-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Advapi32.java
executable file
·3608 lines (3489 loc) · 206 KB
/
Advapi32.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/* Copyright (c) 2010 Daniel Doubrovkine, All Rights Reserved
*
* The contents of this file is dual-licensed under 2
* alternative Open Source/Free licenses: LGPL 2.1 or later and
* Apache License 2.0. (starting with JNA version 4.0.0).
*
* You can freely decide which license you want to apply to
* the project.
*
* You may obtain a copy of the LGPL License at:
*
* http://www.gnu.org/licenses/licenses.html
*
* A copy is also included in the downloadable source code package
* containing JNA, in file "LGPL2.1".
*
* You may obtain a copy of the Apache License at:
*
* http://www.apache.org/licenses/
*
* A copy is also included in the downloadable source code package
* containing JNA, in file "AL2.0".
*/
package com.sun.jna.platform.win32;
import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.WinBase.FE_EXPORT_FUNC;
import com.sun.jna.platform.win32.WinBase.FE_IMPORT_FUNC;
import com.sun.jna.platform.win32.WinBase.PROCESS_INFORMATION;
import com.sun.jna.platform.win32.WinBase.SECURITY_ATTRIBUTES;
import com.sun.jna.platform.win32.WinBase.STARTUPINFO;
import com.sun.jna.platform.win32.WinDef.BOOLByReference;
import com.sun.jna.platform.win32.WinDef.DWORD;
import com.sun.jna.platform.win32.WinDef.DWORDByReference;
import com.sun.jna.platform.win32.WinDef.ULONG;
import com.sun.jna.platform.win32.WinNT.ACL;
import com.sun.jna.platform.win32.WinNT.GENERIC_MAPPING;
import com.sun.jna.platform.win32.WinNT.HANDLE;
import com.sun.jna.platform.win32.WinNT.HANDLEByReference;
import com.sun.jna.platform.win32.WinNT.PACLByReference;
import com.sun.jna.platform.win32.WinNT.PRIVILEGE_SET;
import com.sun.jna.platform.win32.WinNT.PSID;
import com.sun.jna.platform.win32.WinNT.PSIDByReference;
import com.sun.jna.platform.win32.WinNT.SECURITY_DESCRIPTOR;
import com.sun.jna.platform.win32.WinNT.SECURITY_DESCRIPTOR_RELATIVE;
import com.sun.jna.platform.win32.WinReg.HKEY;
import com.sun.jna.platform.win32.WinReg.HKEYByReference;
import com.sun.jna.platform.win32.Winsvc.ChangeServiceConfig2Info;
import com.sun.jna.platform.win32.Winsvc.HandlerEx;
import com.sun.jna.platform.win32.Winsvc.SC_HANDLE;
import com.sun.jna.platform.win32.Winsvc.SERVICE_STATUS;
import com.sun.jna.platform.win32.Winsvc.SERVICE_STATUS_HANDLE;
import com.sun.jna.platform.win32.Winsvc.SERVICE_STATUS_PROCESS;
import com.sun.jna.platform.win32.Winsvc.SERVICE_TABLE_ENTRY;
import com.sun.jna.ptr.IntByReference;
import com.sun.jna.ptr.LongByReference;
import com.sun.jna.ptr.PointerByReference;
import com.sun.jna.ptr.ShortByReference;
import com.sun.jna.win32.StdCallLibrary;
import com.sun.jna.win32.W32APIOptions;
/**
* Advapi32.dll Interface.
*
* @author dblock[at]dblock.org
*/
public interface Advapi32 extends StdCallLibrary {
Advapi32 INSTANCE = Native.load("Advapi32", Advapi32.class, W32APIOptions.DEFAULT_OPTIONS);
int MAX_KEY_LENGTH = 255;
int MAX_VALUE_NAME = 16383;
int RRF_RT_ANY = 0x0000ffff;
int RRF_RT_DWORD = 0x00000018;
int RRF_RT_QWORD = 0x00000048;
int RRF_RT_REG_BINARY = 0x00000008;
int RRF_RT_REG_DWORD = 0x00000010;
int RRF_RT_REG_EXPAND_SZ = 0x00000004;
int RRF_RT_REG_MULTI_SZ = 0x00000020;
int RRF_RT_REG_NONE = 0x00000001;
int RRF_RT_REG_QWORD = 0x00000040;
int RRF_RT_REG_SZ = 0x00000002;
int REG_PROCESS_APPKEY = 0x00000001;
/**
* LOGON_WITH_PROFILE: 0x00000001<br>
* Log on, then load the user profile in the HKEY_USERS registry key.<br>
* The function returns after the profile is loaded. <br>
* Loading the profile can be time-consuming, so it is best to use this
* value only if you must access the information in the HKEY_CURRENT_USER
* registry key.<br>
* Windows Server 2003: The profile is unloaded after the new process is
* terminated, whether or not it has created child processes.<br>
* Windows XP: The profile is unloaded after the new process and all child
* processes it has created are terminated.<br>
*/
int LOGON_WITH_PROFILE = 0x00000001;
/**
* LOGON_NETCREDENTIALS_ONLY: 0x00000002<br>
* Log on, but use the specified credentials on the network only.<br>
* The new process uses the same token as the caller, but the system creates
* a new logon session within LSA, and the process uses the specified
* credentials as the default credentials. <br>
* This value can be used to create a process that uses a different set of
* credentials locally than it does remotely.<br>
* This is useful in inter-domain scenarios where there is no trust
* relationship.<br>
* The system does not validate the specified credentials.<br>
* Therefore, the process can start, but it may not have access to network
* resources.
