLSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2;
 644 | 
 645 | typedef struct _TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES
 646 |     {
 647 |     unsigned long SupportedEncryptionTypes;
 648 |     } 	TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
 649 | 
 650 | typedef struct _TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES *PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES;
 651 | 
 652 | typedef /* [switch_type] */ union _LSAPR_TRUSTED_DOMAIN_INFO
 653 |     {
 654 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_NAME_INFO TrustedDomainNameInfo;
 655 |     /* [case()] */ LSAPR_TRUSTED_CONTROLLERS_INFO TrustedControllersInfo;
 656 |     /* [case()] */ TRUSTED_POSIX_OFFSET_INFO TrustedPosixOffsetInfo;
 657 |     /* [case()] */ LSAPR_TRUSTED_PASSWORD_INFO TrustedPasswordInfo;
 658 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_INFORMATION_BASIC TrustedDomainInfoBasic;
 659 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInfoEx;
 660 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION TrustedAuthInfo;
 661 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION TrustedFullInfo;
 662 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL TrustedAuthInfoInternal;
 663 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION_INTERNAL TrustedFullInfoInternal;
 664 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2 TrustedDomainInfoEx2;
 665 |     /* [case()] */ LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2 TrustedFullInfo2;
 666 |     /* [case()] */ TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES TrustedDomainSETs;
 667 |     } 	LSAPR_TRUSTED_DOMAIN_INFO;
 668 | 
 669 | typedef /* [switch_type] */ union _LSAPR_TRUSTED_DOMAIN_INFO *PLSAPR_TRUSTED_DOMAIN_INFO;
 670 | 
 671 | typedef struct _LSAPR_USER_RIGHT_SET
 672 |     {
 673 |     /* [range] */ unsigned long Entries;
 674 |     /* [size_is] */ PRPC_UNICODE_STRING UserRights;
 675 |     } 	LSAPR_USER_RIGHT_SET;
 676 | 
 677 | typedef struct _LSAPR_USER_RIGHT_SET *PLSAPR_USER_RIGHT_SET;
 678 | 
 679 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER_EX
 680 |     {
 681 |     unsigned long EntriesRead;
 682 |     /* [size_is] */ PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX EnumerationBuffer;
 683 |     } 	LSAPR_TRUSTED_ENUM_BUFFER_EX;
 684 | 
 685 | typedef struct _LSAPR_TRUSTED_ENUM_BUFFER_EX *PLSAPR_TRUSTED_ENUM_BUFFER_EX;
 686 | 
 687 | typedef struct _LSAPR_REFERENCED_DOMAIN_LIST
 688 |     {
 689 |     unsigned long Entries;
 690 |     /* [size_is] */ PLSAPR_TRUST_INFORMATION Domains;
 691 |     unsigned long MaxEntries;
 692 |     } 	LSAPR_REFERENCED_DOMAIN_LIST;
 693 | 
 694 | typedef struct _LSAPR_REFERENCED_DOMAIN_LIST *PLSAPR_REFERENCED_DOMAIN_LIST;
 695 | 
 696 | typedef enum _SID_NAME_USE *PSID_NAME_USE;
 697 | 
 698 | typedef struct _LSA_TRANSLATED_SID
 699 |     {
 700 |     SID_NAME_USE Use;
 701 |     unsigned long RelativeId;
 702 |     long DomainIndex;
 703 |     } 	LSA_TRANSLATED_SID;
 704 | 
 705 | typedef struct _LSA_TRANSLATED_SID *PLSA_TRANSLATED_SID;
 706 | 
 707 | typedef struct _LSAPR_TRANSLATED_SIDS
 708 |     {
 709 |     /* [range] */ unsigned long Entries;
 710 |     /* [size_is] */ PLSA_TRANSLATED_SID Sids;
 711 |     } 	LSAPR_TRANSLATED_SIDS;
 712 | 
 713 | typedef struct _LSAPR_TRANSLATED_SIDS *PLSAPR_TRANSLATED_SIDS;
 714 | 
 715 | typedef 
 716 | enum _LSAP_LOOKUP_LEVEL
 717 |     {
 718 |         LsapLookupWksta	= 1,
 719 |         LsapLookupPDC	= ( LsapLookupWksta + 1 ) ,
 720 |         LsapLookupTDL	= ( LsapLookupPDC + 1 ) ,
 721 |         LsapLookupGC	= ( LsapLookupTDL + 1 ) ,
 722 |         LsapLookupXForestReferral	= ( LsapLookupGC + 1 ) ,
 723 |         LsapLookupXForestResolve	= ( LsapLookupXForestReferral + 1 ) ,
 724 |         LsapLookupRODCReferralToFullDC	= ( LsapLookupXForestResolve + 1 ) 
 725 |     } 	LSAP_LOOKUP_LEVEL;
 726 | 
 727 | typedef enum _LSAP_LOOKUP_LEVEL *PLSAP_LOOKUP_LEVEL;
 728 | 
 729 | typedef struct _LSAPR_SID_INFORMATION
 730 |     {
