#pragma once #include "utils.h" #include "resource.h" #include <versionhelpers.h> #include <aclapi.h> #define PPL_BINARY L"services.exe" #define DLL_TO_HIJACK_WIN81 L"SspiCli.dll" #define DLL_TO_HIJACK_WIN10 L"EventAggregation.dll" #ifndef STATUS_INFO_LENGTH_MISMATCH #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) #endif extern BOOL g_bVerbose; extern BOOL g_bDebug; extern BOOL g_bForce; extern BOOL g_bHardenAMPPLOnly; _Success_(return) BOOL HardenKnownDlls(); _Success_(return) BOOL CheckRequirements(); _Success_(return) BOOL IsCurrentUserSystem(_Out_ PBOOL pbResult); _Success_(return) BOOL GetHijackableDllName(_Out_ LPWSTR* ppwszDllName); //_Success_(return) BOOL WritePayloadDll(_In_ LPWSTR pwszPath); _Success_(return) BOOL GetPayloadDll(_Out_ LPVOID* ppBuffer, _Out_ PDWORD pdwSize); _Success_(return) BOOL FindFileForTransaction(_In_ DWORD dwMinSize, _Out_ LPWSTR* ppwszFilePath); _Success_(return) BOOL WritePayloadDllTransacted(_Out_ PHANDLE pdhFile); _Success_(return) BOOL FindProcessTokenAndDuplicate(_In_ LPCWSTR pwszTargetSid, _Out_ PHANDLE phToken, _In_opt_ LPCWSTR pwszPrivileges[], _In_ DWORD dwPrivilegeCount); _Success_(return) BOOL Impersonate(_In_ HANDLE hToken); _Success_(return) BOOL ImpersonateUser(_In_ LPCWSTR pwszSid, _Out_ PHANDLE phToken, _In_opt_ LPCWSTR pwszPrivileges[], _In_ DWORD dwPrivilegeCount); _Success_(return) BOOL ImpersonateSystem(_Out_ PHANDLE phSystemToken); _Success_(return) BOOL ImpersonateLocalService(_Out_ PHANDLE phLocalServiceToken); _Success_(return) BOOL CheckKnownDllSymbolicLink(_In_ LPCWSTR pwszDllName, _In_ LPWSTR pwszTarget); _Success_(return) BOOL MapDll(_In_ LPWSTR pwszSectionName, _Out_ PHANDLE phSection); _Success_(return) BOOL UnmapDll(_In_ HANDLE hSection); _Success_(return) BOOL PrepareCommandLine(_In_ LPWSTR pwszRandomGuid, _Out_ LPWSTR* ppwszCommandLine); _Success_(return) BOOL CreateProtectedProcessAsUser(_In_ HANDLE hToken, _In_ LPWSTR pwszCommandLine, _Out_ PHANDLE phProcess);