*/
int LOGON_NETCREDENTIALS_ONLY = 0x00000002;
/**
* Retrieves the name of the user associated with the current thread.
* http://msdn.microsoft.com/en-us/library/ms724432(VS.85).aspx
*
* @param buffer
* Buffer to receive the user's logon name.
* @param len
* On input, the size of the buffer, on output the number of
* characters copied into the buffer, including the terminating
* null character.
* @return True if succeeded.
*/
boolean GetUserNameW(char[] buffer, IntByReference len);
/**
* Accepts the name of a system and anaccount as input and retrieves a
* security identifier (SID) for the account and the name of the domain on
* which the account was found.
* http://msdn.microsoft.com/en-us/library/aa379159(VS.85).aspx
*
* @param lpSystemName
* Specifies the name of the system.
* @param lpAccountName
* Specifies the account name.
* @param Sid
* Receives the SID structure that corresponds to the account
* name pointed to by the lpAccountName parameter.
* @param cbSid
* On input, this value specifies the size, in bytes, of the Sid
* buffer. If the function fails because the buffer is too small
* or if cbSid is zero, this variable receives the required
* buffer size.
* @param ReferencedDomainName
* Receives the name of the domain where the account name is
* found.
* @param cchReferencedDomainName
* On input, this value specifies the size, in TCHARs, of the
* ReferencedDomainName buffer. If the function fails because the
* buffer is too small, this variable receives the required
* buffer size, including the terminating null character.
* @param peUse
* SID_NAME_USE enumerated type that indicates the type of the
* account when the function returns.
* @return True if the function was successful, False otherwise.
*/
boolean LookupAccountName(String lpSystemName, String lpAccountName,
PSID Sid, IntByReference cbSid, char[] ReferencedDomainName,
IntByReference cchReferencedDomainName, PointerByReference peUse);
/**
* Retrieves the name of the account for this SID and the name of the first
* domain on which this SID is found.
*
* @param lpSystemName
* Specifies the target computer.
* @param Sid
* The SID to look up.
* @param lpName
* Buffer that receives a null-terminated string that contains
* the account name that corresponds to the lpSid parameter.
* @param cchName
* On input, specifies the size, in TCHARs, of the lpName buffer.
* If the function fails because the buffer is too small or if
* cchName is zero, cchName receives the required buffer size,
* including the terminating null character.
* @param ReferencedDomainName
* Pointer to a buffer that receives a null-terminated string
* that contains the name of the domain where the account name
* was found.
* @param cchReferencedDomainName
* On input, specifies the size, in TCHARs, of the
* lpReferencedDomainName buffer. If the function fails because
* the buffer is too small or if cchReferencedDomainName is zero,
* cchReferencedDomainName receives the required buffer size,
* including the terminating null character.
* @param peUse
* Pointer to a variable that receives a SID_NAME_USE value that
* indicates the type of the account.
* @return If the function succeeds, the function returns nonzero. If the
* function fails, it returns zero. To get extended error
* information, call GetLastError.
*/
boolean LookupAccountSid(String lpSystemName, PSID Sid,
char[] lpName, IntByReference cchName, char[] ReferencedDomainName,
IntByReference cchReferencedDomainName, PointerByReference peUse);
/**
* Convert a security identifier (SID) to a string format suitable for
* display, storage, or transmission.
*
* @param Sid
* The SID structure to be converted.
* @param StringSid
* Pointer to a variable that receives a pointer to a
* null-terminated SID string. To free the returned buffer, call
* the LocalFree function.
* @return {@code true} if the function was successful - call {@code GetLastError()}
* to check failure reason
* @see <A HREF="http://msdn.microsoft.com/en-us/library/aa376399(VS.85).aspx">ConvertSidToStringSid</A>
*/
boolean ConvertSidToStringSid(PSID Sid, PointerByReference StringSid);
/**
* Convert a string-format security identifier (SID) into a valid,
* functional SID.
*
*
* @param StringSid
* The string-format SID to convert.
* @param Sid
* Receives a pointer to the converted SID. To free the returned buffer, call
* the LocalFree function.
* @return {@code true} if the function was successful - call {@code GetLastError()}
* to check failure reason
* @see <A HREF="http://msdn.microsoft.com/en-us/library/aa376402(VS.85).aspx">ConvertStringSidToSid</A>
*/
boolean ConvertStringSidToSid(String StringSid, PSIDByReference Sid);
/**
* Returns the length, in bytes, of a valid security identifier (SID).
* http://msdn.microsoft.com/en-us/library/aa446642(VS.85).aspx
*
* @param pSid
* A pointer to the SID structure whose length is returned.
* @return Length of the SID.