 731 |     PRPC_SID Sid;
 732 |     } 	LSAPR_SID_INFORMATION;
 733 | 
 734 | typedef struct _LSAPR_SID_INFORMATION *PLSAPR_SID_INFORMATION;
 735 | 
 736 | typedef struct _LSAPR_SID_ENUM_BUFFER
 737 |     {
 738 |     /* [range] */ unsigned long Entries;
 739 |     /* [size_is] */ PLSAPR_SID_INFORMATION SidInfo;
 740 |     } 	LSAPR_SID_ENUM_BUFFER;
 741 | 
 742 | typedef struct _LSAPR_SID_ENUM_BUFFER *PLSAPR_SID_ENUM_BUFFER;
 743 | 
 744 | typedef struct _LSAPR_TRANSLATED_NAME
 745 |     {
 746 |     SID_NAME_USE Use;
 747 |     RPC_UNICODE_STRING Name;
 748 |     long DomainIndex;
 749 |     } 	LSAPR_TRANSLATED_NAME;
 750 | 
 751 | typedef struct _LSAPR_TRANSLATED_NAME *PLSAPR_TRANSLATED_NAME;
 752 | 
 753 | typedef struct _LSAPR_TRANSLATED_NAMES
 754 |     {
 755 |     /* [range] */ unsigned long Entries;
 756 |     /* [size_is] */ PLSAPR_TRANSLATED_NAME Names;
 757 |     } 	LSAPR_TRANSLATED_NAMES;
 758 | 
 759 | typedef struct _LSAPR_TRANSLATED_NAMES *PLSAPR_TRANSLATED_NAMES;
 760 | 
 761 | typedef struct _LSAPR_TRANSLATED_NAME_EX
 762 |     {
 763 |     SID_NAME_USE Use;
 764 |     RPC_UNICODE_STRING Name;
 765 |     long DomainIndex;
 766 |     unsigned long Flags;
 767 |     } 	LSAPR_TRANSLATED_NAME_EX;
 768 | 
 769 | typedef struct _LSAPR_TRANSLATED_NAME_EX *PLSAPR_TRANSLATED_NAME_EX;
 770 | 
 771 | typedef struct _LSAPR_TRANSLATED_NAMES_EX
 772 |     {
 773 |     /* [range] */ unsigned long Entries;
 774 |     /* [size_is] */ PLSAPR_TRANSLATED_NAME_EX Names;
 775 |     } 	LSAPR_TRANSLATED_NAMES_EX;
 776 | 
 777 | typedef struct _LSAPR_TRANSLATED_NAMES_EX *PLSAPR_TRANSLATED_NAMES_EX;
 778 | 
 779 | typedef struct _LSAPR_TRANSLATED_SID_EX
 780 |     {
 781 |     SID_NAME_USE Use;
 782 |     unsigned long RelativeId;
 783 |     long DomainIndex;
 784 |     unsigned long Flags;
 785 |     } 	LSAPR_TRANSLATED_SID_EX;
 786 | 
 787 | typedef struct _LSAPR_TRANSLATED_SID_EX *PLSAPR_TRANSLATED_SID_EX;
 788 | 
 789 | typedef struct _LSAPR_TRANSLATED_SIDS_EX
 790 |     {
 791 |     /* [range] */ unsigned long Entries;
 792 |     /* [size_is] */ PLSAPR_TRANSLATED_SID_EX Sids;
 793 |     } 	LSAPR_TRANSLATED_SIDS_EX;
 794 | 
 795 | typedef struct _LSAPR_TRANSLATED_SIDS_EX *PLSAPR_TRANSLATED_SIDS_EX;
 796 | 
 797 | typedef struct _LSAPR_TRANSLATED_SID_EX2
 798 |     {
 799 |     SID_NAME_USE Use;
 800 |     PRPC_SID Sid;
 801 |     long DomainIndex;
 802 |     unsigned long Flags;
 803 |     } 	LSAPR_TRANSLATED_SID_EX2;
 804 | 
 805 | typedef struct _LSAPR_TRANSLATED_SID_EX2 *PLSAPR_TRANSLATED_SID_EX2;
 806 | 
 807 | typedef struct _LSAPR_TRANSLATED_SIDS_EX2
 808 |     {
 809 |     /* [range] */ unsigned long Entries;
 810 |     /* [size_is] */ PLSAPR_TRANSLATED_SID_EX2 Sids;
 811 |     } 	LSAPR_TRANSLATED_SIDS_EX2;
 812 | 
 813 | typedef struct _LSAPR_TRANSLATED_SIDS_EX2 *PLSAPR_TRANSLATED_SIDS_EX2;
 814 | 
 815 | NTSTATUS LsarClose( 
 816 |     /* [out][in] */ LSAPR_HANDLE *ObjectHandle);
 817 | 
 818 | void Opnum1NotUsedOnWire( 
 819 |     /* [in] */ handle_t IDL_handle);
 820 | 
 821 | NTSTATUS LsarEnumeratePrivileges( 
 822 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 823 |     /* [out][in] */ unsigned long *EnumerationContext,
 824 |     /* [out] */ PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
 825 |     /* [in] */ unsigned long PreferedMaximumLength);
 826 | 
 827 | NTSTATUS LsarQuerySecurityObject( 
 828 |     /* [in] */ LSAPR_HANDLE ObjectHandle,
 829 |     /* [in] */ SECURITY_INFORMATION SecurityInformation,
 830 |     /* [out] */ PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor);
 831 | 
 832 | NTSTATUS LsarSetSecurityObject( 
 833 |     /* [in] */ LSAPR_HANDLE ObjectHandle,
 834 |     /* [in] */ SECURITY_INFORMATION SecurityInformation,
 835 |     /* [in] */ PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor);
 836 | 
 837 | void Opnum5NotUsedOnWire( 
 838 |     /* [in] */ handle_t IDL_handle);
 839 | 
 840 | NTSTATUS LsarOpenPolicy( 
 841 |     /* [unique][in] */ wchar_t *SystemName,
 842 |     /* [in] */ PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
