mimikatz/mimilib/sekurlsadbg/kwindbg.h

/*	Benjamin DELPY `gentilkiwi`
	http://blog.gentilkiwi.com
	benjamin@gentilkiwi.com
	Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#pragma once
#include "kuhl_m_sekurlsa_utils.h"
#include "kuhl_m_sekurlsa_nt6.h"
#include "kuhl_m_sekurlsa_packages.h"

USHORT NtBuildNumber;

#define KUHL_SEKURLSA_CREDS_DISPLAY_RAW				0x00000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_LINE			0x00000001
#define KUHL_SEKURLSA_CREDS_DISPLAY_NEWLINE			0x00000002

#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL		0x08000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_PRIMARY			0x01000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIALKEY	0x02000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL_MASK	0x07000000

#define KUHL_SEKURLSA_CREDS_DISPLAY_PINCODE			0x00800000

#define KUHL_SEKURLSA_CREDS_DISPLAY_NODECRYPT		0x10000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_WPASSONLY		0x20000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_DOMAIN			0x40000000
#define KUHL_SEKURLSA_CREDS_DISPLAY_SSP				0x80000000

typedef void (CALLBACK * PKUHL_M_SEKURLSA_PACKAGE_CALLBACK) (IN ULONG_PTR pKerbGlobalLogonSessionTable, IN PLUID logId, IN PVOID pCredentials);

typedef struct _KUHL_M_SEKURLSA_PACKAGE {
	const char * name;
	const char * symbolName;
	ULONG_PTR symbolPtr;
	const PKUHL_M_SEKURLSA_PACKAGE_CALLBACK callback;
} KUHL_M_SEKURLSA_PACKAGE, *PKUHL_M_SEKURLSA_PACKAGE;

typedef struct _KUHL_M_SEKURLSA_ENUM_HELPER {
	ULONG tailleStruct;
	LONG offsetToLuid;
	LONG offsetToLogonType;
	LONG offsetToSession;
	LONG offsetToUsername;
	LONG offsetToDomain;
	LONG offsetToCredentials;
	LONG offsetToPSid;
} KUHL_M_SEKURLSA_ENUM_HELPER, *PKUHL_M_SEKURLSA_ENUM_HELPER;

typedef struct _KIWI_BASIC_SECURITY_LOGON_SESSION_DATA {
	PLUID						LogonId;
	PLSA_UNICODE_STRING			UserName;
	PLSA_UNICODE_STRING			LogonDomain;
	ULONG						LogonType;
	ULONG						Session;
	PVOID						pCredentials;
	PSID						pSid;
} KIWI_BASIC_SECURITY_LOGON_SESSION_DATA, *PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA;

LPEXT_API_VERSION WDBGAPI ExtensionApiVersion (void);
VOID CheckVersion(void);
VOID WDBGAPI WinDbgExtensionDllInit (PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT usMajorVersion, USHORT usMinorVersion);
DECLARE_API(mimikatz);

VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds, PLUID luid, ULONG flags);
VOID kuhl_m_sekurlsa_genericKeyOutput(struct _MARSHALL_KEY * key, PVOID * dirtyBase);
Initial upload 2014-04-06 18:31:53 +00:00			/* Benjamin DELPY `gentilkiwi`
			`http://blog.gentilkiwi.com`
			`benjamin@gentilkiwi.com`
			`Licence : http://creativecommons.org/licenses/by/3.0/fr/`
			`*/`
			`#pragma once`
			`#include "kuhl_m_sekurlsa_utils.h"`
			`#include "kuhl_m_sekurlsa_nt6.h"`
			`#include "kuhl_m_sekurlsa_packages.h"`

			`USHORT NtBuildNumber;`

			`#define KUHL_SEKURLSA_CREDS_DISPLAY_RAW 0x00000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_LINE 0x00000001`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_NEWLINE 0x00000002`

			`#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL 0x08000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_PRIMARY 0x01000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIALKEY 0x02000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_CREDENTIAL_MASK 0x07000000`

			`#define KUHL_SEKURLSA_CREDS_DISPLAY_PINCODE 0x00800000`

			`#define KUHL_SEKURLSA_CREDS_DISPLAY_NODECRYPT 0x10000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_WPASSONLY 0x20000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_DOMAIN 0x40000000`
			`#define KUHL_SEKURLSA_CREDS_DISPLAY_SSP 0x80000000`

			`typedef void (CALLBACK * PKUHL_M_SEKURLSA_PACKAGE_CALLBACK) (IN ULONG_PTR pKerbGlobalLogonSessionTable, IN PLUID logId, IN PVOID pCredentials);`

			`typedef struct _KUHL_M_SEKURLSA_PACKAGE {`
			`const char * name;`
			`const char * symbolName;`
			`ULONG_PTR symbolPtr;`
			`const PKUHL_M_SEKURLSA_PACKAGE_CALLBACK callback;`
			`} KUHL_M_SEKURLSA_PACKAGE, *PKUHL_M_SEKURLSA_PACKAGE;`

			`typedef struct _KUHL_M_SEKURLSA_ENUM_HELPER {`
			`ULONG tailleStruct;`
			`LONG offsetToLuid;`
			`LONG offsetToLogonType;`
			`LONG offsetToSession;`
			`LONG offsetToUsername;`
			`LONG offsetToDomain;`
			`LONG offsetToCredentials;`
			`LONG offsetToPSid;`
			`} KUHL_M_SEKURLSA_ENUM_HELPER, *PKUHL_M_SEKURLSA_ENUM_HELPER;`

			`typedef struct _KIWI_BASIC_SECURITY_LOGON_SESSION_DATA {`
			`PLUID LogonId;`
			`PLSA_UNICODE_STRING UserName;`
			`PLSA_UNICODE_STRING LogonDomain;`
			`ULONG LogonType;`
			`ULONG Session;`
			`PVOID pCredentials;`
			`PSID pSid;`
			`} KIWI_BASIC_SECURITY_LOGON_SESSION_DATA, *PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA;`

			`LPEXT_API_VERSION WDBGAPI ExtensionApiVersion (void);`
			`VOID CheckVersion(void);`
			`VOID WDBGAPI WinDbgExtensionDllInit (PWINDBG_EXTENSION_APIS lpExtensionApis, USHORT usMajorVersion, USHORT usMinorVersion);`
			`DECLARE_API(mimikatz);`

			`VOID kuhl_m_sekurlsa_genericCredsOutput(PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds, PLUID luid, ULONG flags);`
			`VOID kuhl_m_sekurlsa_genericKeyOutput(struct _MARSHALL_KEY * key, PVOID * dirtyBase);`