*/
int GetLengthSid(PSID pSid);
/**
* The IsValidSid function validates a security identifier (SID) by
* verifying that the revision number is within a known range, and that the
* number of subauthorities is less than the maximum.
*
* @param pSid
* Pointer to the SID structure to validate. This parameter
* cannot be NULL.
* @return If the SID structure is valid, the return value is nonzero. If
* the SID structure is not valid, the return value is zero. There
* is no extended error information for this function; do not call
* GetLastError.
*/
boolean IsValidSid(PSID pSid);
/**
* he EqualSid function tests two security identifier (SID) values for equality.
* Two SIDs must match exactly to be considered equal.
* @param pSid1
* A pointer to the first SID structure to compare. This structure is assumed to be valid.
* @param pSid2
* A pointer to the second SID structure to compare. This structure is assumed to be valid.
* @return If the SID structures are equal, the return value is nonzero.
* If the SID structures are not equal, the return value is zero. To get extended error
* information, call GetLastError.
* If either SID structure is not valid, the return value is undefined.
*/
boolean EqualSid(PSID pSid1, PSID pSid2);
/**
* Compares a SID to a well known SID and returns TRUE if they match.
*
* @param pSid
* SID to test.
* @param wellKnownSidType
* Member of the WELL_KNOWN_SID_TYPE enumeration to compare with
* the SID at pSid.
* @return True if the SID is of a given well known type, false otherwise.
*/
boolean IsWellKnownSid(PSID pSid, int wellKnownSidType);
/**
* The CreateWellKnownSid function creates a SID for predefined aliases.
*
* @param wellKnownSidType
* Member of the WELL_KNOWN_SID_TYPE enumeration that specifies
* what the SID will identify.
* @param domainSid
* Pointer to a SID that identifies the domain control to use
* when creating the SID. Pass NULL to use the local computer.
* @param pSid
* Pointer to memory where CreateWellKnownSid will store the new
* SID.
* @param cbSid
* Pointer to a DWORD that contains the number of bytes available
* at pSid. The CreateWellKnownSid function stores the number of
* bytes actually used at this location.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean CreateWellKnownSid(int wellKnownSidType, PSID domainSid,
PSID pSid, IntByReference cbSid);
/**
* The InitializeSecurityDescriptor function initializes a new security descriptor.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure that the function initializes.
* @param dwRevision
* The revision level to assign to the security descriptor. This parameter
* must be SECURITY_DESCRIPTOR_REVISION.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean InitializeSecurityDescriptor(SECURITY_DESCRIPTOR pSecurityDescriptor, int dwRevision);
/**
* The GetSecurityDescriptorControl function retrieves a security descriptor control and revision information.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure whose control and revision
* information the function retrieves.
* @param pControl
* A pointer to a SECURITY_DESCRIPTOR_CONTROL structure that receives the security descriptor's
* control information.
* @param lpdwRevision
* A pointer to a variable that receives the security descriptor's revision value.
* This value is always set, even when GetSecurityDescriptorControl returns an error.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean GetSecurityDescriptorControl(SECURITY_DESCRIPTOR pSecurityDescriptor, ShortByReference pControl, IntByReference lpdwRevision);
/**
* The SetSecurityDescriptorControl function sets the control bits of a security descriptor. The function can set only the control
* bits that relate to automatic inheritance of ACEs. To set the other control bits of a security descriptor, use the functions,
* such as SetSecurityDescriptorDacl, for modifying the components of a security descriptor.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure whose control and revision information are set.
* @param ControlBitsOfInterest
* A SECURITY_DESCRIPTOR_CONTROL mask that indicates the control bits to set.
* @param ControlBitsToSet
* SECURITY_DESCRIPTOR_CONTROL mask that indicates the new values for the control bits specified by the ControlBitsOfInterest mask.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean SetSecurityDescriptorControl(SECURITY_DESCRIPTOR pSecurityDescriptor, short ControlBitsOfInterest, short ControlBitsToSet);
/**
* The GetSecurityDescriptorOwner function retrieves the owner information from a security descriptor.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure whose owner information the function retrieves.
* @param pOwner
* A pointer to a pointer to a security identifier (SID) that identifies the owner when the function returns.
* If the security descriptor does not contain an owner, the function sets the pointer pointed to by pOwner
* to NULL and ignores the remaining output parameter, lpbOwnerDefaulted. If the security descriptor contains an owner,
* the function sets the pointer pointed to by pOwner to the address of the security descriptor's owner SID
* and provides a valid value for the variable pointed to by lpbOwnerDefaulted.
* @param lpbOwnerDefaulted
* A pointer to a flag that is set to the value of the SE_OWNER_DEFAULTED flag in the SECURITY_DESCRIPTOR_CONTROL
* structure when the function returns. If the value stored in the variable pointed to by the pOwner parameter is
* NULL, no value is set.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean GetSecurityDescriptorOwner(SECURITY_DESCRIPTOR pSecurityDescriptor, PSIDByReference pOwner, BOOLByReference lpbOwnerDefaulted);
/**
* The SetSecurityDescriptorOwner function sets the owner information of an absolute-format security descriptor. It replaces
* any owner information already present in the security descriptor.