 843 |     /* [in] */ ACCESS_MASK DesiredAccess,
 844 |     /* [out] */ LSAPR_HANDLE *PolicyHandle);
 845 | 
 846 | NTSTATUS LsarQueryInformationPolicy( 
 847 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 848 |     /* [in] */ POLICY_INFORMATION_CLASS InformationClass,
 849 |     /* [switch_is][out] */ PLSAPR_POLICY_INFORMATION *PolicyInformation);
 850 | 
 851 | NTSTATUS LsarSetInformationPolicy( 
 852 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 853 |     /* [in] */ POLICY_INFORMATION_CLASS InformationClass,
 854 |     /* [switch_is][in] */ PLSAPR_POLICY_INFORMATION PolicyInformation);
 855 | 
 856 | void Opnum9NotUsedOnWire( 
 857 |     /* [in] */ handle_t IDL_handle);
 858 | 
 859 | NTSTATUS LsarCreateAccount( 
 860 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 861 |     /* [in] */ PRPC_SID AccountSid,
 862 |     /* [in] */ ACCESS_MASK DesiredAccess,
 863 |     /* [out] */ LSAPR_HANDLE *AccountHandle);
 864 | 
 865 | NTSTATUS LsarEnumerateAccounts( 
 866 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 867 |     /* [out][in] */ unsigned long *EnumerationContext,
 868 |     /* [out] */ PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
 869 |     /* [in] */ unsigned long PreferedMaximumLength);
 870 | 
 871 | NTSTATUS LsarCreateTrustedDomain( 
 872 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 873 |     /* [in] */ PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
 874 |     /* [in] */ ACCESS_MASK DesiredAccess,
 875 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
 876 | 
 877 | NTSTATUS LsarEnumerateTrustedDomains( 
 878 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 879 |     /* [out][in] */ unsigned long *EnumerationContext,
 880 |     /* [out] */ PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
 881 |     /* [in] */ unsigned long PreferedMaximumLength);
 882 | 
 883 | NTSTATUS LsarLookupNames( 
 884 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 885 |     /* [range][in] */ unsigned long Count,
 886 |     /* [size_is][in] */ PRPC_UNICODE_STRING Names,
 887 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
 888 |     /* [out][in] */ PLSAPR_TRANSLATED_SIDS TranslatedSids,
 889 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
 890 |     /* [out][in] */ unsigned long *MappedCount);
 891 | 
 892 | NTSTATUS LsarLookupSids( 
 893 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 894 |     /* [in] */ PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
 895 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
 896 |     /* [out][in] */ PLSAPR_TRANSLATED_NAMES TranslatedNames,
 897 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
 898 |     /* [out][in] */ unsigned long *MappedCount);
 899 | 
 900 | NTSTATUS LsarCreateSecret( 
 901 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 902 |     /* [in] */ PRPC_UNICODE_STRING SecretName,
 903 |     /* [in] */ ACCESS_MASK DesiredAccess,
 904 |     /* [out] */ LSAPR_HANDLE *SecretHandle);
 905 | 
 906 | NTSTATUS LsarOpenAccount( 
 907 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 908 |     /* [in] */ PRPC_SID AccountSid,
 909 |     /* [in] */ ACCESS_MASK DesiredAccess,
 910 |     /* [out] */ LSAPR_HANDLE *AccountHandle);
 911 | 
 912 | NTSTATUS LsarEnumeratePrivilegesAccount( 
 913 |     /* [in] */ LSAPR_HANDLE AccountHandle,
 914 |     /* [out] */ PLSAPR_PRIVILEGE_SET *Privileges);
 915 | 
 916 | NTSTATUS LsarAddPrivilegesToAccount( 
 917 |     /* [in] */ LSAPR_HANDLE AccountHandle,
 918 |     /* [in] */ PLSAPR_PRIVILEGE_SET Privileges);
 919 | 
 920 | NTSTATUS LsarRemovePrivilegesFromAccount( 
 921 |     /* [in] */ LSAPR_HANDLE AccountHandle,
 922 |     /* [in] */ unsigned char AllPrivileges,
 923 |     /* [unique][in] */ PLSAPR_PRIVILEGE_SET Privileges);
 924 | 
 925 | void Opnum21NotUsedOnWire( 
 926 |     /* [in] */ handle_t IDL_handle);
 927 | 
 928 | void Opnum22NotUsedOnWire( 
 929 |     /* [in] */ handle_t IDL_handle);
 930 | 
 931 | NTSTATUS LsarGetSystemAccessAccount( 
 932 |     /* [in] */ LSAPR_HANDLE AccountHandle,
 933 |     /* [out] */ unsigned long *SystemAccess);
 934 | 
 935 | NTSTATUS LsarSetSystemAccessAccount( 
 936 |     /* [in] */ LSAPR_HANDLE AccountHandle,
 937 |     /* [in] */ unsigned long SystemAccess);
 938 | 
 939 | NTSTATUS LsarOpenTrustedDomain( 
 940 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 941 |     /* [in] */ PRPC_SID TrustedDomainSid,
 942 |     /* [in] */ ACCESS_MASK DesiredAccess,
 943 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
 944 | 
 945 | NTSTATUS LsarQueryInfoTrustedDomain( 
 946 |     /* [in] */ LSAPR_HANDLE TrustedDomainHandle,
 947 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
 948 |     /* [switch_is][out] */ PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation);
 949 | 
 950 | NTSTATUS LsarSetInformationTrustedDomain( 
 951 |     /* [in] */ LSAPR_HANDLE TrustedDomainHandle,
 952 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
 953 |     /* [switch_is][in] */ PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation);
 954 | 
 955 | NTSTATUS LsarOpenSecret( 
 956 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 957 |     /* [in] */ PRPC_UNICODE_STRING SecretName,
 958 |     /* [in] */ ACCESS_MASK DesiredAccess,
 959 |     /* [out] */ LSAPR_HANDLE *SecretHandle);
 960 | 
 961 | NTSTATUS LsarSetSecret( 
 962 |     /* [in] */ LSAPR_HANDLE SecretHandle,
 963 |     /* [unique][in] */ PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
 964 |     /* [unique][in] */ PLSAPR_CR_CIPHER_VALUE EncryptedOldValue);
 965 | 
 966 | NTSTATUS LsarQuerySecret( 
 967 |     /* [in] */ LSAPR_HANDLE SecretHandle,
 968 |     /* [unique][out][in] */ PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
 969 |     /* [unique][out][in] */ PLARGE_INTEGER CurrentValueSetTime,
 970 |     /* [unique][out][in] */ PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
 971 |     /* [unique][out][in] */ PLARGE_INTEGER OldValueSetTime);
 972 | 
 973 | NTSTATUS LsarLookupPrivilegeValue( 
 974 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 975 |     /* [in] */ PRPC_UNICODE_STRING Name,
 976 |     /* [out] */ PLUID Value);
 977 | 
 978 | NTSTATUS LsarLookupPrivilegeName( 
 979 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 980 |     /* [in] */ PLUID Value,
 981 |     /* [out] */ PRPC_UNICODE_STRING *Name);
 982 | 
 983 | NTSTATUS LsarLookupPrivilegeDisplayName( 
 984 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 985 |     /* [in] */ PRPC_UNICODE_STRING Name,
 986 |     /* [in] */ short ClientLanguage,
 987 |     /* [in] */ short ClientSystemDefaultLanguage,
 988 |     /* [out] */ PRPC_UNICODE_STRING *DisplayName,
 989 |     /* [out] */ unsigned short *LanguageReturned);
 990 | 
 991 | NTSTATUS LsarDeleteObject( 
 992 |     /* [out][in] */ LSAPR_HANDLE *ObjectHandle);
 993 | 
 994 | NTSTATUS LsarEnumerateAccountsWithUserRight( 
 995 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
 996 |     /* [unique][in] */ PRPC_UNICODE_STRING UserRight,
 997 |     /* [out] */ PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer);
 998 | 
 999 | NTSTATUS LsarEnumerateAccountRights( 
1000 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1001 |     /* [in] */ PRPC_SID AccountSid,
1002 |     /* [out] */ PLSAPR_USER_RIGHT_SET UserRights);
1003 | 
1004 | NTSTATUS LsarAddAccountRights( 
1005 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1006 |     /* [in] */ PRPC_SID AccountSid,
1007 |     /* [in] */ PLSAPR_USER_RIGHT_SET UserRights);
1008 | 
1009 | NTSTATUS LsarRemoveAccountRights( 
1010 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1011 |     /* [in] */ PRPC_SID AccountSid,
1012 |     /* [in] */ unsigned char AllRights,
1013 |     /* [in] */ PLSAPR_USER_RIGHT_SET UserRights);
1014 | 
1015 | NTSTATUS LsarQueryTrustedDomainInfo( 
1016 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1017 |     /* [in] */ PRPC_SID TrustedDomainSid,
1018 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
1019 |     /* [switch_is][out] */ PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation);