* @param pSecurityDescriptor
* A pointer to the SECURITY_DESCRIPTOR structure whose owner is set by this function. The function replaces any existing
* owner with the new owner.
* @param pOwner
* A pointer to a SID structure for the security descriptor's new primary owner. The SID structure is referenced by, not
* copied into, the security descriptor. If this parameter is NULL, the function clears the security descriptor's owner
* information. This marks the security descriptor as having no owner.
* @param bOwnerDefaulted
* Indicates whether the owner information is derived from a default mechanism. If this value is TRUE, it is default information.
* The function stores this value as the SE_OWNER_DEFAULTED flag in the SECURITY_DESCRIPTOR_CONTROL structure. If this parameter
* is zero, the SE_OWNER_DEFAULTED flag is cleared.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean SetSecurityDescriptorOwner(SECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, boolean bOwnerDefaulted);
/**
* The GetSecurityDescriptorGroup function retrieves the primary group information from a security descriptor.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure whose primary group information the function retrieves.
* @param pGroup
* A pointer to a pointer to a security identifier (SID) that identifies the primary group when the function
* returns. If the security descriptor does not contain a primary group, the function sets the pointer
* pointed to by pGroup to NULL and ignores the remaining output parameter, lpbGroupDefaulted. If the
* security descriptor contains a primary group, the function sets the pointer pointed to by pGroup to the
* address of the security descriptor's group SID and provides a valid value for the variable pointed to
* by lpbGroupDefaulted.
* @param lpbGroupDefaulted
* A pointer to a flag that is set to the value of the SE_GROUP_DEFAULTED flag in the
* SECURITY_DESCRIPTOR_CONTROL structure when the function returns. If the value stored in the variable
* pointed to by the pGroup parameter is NULL, no value is set.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean GetSecurityDescriptorGroup(SECURITY_DESCRIPTOR pSecurityDescriptor, PSIDByReference pGroup, BOOLByReference lpbGroupDefaulted);
/**
* The SetSecurityDescriptorGroup function sets the primary group information of an absolute-format security descriptor, replacing
* any primary group information already present in the security descriptor.
* @param pSecurityDescriptor
* A pointer to the SECURITY_DESCRIPTOR structure whose primary group is set by this function. The function replaces
* any existing primary group with the new primary group.
* @param pGroup
* A pointer to a SID structure for the security descriptor's new primary group. The SID structure is referenced by, not copied
* into, the security descriptor. If this parameter is NULL, the function clears the security descriptor's primary group
* information. This marks the security descriptor as having no primary group.
* @param bGroupDefaulted
* Indicates whether the primary group information was derived from a default mechanism. If this value is TRUE, it is default
* information, and the function stores this value as the SE_GROUP_DEFAULTED flag in the SECURITY_DESCRIPTOR_CONTROL structure.
* If this parameter is zero, the SE_GROUP_DEFAULTED flag is cleared.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean SetSecurityDescriptorGroup(SECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, boolean bGroupDefaulted);
/**
* The GetSecurityDescriptorDacl function retrieves a pointer to the discretionary access control list (DACL) in
* a specified security descriptor.
* @param pSecurityDescriptor
* A pointer to the SECURITY_DESCRIPTOR structure that contains the DACL. The function retrieves a pointer to it.
* @param bDaclPresent
* A pointer to a value that indicates the presence of a DACL in the specified security descriptor. If
* lpbDaclPresent is TRUE, the security descriptor contains a DACL, and the remaining output parameters in this
* function receive valid values. If lpbDaclPresent is FALSE, the security descriptor does not contain a DACL,
* and the remaining output parameters do not receive valid values. A value of TRUE for lpbDaclPresent does not
* mean that pDacl is not NULL. That is, lpbDaclPresent can be TRUE while pDacl is NULL, meaning that a NULL
* DACL is in effect. A NULL DACL implicitly allows all access to an object and is not the same as an empty DACL.
* An empty DACL permits no access to an object. For information about creating a proper DACL, see Creating a DACL.
* @param pDacl
* A pointer to a pointer to an access control list (ACL). If a DACL exists, the function sets the pointer pointed
* to by pDacl to the address of the security descriptor's DACL. If a DACL does not exist, no value is stored.
* If the function stores a NULL value in the pointer pointed to by pDacl, the security descriptor has a NULL DACL.
* A NULL DACL implicitly allows all access to an object.
* If an application expects a non-NULL DACL but encounters a NULL DACL, the application should fail securely and
* not allow access.
* @param bDaclDefaulted
* A pointer to a flag set to the value of the SE_DACL_DEFAULTED flag in the SECURITY_DESCRIPTOR_CONTROL structure
* if a DACL exists for the security descriptor. If this flag is TRUE, the DACL was retrieved by a default mechanism;
* if FALSE, the DACL was explicitly specified by a user.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean GetSecurityDescriptorDacl(SECURITY_DESCRIPTOR pSecurityDescriptor, BOOLByReference bDaclPresent, PACLByReference pDacl, BOOLByReference bDaclDefaulted);
/**
* The SetSecurityDescriptorDacl function sets information in a discretionary access control list (DACL).
* If a DACL is already present in the security descriptor, the DACL is replaced.