1020 | 
1021 | NTSTATUS LsarSetTrustedDomainInfo( 
1022 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1023 |     /* [in] */ PRPC_SID TrustedDomainSid,
1024 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
1025 |     /* [switch_is][in] */ PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation);
1026 | 
1027 | NTSTATUS LsarDeleteTrustedDomain( 
1028 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1029 |     /* [in] */ PRPC_SID TrustedDomainSid);
1030 | 
1031 | NTSTATUS LsarStorePrivateData( 
1032 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1033 |     /* [in] */ PRPC_UNICODE_STRING KeyName,
1034 |     /* [unique][in] */ PLSAPR_CR_CIPHER_VALUE EncryptedData);
1035 | 
1036 | NTSTATUS LsarRetrievePrivateData( 
1037 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1038 |     /* [in] */ PRPC_UNICODE_STRING KeyName,
1039 |     /* [out][in] */ PLSAPR_CR_CIPHER_VALUE *EncryptedData);
1040 | 
1041 | NTSTATUS LsarOpenPolicy2( 
1042 |     /* [string][unique][in] */ wchar_t *SystemName,
1043 |     /* [in] */ PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
1044 |     /* [in] */ ACCESS_MASK DesiredAccess,
1045 |     /* [out] */ LSAPR_HANDLE *PolicyHandle);
1046 | 
1047 | NTSTATUS LsarGetUserName( 
1048 |     /* [in] */ handle_t IDL_handle,
1049 |     /* [string][unique][in] */ wchar_t *SystemName,
1050 |     /* [out][in] */ PRPC_UNICODE_STRING *UserName,
1051 |     /* [unique][out][in] */ PRPC_UNICODE_STRING *DomainName);
1052 | 
1053 | NTSTATUS LsarQueryInformationPolicy2( 
1054 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1055 |     /* [in] */ POLICY_INFORMATION_CLASS InformationClass,
1056 |     /* [switch_is][out] */ PLSAPR_POLICY_INFORMATION *PolicyInformation);
1057 | 
1058 | NTSTATUS LsarSetInformationPolicy2( 
1059 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1060 |     /* [in] */ POLICY_INFORMATION_CLASS InformationClass,
1061 |     /* [switch_is][in] */ PLSAPR_POLICY_INFORMATION PolicyInformation);
1062 | 
1063 | NTSTATUS LsarQueryTrustedDomainInfoByName( 
1064 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1065 |     /* [in] */ PRPC_UNICODE_STRING TrustedDomainName,
1066 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
1067 |     /* [switch_is][out] */ PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation);
1068 | 
1069 | NTSTATUS LsarSetTrustedDomainInfoByName( 
1070 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1071 |     /* [in] */ PRPC_UNICODE_STRING TrustedDomainName,
1072 |     /* [in] */ TRUSTED_INFORMATION_CLASS InformationClass,
1073 |     /* [switch_is][in] */ PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation);
1074 | 
1075 | NTSTATUS LsarEnumerateTrustedDomainsEx( 
1076 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1077 |     /* [out][in] */ unsigned long *EnumerationContext,
1078 |     /* [out] */ PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
1079 |     /* [in] */ unsigned long PreferedMaximumLength);
1080 | 
1081 | NTSTATUS LsarCreateTrustedDomainEx( 
1082 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1083 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
1084 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
1085 |     /* [in] */ ACCESS_MASK DesiredAccess,
1086 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
1087 | 
1088 | void Opnum52NotUsedOnWire( 
1089 |     /* [in] */ handle_t IDL_handle);
1090 | 
1091 | NTSTATUS LsarQueryDomainInformationPolicy( 
1092 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1093 |     /* [in] */ POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
1094 |     /* [switch_is][out] */ PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyDomainInformation);
1095 | 
1096 | NTSTATUS LsarSetDomainInformationPolicy( 
1097 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1098 |     /* [in] */ POLICY_DOMAIN_INFORMATION_CLASS InformationClass,
1099 |     /* [switch_is][unique][in] */ PLSAPR_POLICY_DOMAIN_INFORMATION PolicyDomainInformation);
1100 | 
1101 | NTSTATUS LsarOpenTrustedDomainByName( 
1102 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1103 |     /* [in] */ PRPC_UNICODE_STRING TrustedDomainName,
1104 |     /* [in] */ ACCESS_MASK DesiredAccess,
1105 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
1106 | 
1107 | void Opnum56NotUsedOnWire( 
1108 |     /* [in] */ handle_t IDL_handle);
1109 | 
1110 | NTSTATUS LsarLookupSids2( 
1111 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1112 |     /* [in] */ PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1113 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1114 |     /* [out][in] */ PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
1115 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
1116 |     /* [out][in] */ unsigned long *MappedCount,
1117 |     /* [in] */ unsigned long LookupOptions,
1118 |     /* [in] */ unsigned long ClientRevision);
1119 | 
1120 | NTSTATUS LsarLookupNames2( 
1121 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1122 |     /* [range][in] */ unsigned long Count,
1123 |     /* [size_is][in] */ PRPC_UNICODE_STRING Names,
1124 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1125 |     /* [out][in] */ PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
1126 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
1127 |     /* [out][in] */ unsigned long *MappedCount,
1128 |     /* [in] */ unsigned long LookupOptions,
1129 |     /* [in] */ unsigned long ClientRevision);
1130 | 
1131 | NTSTATUS LsarCreateTrustedDomainEx2( 
1132 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1133 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
1134 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthenticationInformation,
1135 |     /* [in] */ ACCESS_MASK DesiredAccess,
1136 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
1137 | 
1138 | void Opnum60NotUsedOnWire( 
1139 |     /* [in] */ handle_t IDL_handle);
1140 | 
1141 | void Opnum61NotUsedOnWire( 
1142 |     /* [in] */ handle_t IDL_handle);
1143 | 
1144 | void Opnum62NotUsedOnWire( 
1145 |     /* [in] */ handle_t IDL_handle);
1146 | 
1147 | void Opnum63NotUsedOnWire( 
1148 |     /* [in] */ handle_t IDL_handle);
1149 | 
1150 | void Opnum64NotUsedOnWire( 
1151 |     /* [in] */ handle_t IDL_handle);
1152 | 
1153 | void Opnum65NotUsedOnWire( 
1154 |     /* [in] */ handle_t IDL_handle);
1155 | 
1156 | void Opnum66NotUsedOnWire( 
1157 |     /* [in] */ handle_t IDL_handle);
1158 | 
1159 | void Opnum67NotUsedOnWire( 
1160 |     /* [in] */ handle_t IDL_handle);
1161 | 
1162 | NTSTATUS LsarLookupNames3( 
1163 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1164 |     /* [range][in] */ unsigned long Count,
1165 |     /* [size_is][in] */ PRPC_UNICODE_STRING Names,
1166 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1167 |     /* [out][in] */ PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1168 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
1169 |     /* [out][in] */ unsigned long *MappedCount,
1170 |     /* [in] */ unsigned long LookupOptions,
1171 |     /* [in] */ unsigned long ClientRevision);
1172 | 
1173 | void Opnum69NotUsedOnWire( 
1174 |     /* [in] */ handle_t IDL_handle);
1175 | 
1176 | void Opnum70NotUsedOnWire( 
1177 |     /* [in] */ handle_t IDL_handle);
1178 | 
1179 | void Opnum71NotUsedOnWire( 
1180 |     /* [in] */ handle_t IDL_handle);
1181 | 
1182 | void Opnum72NotUsedOnWire( 
1183 |     /* [in] */ handle_t IDL_handle);
1184 | 
1185 | NTSTATUS LsarQueryForestTrustInformation( 
1186 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1187 |     /* [in] */ PLSA_UNICODE_STRING TrustedDomainName,
1188 |     /* [in] */ LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
1189 |     /* [out] */ PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo);
1190 | 
1191 | NTSTATUS LsarSetForestTrustInformation( 
1192 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1193 |     /* [in] */ PLSA_UNICODE_STRING TrustedDomainName,
1194 |     /* [in] */ LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