* @param pSecurityDescriptor
* A pointer to the SECURITY_DESCRIPTOR structure to which the function adds the DACL. This
* security descriptor must be in absolute format, meaning that its members must be pointers
* to other structures, rather than offsets to contiguous data.
* @param bDaclPresent
* A flag that indicates the presence of a DACL in the security descriptor. If this parameter
* is TRUE, the function sets the SE_DACL_PRESENT flag in the SECURITY_DESCRIPTOR_CONTROL
* structure and uses the values in the pDacl and bDaclDefaulted parameters. If this parameter
* is FALSE, the function clears the SE_DACL_PRESENT flag, and pDacl and bDaclDefaulted are ignored.
* @param pDacl
* A pointer to an ACL structure that specifies the DACL for the security descriptor. If this
* parameter is NULL, a NULL DACL is assigned to the security descriptor, which allows all access
* to the object. The DACL is referenced by, not copied into, the security descriptor.
* @param bDaclDefaulted
* A flag that indicates the source of the DACL. If this flag is TRUE, the DACL has been retrieved
* by some default mechanism. If FALSE, the DACL has been explicitly specified by a user. The function
* stores this value in the SE_DACL_DEFAULTED flag of the SECURITY_DESCRIPTOR_CONTROL structure. If
* this parameter is not specified, the SE_DACL_DEFAULTED flag is cleared.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean SetSecurityDescriptorDacl(SECURITY_DESCRIPTOR pSecurityDescriptor, boolean bDaclPresent, ACL pDacl, boolean bDaclDefaulted);
/**
* The InitializeAcl function initializes a new ACL structure.
* @param pAcl
* A pointer to an ACL structure to be initialized by this function.
* Allocate memory for pAcl before calling this function.
* @param nAclLength
* The length, in bytes, of the buffer pointed to by the pAcl parameter. This value
* must be large enough to contain the ACL header and all of the access control
* entries (ACEs) to be stored in the ACL. In addition, this value must be
* DWORD-aligned. For more information about calculating the size of an ACL,
* see Remarks.
* @param dwAclRevision
* The revision level of the ACL structure being created. This value can be ACL_REVISION
* or ACL_REVISION_DS. Use ACL_REVISION_DS if the access control list (ACL) supports
* object-specific ACEs.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean InitializeAcl(ACL pAcl, int nAclLength, int dwAclRevision);
/**
* The AddAce function adds one or more access control entries (ACEs) to a specified access control list (ACL).
* @param pAcl
* A pointer to an ACL. This function adds an ACE to this ACL.
* @param dwAceRevision
* Specifies the revision level of the ACL being modified. This value can be ACL_REVISION or
* ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs. This value
* must be compatible with the AceType field of all ACEs in pAceList. Otherwise, the function
* will fail and set the last error to ERROR_INVALID_PARAMETER.
* @param dwStartingAceIndex
* Specifies the position in the ACL's list of ACEs at which to add new ACEs. A value of zero
* inserts the ACEs at the beginning of the list. A value of MAXDWORD appends the ACEs to the end
* of the list.
* @param pAceList
* A pointer to a list of one or more ACEs to be added to the specified ACL. The ACEs in the list
* must be stored contiguously.
* @param nAceListLength
* Specifies the size, in bytes, of the input buffer pointed to by the pAceList parameter.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean AddAce(ACL pAcl, int dwAceRevision, int dwStartingAceIndex, Pointer pAceList, int nAceListLength);
/**
* The AddAce function adds one or more access control entries (ACEs) to a specified access control list (ACL).
* @param pAcl
* A pointer to an ACL. This function adds an access-allowed ACE to the end of this ACL.
* The ACE is in the form of an ACCESS_ALLOWED_ACE structure.
* @param dwAceRevision
* Specifies the revision level of the ACL being modified. This value can be ACL_REVISION or
* ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
* @param AccessMask
* Specifies the mask of access rights to be granted to the specified SID.
* @param pSid
* A pointer to the SID representing a user, group, or logon account being granted access.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean AddAccessAllowedAce(ACL pAcl, int dwAceRevision, int AccessMask, PSID pSid);
/**
* The AddAce function adds one or more access control entries (ACEs) to a specified access control list (ACL).
* @param pAcl
* A pointer to an ACL. This function adds an access-allowed ACE to the end of this ACL.
* The ACE is in the form of an ACCESS_ALLOWED_ACE structure.
* @param dwAceRevision
* Specifies the revision level of the ACL being modified. This value can be ACL_REVISION or
* ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains object-specific ACEs.
* @param AceFlags
* A set of bit flags that control ACE inheritance. The function sets these flags in the AceFlags
* member of the ACE_HEADER structure of the new ACE. This parameter can be a combination
* of the following values: CONTAINER_INHERIT_ACE, INHERIT_ONLY_ACE, INHERITED_ACE,
* NO_PROPAGATE_INHERIT_ACE, and OBJECT_INHERIT_ACE
* @param AccessMask
* Specifies the mask of access rights to be granted to the specified SID.