1195 |     /* [in] */ PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
1196 |     /* [in] */ unsigned char CheckOnly,
1197 |     /* [out] */ PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo);
1198 | 
1199 | void Opnum75NotUsedOnWire( 
1200 |     /* [in] */ handle_t IDL_handle);
1201 | 
1202 | NTSTATUS LsarLookupSids3( 
1203 |     /* [in] */ handle_t RpcHandle,
1204 |     /* [in] */ PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1205 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1206 |     /* [out][in] */ PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
1207 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
1208 |     /* [out][in] */ unsigned long *MappedCount,
1209 |     /* [in] */ unsigned long LookupOptions,
1210 |     /* [in] */ unsigned long ClientRevision);
1211 | 
1212 | NTSTATUS LsarLookupNames4( 
1213 |     /* [in] */ handle_t RpcHandle,
1214 |     /* [range][in] */ unsigned long Count,
1215 |     /* [size_is][in] */ PRPC_UNICODE_STRING Names,
1216 |     /* [out] */ PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1217 |     /* [out][in] */ PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1218 |     /* [in] */ LSAP_LOOKUP_LEVEL LookupLevel,
1219 |     /* [out][in] */ unsigned long *MappedCount,
1220 |     /* [in] */ unsigned long LookupOptions,
1221 |     /* [in] */ unsigned long ClientRevision);
1222 | 
1223 | void Opnum78NotUsedOnWire( 
1224 |     /* [in] */ handle_t IDL_handle);
1225 | 
1226 | void Opnum79NotUsedOnWire( 
1227 |     /* [in] */ handle_t IDL_handle);
1228 | 
1229 | void Opnum80NotUsedOnWire( 
1230 |     /* [in] */ handle_t IDL_handle);
1231 | 
1232 | void Opnum81NotUsedOnWire( 
1233 |     /* [in] */ handle_t IDL_handle);
1234 | 
1235 | void Opnum82NotUsedOnWire( 
1236 |     /* [in] */ handle_t IDL_handle);
1237 | 
1238 | void Opnum83NotUsedOnWire( 
1239 |     /* [in] */ handle_t IDL_handle);
1240 | 
1241 | void Opnum84NotUsedOnWire( 
1242 |     /* [in] */ handle_t IDL_handle);
1243 | 
1244 | void Opnum85NotUsedOnWire( 
1245 |     /* [in] */ handle_t IDL_handle);
1246 | 
1247 | void Opnum86NotUsedOnWire( 
1248 |     /* [in] */ handle_t IDL_handle);
1249 | 
1250 | void Opnum87NotUsedOnWire( 
1251 |     /* [in] */ handle_t IDL_handle);
1252 | 
1253 | void Opnum88NotUsedOnWire( 
1254 |     /* [in] */ handle_t IDL_handle);
1255 | 
1256 | void Opnum89NotUsedOnWire( 
1257 |     /* [in] */ handle_t IDL_handle);
1258 | 
1259 | void Opnum90NotUsedOnWire( 
1260 |     /* [in] */ handle_t IDL_handle);
1261 | 
1262 | void Opnum91NotUsedOnWire( 
1263 |     /* [in] */ handle_t IDL_handle);
1264 | 
1265 | void Opnum92NotUsedOnWire( 
1266 |     /* [in] */ handle_t IDL_handle);
1267 | 
1268 | void Opnum93NotUsedOnWire( 
1269 |     /* [in] */ handle_t IDL_handle);
1270 | 
1271 | void Opnum94NotUsedOnWire( 
1272 |     /* [in] */ handle_t IDL_handle);
1273 | 
1274 | void Opnum95NotUsedOnWire( 
1275 |     /* [in] */ handle_t IDL_handle);
1276 | 
1277 | void Opnum96NotUsedOnWire( 
1278 |     /* [in] */ handle_t IDL_handle);
1279 | 
1280 | void Opnum97NotUsedOnWire( 
1281 |     /* [in] */ handle_t IDL_handle);
1282 | 
1283 | void Opnum98NotUsedOnWire( 
1284 |     /* [in] */ handle_t IDL_handle);
1285 | 
1286 | void Opnum99NotUsedOnWire( 
1287 |     /* [in] */ handle_t IDL_handle);
1288 | 
1289 | void Opnum100NotUsedOnWire( 
1290 |     /* [in] */ handle_t IDL_handle);
1291 | 
1292 | void Opnum101NotUsedOnWire( 
1293 |     /* [in] */ handle_t IDL_handle);
1294 | 
1295 | void Opnum102NotUsedOnWire( 
1296 |     /* [in] */ handle_t IDL_handle);
1297 | 
1298 | void Opnum103NotUsedOnWire( 
1299 |     /* [in] */ handle_t IDL_handle);
1300 | 
1301 | void Opnum104NotUsedOnWire( 
1302 |     /* [in] */ handle_t IDL_handle);
1303 | 
1304 | void Opnum105NotUsedOnWire( 
1305 |     /* [in] */ handle_t IDL_handle);
1306 | 
1307 | void Opnum106NotUsedOnWire( 
1308 |     /* [in] */ handle_t IDL_handle);
1309 | 
1310 | void Opnum107NotUsedOnWire( 
1311 |     /* [in] */ handle_t IDL_handle);
1312 | 
1313 | void Opnum108NotUsedOnWire( 
1314 |     /* [in] */ handle_t IDL_handle);