* @param pSid
* A pointer to the SID representing a user, group, or logon account being granted access.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean AddAccessAllowedAceEx(ACL pAcl, int dwAceRevision, int AceFlags, int AccessMask, PSID pSid);
/**
* The GetAce function obtains a pointer to an access control entry (ACE) in an access
* control list (ACL).
* @param pAcl
* A pointer to an ACL that contains the ACE to be retrieved.
* @param dwAceIndex
* The index of the ACE to be retrieved. A value of zero corresponds to the first ACE in
* the ACL, a value of one to the second ACE, and so on.
* @param pAce
* A pointer to a pointer that the function sets to the address of the ACE.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. For extended error
* information, call GetLastError.
*/
boolean GetAce(ACL pAcl, int dwAceIndex, PointerByReference pAce);
/**
* The LogonUser function attempts to log a user on to the local computer.
* The local computer is the computer from which LogonUser was called. You
* cannot use LogonUser to log on to a remote computer. You specify the user
* with a user name and domain, and authenticate the user with a plaintext
* password. If the function succeeds, you receive a handle to a token that
* represents the logged-on user. You can then use this token handle to
* impersonate the specified user or, in most cases, to create a process
* that runs in the context of the specified user.
*
* @param lpszUsername
* A pointer to a null-terminated string that specifies the name
* of the user. This is the name of the user account to log on
* to. If you use the user principal name (UPN) format,
* user@DNS_domain_name, the lpszDomain parameter must be NULL.
* @param lpszDomain
* A pointer to a null-terminated string that specifies the name
* of the domain or server whose account database contains the
* lpszUsername account. If this parameter is NULL, the user name
* must be specified in UPN format. If this parameter is ".", the
* function validates the account using only the local account
* database.
* @param lpszPassword
* A pointer to a null-terminated string that specifies the
* plaintext password for the user account specified by
* lpszUsername.
* @param logonType
* The type of logon operation to perform.
* @param logonProvider
* Specifies the logon provider.
* @param phToken
* A pointer to a handle variable that receives a handle to a
* token that represents the specified user.
* @return If the function succeeds, the function returns nonzero. If the
* function fails, it returns zero. To get extended error
* information, call GetLastError.
*/
boolean LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int logonType, int logonProvider,
HANDLEByReference phToken);
/**
* The OpenThreadToken function opens the access token associated with a
* thread.
*
* @param ThreadHandle
* Handle to the thread whose access token is opened.
* @param DesiredAccess
* Specifies an access mask that specifies the requested types of
* access to the access token. These requested access types are
* reconciled against the token's discretionary access control
* list (DACL) to determine which accesses are granted or denied.
* @param OpenAsSelf
* Indicates whether the access check is to be made against the
* security context of the thread calling the OpenThreadToken
* function or against the security context of the process for
* the calling thread.
* @param TokenHandle
* Pointer to a variable that receives the handle to the newly
* opened access token.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. To get extended error
* information, call GetLastError.
*/
boolean OpenThreadToken(HANDLE ThreadHandle, int DesiredAccess,
boolean OpenAsSelf, HANDLEByReference TokenHandle);
/**
* The SetThreadToken function assigns an impersonation token to a thread.
* The function can also cause a thread to stop using an impersonation token.
* @param ThreadHandle [in, optional]
* A pointer to a handle to the thread to which the function
* assigns the impersonation token. If ThreadHandle is NULL, the
* function assigns the impersonation token to the calling thread.
* @param TokenHandle [in, optional]
* A handle to the impersonation token to assign to the thread.
* This handle must have been opened with TOKEN_IMPERSONATE access
* rights. For more information, see Access Rights for Access-Token
* Objects. If Token is NULL, the function causes the
* thread to stop using an impersonation token.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. To get extended error
* information, call GetLastError.
*/
boolean SetThreadToken(HANDLEByReference ThreadHandle, HANDLE TokenHandle);
/**
* The OpenProcessToken function opens the access token associated with a
* process.
*
* @param ProcessHandle
* Handle to the process whose access token is opened. The
* process must have the PROCESS_QUERY_INFORMATION access
* permission.
* @param DesiredAccess
* Specifies an access mask that specifies the requested types of
* access to the access token. These requested access types are
* compared with the discretionary access control list (DACL) of
* the token to determine which accesses are granted or denied.
* @param TokenHandle
* Pointer to a handle that identifies the newly opened access
* token when the function returns.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. To get extended error
* information, call GetLastError.
*/
boolean OpenProcessToken(HANDLE ProcessHandle, int DesiredAccess,
HANDLEByReference TokenHandle);
/**
* The DuplicateToken function creates a new access token that duplicates
* one already in existence.
*
* @param ExistingTokenHandle
* Handle to an access token opened with TOKEN_DUPLICATE access.
* @param ImpersonationLevel
* Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that
* supplies the impersonation level of the new token.
* @param DuplicateTokenHandle
* Pointer to a variable that receives a handle to the duplicate
* token. This handle has TOKEN_IMPERSONATE and TOKEN_QUERY
* access to the new token.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. To get extended error
* information, call GetLastError.
*/
boolean DuplicateToken(HANDLE ExistingTokenHandle,
int ImpersonationLevel, HANDLEByReference DuplicateTokenHandle);
/**
* The DuplicateTokenEx function creates a new access token that duplicates
* an existing token. This function can create either a primary token or an
* impersonation token.