1315 | 
1316 | void Opnum109NotUsedOnWire( 
1317 |     /* [in] */ handle_t IDL_handle);
1318 | 
1319 | void Opnum110NotUsedOnWire( 
1320 |     /* [in] */ handle_t IDL_handle);
1321 | 
1322 | void Opnum111NotUsedOnWire( 
1323 |     /* [in] */ handle_t IDL_handle);
1324 | 
1325 | void Opnum112NotUsedOnWire( 
1326 |     /* [in] */ handle_t IDL_handle);
1327 | 
1328 | void Opnum113NotUsedOnWire( 
1329 |     /* [in] */ handle_t IDL_handle);
1330 | 
1331 | void Opnum114NotUsedOnWire( 
1332 |     /* [in] */ handle_t IDL_handle);
1333 | 
1334 | void Opnum115NotUsedOnWire( 
1335 |     /* [in] */ handle_t IDL_handle);
1336 | 
1337 | void Opnum116NotUsedOnWire( 
1338 |     /* [in] */ handle_t IDL_handle);
1339 | 
1340 | void Opnum117NotUsedOnWire( 
1341 |     /* [in] */ handle_t IDL_handle);
1342 | 
1343 | void Opnum118NotUsedOnWire( 
1344 |     /* [in] */ handle_t IDL_handle);
1345 | 
1346 | void Opnum119NotUsedOnWire( 
1347 |     /* [in] */ handle_t IDL_handle);
1348 | 
1349 | void Opnum120NotUsedOnWire( 
1350 |     /* [in] */ handle_t IDL_handle);
1351 | 
1352 | void Opnum121NotUsedOnWire( 
1353 |     /* [in] */ handle_t IDL_handle);
1354 | 
1355 | void Opnum122NotUsedOnWire( 
1356 |     /* [in] */ handle_t IDL_handle);
1357 | 
1358 | void Opnum123NotUsedOnWire( 
1359 |     /* [in] */ handle_t IDL_handle);
1360 | 
1361 | void Opnum124NotUsedOnWire( 
1362 |     /* [in] */ handle_t IDL_handle);
1363 | 
1364 | void Opnum125NotUsedOnWire( 
1365 |     /* [in] */ handle_t IDL_handle);
1366 | 
1367 | void Opnum126NotUsedOnWire( 
1368 |     /* [in] */ handle_t IDL_handle);
1369 | 
1370 | void Opnum127NotUsedOnWire( 
1371 |     /* [in] */ handle_t IDL_handle);
1372 | 
1373 | void Opnum128NotUsedOnWire( 
1374 |     /* [in] */ handle_t IDL_handle);
1375 | 
1376 | NTSTATUS LsarCreateTrustedDomainEx3( 
1377 |     /* [in] */ LSAPR_HANDLE PolicyHandle,
1378 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
1379 |     /* [in] */ PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES AuthenticationInformation,
1380 |     /* [in] */ ACCESS_MASK DesiredAccess,
1381 |     /* [out] */ LSAPR_HANDLE *TrustedDomainHandle);
1382 | 
1383 | typedef /* [handle] */ LPWSTR PLSAPR_SERVER_NAME;
1384 | 
1385 | typedef /* [handle] */ LPWSTR *PPLSAPR_SERVER_NAME;
1386 | 
1387 | typedef struct _LSAPR_REVISION_INFO_V1
1388 |     {
1389 |     ULONG Revision;
1390 |     ULONG SupportedFeatures;
1391 |     } 	LSAPR_REVISION_INFO_V1;
1392 | 
1393 | typedef struct _LSAPR_REVISION_INFO_V1 *PLSAPR_REVISION_INFO_V1;
1394 | 
1395 | typedef /* [public][public][public][switch_type] */ union __MIDL_lsarpc_0002
1396 |     {
1397 |     /* [case()] */ LSAPR_REVISION_INFO_V1 V1;
1398 |     } 	LSAPR_REVISION_INFO;
1399 | 
1400 | typedef /* [switch_type] */ union __MIDL_lsarpc_0002 *PLSAPR_REVISION_INFO;
1401 | 
1402 | NTSTATUS LsarOpenPolicy3( 
1403 |     /* [string][unique][in] */ PLSAPR_SERVER_NAME SystemName,
1404 |     /* [in] */ PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
1405 |     /* [in] */ ACCESS_MASK DesiredAccess,
1406 |     /* [in] */ ULONG InVersion,
1407 |     /* [switch_is][in] */ LSAPR_REVISION_INFO *InRevisionInfo,
1408 |     /* [out] */ ULONG *OutVersion,
1409 |     /* [switch_is][out] */ LSAPR_REVISION_INFO *OutRevisionInfo,
1410 |     /* [out] */ LSAPR_HANDLE *PolicyHandle);
1411 | 
1412 | 
1413 | 
1414 | extern RPC_IF_HANDLE lsarpc_v0_0_c_ifspec;
1415 | extern RPC_IF_HANDLE lsarpc_v0_0_s_ifspec;
1416 | #endif /* __lsarpc_INTERFACE_DEFINED__ */
1417 | 
1418 | /* Additional Prototypes for ALL interfaces */
1419 | 
1420 | handle_t __RPC_USER PLSAPR_SERVER_NAME_bind ( PLSAPR_SERVER_NAME );
1421 | void     __RPC_USER PLSAPR_SERVER_NAME_unbind( PLSAPR_SERVER_NAME,  handle_t );
1422 | 
1423 | void __RPC_USER LSAPR_HANDLE_rundown( LSAPR_HANDLE );
1424 | 
1425 | /* end of Additional Prototypes */
1426 | 
1427 | #ifdef __cplusplus
1428 | }
1429 | #endif
1430 | 
1431 | #endif
1432 | 
1433 | 
1434 | 


--------------------------------------------------------------------------------