*
* @param hExistingToken
* A handle to an access token opened with TOKEN_DUPLICATE
* access.
* @param dwDesiredAccess
* Specifies the requested access rights for the new token.
* @param lpTokenAttributes
* A pointer to a SECURITY_ATTRIBUTES structure that specifies a
* security descriptor for the new token and determines whether
* child processes can inherit the token.
* @param ImpersonationLevel
* Specifies a value from the SECURITY_IMPERSONATION_LEVEL
* enumeration that indicates the impersonation level of the new
* token.
* @param TokenType
* Specifies one of the following values from the TOKEN_TYPE
* enumeration.
* @param phNewToken
* A pointer to a HANDLE variable that receives the new token.
* @return If the function succeeds, the function returns a nonzero value.
* If the function fails, it returns zero. To get extended error
* information, call GetLastError.
*/
boolean DuplicateTokenEx(HANDLE hExistingToken, int dwDesiredAccess,
WinBase.SECURITY_ATTRIBUTES lpTokenAttributes,
int ImpersonationLevel, int TokenType, HANDLEByReference phNewToken);
/**
* Retrieves a specified type of information about an access token. The
* calling process must have appropriate access rights to obtain the
* information.
*
* @param tokenHandle
* Handle to an access token from which information is retrieved.
* If TokenInformationClass specifies TokenSource, the handle
* must have TOKEN_QUERY_SOURCE access. For all other
* TokenInformationClass values, the handle must have TOKEN_QUERY
* access.
* @param tokenInformationClass
* Specifies a value from the TOKEN_INFORMATION_CLASS enumerated
* type to identify the type of information the function
* retrieves.
* @param tokenInformation
* Pointer to a buffer the function fills with the requested
* information. The structure put into this buffer depends upon
* the type of information specified by the TokenInformationClass
* parameter.
* @param tokenInformationLength
* Specifies the size, in bytes, of the buffer pointed to by the
* TokenInformation parameter. If TokenInformation is NULL, this
* parameter must be zero.
* @param returnLength
* Pointer to a variable that receives the number of bytes needed
* for the buffer pointed to by the TokenInformation parameter.
* If this value is larger than the value specified in the
* TokenInformationLength parameter, the function fails and
* stores no data in the buffer.
* @return If the function succeeds, the return value is nonzero. If the
* function fails, the return value is zero. To get extended error
* information, call GetLastError.
*/
boolean GetTokenInformation(HANDLE tokenHandle,
int tokenInformationClass, Structure tokenInformation,
int tokenInformationLength, IntByReference returnLength);
/**
* The ImpersonateLoggedOnUser function lets the calling thread impersonate
* the security context of a logged-on user. The user is represented by a
* token handle.
*
* @param hToken
* Handle to a primary or impersonation access token that
* represents a logged-on user. This can be a token handle
* returned by a call to LogonUser, CreateRestrictedToken,
* DuplicateToken, DuplicateTokenEx, OpenProcessToken, or
* OpenThreadToken functions. If hToken is a primary token, it
* must have TOKEN_QUERY and TOKEN_DUPLICATE access. If hToken is
* an impersonation token, it must have TOKEN_QUERY and
* TOKEN_IMPERSONATE access.
* @return If the function succeeds, the return value is nonzero.
*/
boolean ImpersonateLoggedOnUser(HANDLE hToken);
/**
* The ImpersonateSelf function obtains an access token that impersonates
* the security context of the calling process. The token is assigned to the
* calling thread.
*
* @param ImpersonationLevel
* Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that
* supplies the impersonation level of the new token.
* @return If the function succeeds, the return value is nonzero.
*/
boolean ImpersonateSelf(int ImpersonationLevel);
/**
* The RevertToSelf function terminates the impersonation of a client
* application.
*
* @return If the function succeeds, the return value is nonzero.
*/
boolean RevertToSelf();
/**
* The RegOpenKeyEx function opens the specified registry key. Note that key
* names are not case sensitive.
*
* @param hKey
* Handle to an open key.
* @param lpSubKey
* Pointer to a null-terminated string containing the name of the
* subkey to open.
* @param ulOptions
* Reserved; must be zero.
* @param samDesired
* Access mask that specifies the desired access rights to the
* key. The function fails if the security descriptor of the key
* does not permit the requested access for the calling process.
* @param phkResult
* Pointer to a variable that receives a handle to the opened
* key. If the key is not one of the predefined registry keys,
* call the RegCloseKey function after you have finished using
* the handle.
* @return If the function succeeds, the return value is ERROR_SUCCESS. If
* the function fails, the return value is a nonzero error code
* defined in Winerror.h.
*/
int RegOpenKeyEx(HKEY hKey, String lpSubKey, int ulOptions,
int samDesired, HKEYByReference phkResult);
/**
* The RegLoadAppKey function loads the specified registry hive
* as an application hive.
*
* @param lpFile
* The name of the hive file.
* If the file does not exist, an empty hive file is created
* with the specified name.
* @param phkResult
* Pointer to the handle for the root key of the loaded hive.
* @param samDesired
* Access mask that specifies the desired access rights to the
* @param dwOptions
* If this parameter is REG_PROCESS_APPKEY,
* the hive cannot be loaded again while it is loaded by the caller.
* This prevents access to this registry hive by another caller.
* @param Reserved
* Reserved; must be zero.
*/
int RegLoadAppKey(String lpFile, HKEYByReference phkResult,
int samDesired, int dwOptions, int Reserved);
/**
* Establishes a connection to a predefined registry key on another
* computer.
* @param lpMachineName
* The name of the remote computer. The string has
* the following form:<br />
* <pre><code>\\computername</code></pre>
* The caller must have access to the remote computer or the
* function fails.<br />
* If this parameter is <c>null</c>, the local computer name
* is used.
* @param hKey
* A predefined registry handle. This parameter can be one of
* the following predefined keys on the remote computer.<br />
* <ul>
* <li>{@link WinReg#HKEY_LOCAL_MACHINE}</li>
* <li>{@link WinReg#HKEY_PERFORMANCE_DATA}</li>
* <li>{@link WinReg#HKEY_USERS}</li>
* </ul>
* @param phkResult
* A pointer to a variable that receives a key handle
* identifying the predefined handle on the remote computer.
* @return If the function succeeds, the return value is
* {@link WinError#ERROR_SUCCESS}.<br />
* If the remote computer cannot be found or if its Remote Registry
* service is disabled, the function fails and returns
* {@link WinError#ERROR_BAD_NETPATH}.<br />
* If attempting to use a registry handle other than one of the
* three predefined handles, the function fails and returns
* {@link WinError#ERROR_INVALID_HANDLE}.<br />
* If access to the registry is denied, the function fails and
* returns {@link WinError#ERROR_ACCESS_DENIED}. <br />
* If the function fails for some other reason, you can use the
* {@link Native#getLastError} method to get a generic description
* of the error.
* @see <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ms724840.aspx">RegConnectRegistry function (Windows)</a>
* @see <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ms724836.aspx">Predefined Keys (Windows)</a>
*/
int RegConnectRegistry(String lpMachineName, HKEY hKey, HKEYByReference phkResult);
/**
* The RegQueryValueEx function retrieves the type and data for a specified
* value name associated with an open registry key.
*
* @param hKey
* Handle to an open key. The key must have been opened with the
* KEY_QUERY_VALUE access right.
* @param lpValueName
* Pointer to a null-terminated string containing the name of the
* value to query. If lpValueName is NULL or an empty string, "",
* the function retrieves the type and data for the key's unnamed
* or default value, if any.
* @param lpReserved
* Reserved; must be NULL.
* @param lpType
* Pointer to a variable that receives a code indicating the type
* of data stored in the specified value.
* @param lpData
* Pointer to a buffer that receives the value's data. This
* parameter can be NULL if the data is not required. If the data
* is a string, the function checks for a terminating null
* character. If one is not found, the string is stored with a
* null terminator if the buffer is large enough to accommodate
* the extra character. Otherwise, the string is stored as is.
* @param lpcbData
* Pointer to a variable that specifies the size of the buffer
* pointed to by the lpData parameter, in bytes. When the
* function returns, this variable contains the size of the data
* copied to lpData. The lpcbData parameter can be NULL only if
* lpData is NULL. If the data has the REG_SZ, REG_MULTI_SZ or
* REG_EXPAND_SZ type, this size includes any terminating null
* character or characters. If the buffer specified by lpData
* parameter is not large enough to hold the data, the function
* returns ERROR_MORE_DATA and stores the required buffer size in
* the variable pointed to by lpcbData. In this case, the
* contents of the lpData buffer are undefined. If lpData is
* NULL, and lpcbData is non-NULL, the function returns
* ERROR_SUCCESS and stores the size of the data, in bytes, in
* the variable pointed to by lpcbData. This enables an
* application to determine the best way to allocate a buffer for
* the value's data.
* @return If the function succeeds, the return value is ERROR_SUCCESS. If
* the function fails, the return value is a nonzero error code
* defined in Winerror.h.
*/
int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
IntByReference lpType, char[] lpData, IntByReference lpcbData);
int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
IntByReference lpType, byte[] lpData, IntByReference lpcbData);
int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
IntByReference lpType, IntByReference lpData,
IntByReference lpcbData);
int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
IntByReference lpType, LongByReference lpData,
IntByReference lpcbData);
int RegQueryValueEx(HKEY hKey, String lpValueName, int lpReserved,
IntByReference lpType, Pointer lpData, IntByReference lpcbData);
/**
* The RegCloseKey function releases a handle to the specified registry key.
*
* @param hKey
* Handle to the open key to be closed. The handle must have been
* opened by the RegCreateKeyEx, RegOpenKeyEx, or
* RegConnectRegistry function.
* @return If the function succeeds, the return value is ERROR_SUCCESS. If
* the function fails, the return value is a nonzero error code
* defined in Winerror.h.
*/
int RegCloseKey(HKEY hKey);
/**
* The RegDeleteValue function removes a named value from the specified
* registry key. Note that value names are not case sensitive.
*
* @param hKey
* Handle to an open key. The key must have been opened with the