NAME

Win32::Security::Raw - low-level access Win32 Security API calls

SYNOPSIS

use Win32::Security::Raw;

DESCRIPTION

This module provides access to a limited number of Win32 Security API calls. As I have need for other functions I will add them to the module. If anyone has suggestions, feel free to ask - I will be quite happy to extend this module.

Installation instructions

This installs as part of Win32-Security. See Win32::Security::NamedObject for more information.

It depends upon the Win32::API and Data::BitMask modules, which should be installable via PPM or available on CPAN.

Function Reference: Helper functions

`_is_x64`

Returns 1 if Perl is x64, 0 if Perl is x86.

`_uint32`

Clarifies using Win32::API on both the x86 (32-bit) and x64 (64-bit) versions of Perl. It returns the Win32::API parameter character specifier for an unsigned 32-bit, independent of Perl bit-version:

I (unsigned 32-bit int) on x64 Perl
I (unsigned 32-bit int) on x32 Perl

`_uint64`

Clarifies using Win32::API on both the x86 (32-bit) and x64 (64-bit) versions of Perl. It returns the Win32::API parameter character specifier for an unsigned pointer-sized int (i.e. 32-bit on x86, 64-bit on x64), dependent on Perl bit-version:

Q (unsigned 64-bit int) on x64 Perl
I (unsigned 32-bit int) on x32 Perl

`_pack_uint32`

Clarifies using pack/unpack on both the x86 (32-bit) and x64 (64-bit) versions of Perl. It returns the pack/unpack TEMPLATE character for an unsigned 32-bit, independent of Perl bit-version:

V (unsigned 32-bit int) on x64 Perl
V (unsigned 32-bit int) on x32 Perl

`_pack_uint64`

Clarifies using pack/unpack on both the x86 (32-bit) and x64 (64-bit) versions of Perl. It returns the pack/unpack TEMPLATE character for an unsigned pointer-sized int (i.e. 32-bit on x86, 64-bit on x64), dependent on Perl bit-version:

Q (unsigned 64-bit int) on x64 Perl
V (unsigned 32-bit int) on x32 Perl

`_format_error`

Formats an error message starting with the passed Win32 API function name, followed by the output from Win32::FormatMessage on the optional passed $retval or return value from Win32::GetLastError.

Function Reference: Memory functions

`LocalAlloc`

Calls LocalAlloc with the passed Flags and Bytes. It returns a pointer as a Perl int, but dies if a null pointer is returned from the call. The Flags parameter can be passed as either an integer or as legal Win32::Security::LMEM_FLAGS.

`LocalFree`

Calls LocalFree on the passed pointer (as Perl int).

`LocalSize`

Calls LocalSize on the passed pointer (as Perl int).

`CopyMemory_Read`

Uses RtlMoveMemory to copy an arbitrary memory location into a Perl string. Pass pointer as Perl int. The number of bytes to read from that location is optional - if not passed, LocalSize will be used to determine the number of bytes to read.

The function will return the data read in a Perl string.

`CopyMemory_Write`

Uses RtlMoveMemory to write to an arbitrary memory location. Pass a string that will be copied and a pointer (as Perl int). The caller is responsible for ensuring that the data to be written will not overrun the memory location.

Function Reference: Process functions

`GetCurrentProcess`

Returns a handle to the CurrentProcess as an integer.

`OpenProcessToken`

Pass ProcessHandle and DesiredAccess (TokenRights). Returns TokenHandle.

`LookupPrivilegeValue`

Pass SystemName (undef permitted) and a privilege Name (i.e. SeRestorePrivilege). Returns the Luid.

`AdjustTokenPrivileges`

Pass the following three parameters:

TokenHandle from OpenProcessToken
DisableAllPrivileges 0 or 1
NewState array ref like so: [ [Luid from LookupPrivilegeValue, LUID_ATTRIBUTES mask], .. ] i.e. [ [$luid, 'SE_PRIVILEGE_ENABLED'] ]

The first return value is array PreviousState that will be similar to the passed NewState. The second return value is any error messages returned from the call to AdjustTokenPrivileges.

Function Reference: Security Descriptor functions

`GetNamedSecurityInfo`

This expects an object name (i.e. a path to a file, registry key, etc.), an object type (i.e. 'SE_FILE_OBJECT'), and a SECURITY_INFORMATION mask (i.e. 'OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION'). It returns pointers (as Perl ints) to sidOwner, sidGroup, Dacl, Sacl, and the SecurityDescriptor. Some of these may be null pointers.

IMPORTANT: When done with the returned data, call Win32::Security::Raw::LocalFree on the returned SecurityDescriptor;

`GetSecurityDescriptorControl`

This expects a pointer to a SecurityDescriptor. It returns the Data::BitMask::break_mask form for the SECURITY_DESCRIPTOR_CONTROL mask and the Revision.

`GetLengthSid`

This accepts a pointer (as a Perl int) to a SID as an integer and returns the length.

`GetAclInformation`

This expects a pointer to an ACL and an AclInformationClass value (i.e. 'AclSizeInformation' or 'AclRevisionInformation'). It returns the approriate data for the AclInformationClass value (the AclRevision in the case of AclRevisionInformation, the AceCount, AclBytesInUse, and AclBytesFree in the case of AclSizeInformation).

`SECURITY_DESCRIPTOR_MIN_LENGTH`

Returns the minimum length for a valid SecurityDescriptor. This is 4 bytes plus 4 times the size of a pointer (i.e. 4 + 4*4 = 20 on x86, 4 + 4*8 = 36 on x64).

`InitializeSecurityDescriptor`

Revision is optional - if omitted, revision 1 is used. Dies if the call fails.

The call will allocate a chunk of memory for the new SecurityDescriptor before initializing it and then return a pointer to it.

IMPORTANT: When done with using the new SecurityDescriptor, call Win32::Security::Raw::LocalFree on the returned SecurityDescriptor;

`SetSecurityDescriptorDacl`

Calls SetSecurityDescriptorDacl. Expects a pointer to a SecurityDescriptor, bool DaclPresent, pointer to Dacl, and pointer to DaclDefaulted. Dies if the call fails.

`SetFileSecurity`

Pass FileName, SecurityInfo, and pointer (as Perl int) to SecurityDescriptor. Useful for setting permissions without propagating inheritable ACEs.

`SetNamedSecurityInfo`

This expects an object name (i.e. a path to a file, registry key, etc.), an object type (i.e. 'SE_FILE_OBJECT'), and a SECURITY_INFORMATION mask (i.e. 'OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION'), and byte strings for sidOwner, sidGroup, Dacl, and Sacl. The byte strings may be undef if they are not referenced in the SECURITY_INFORMATION mask.

`Data::BitMask` Objects

The objects are accessed via class methods on Win32::Security. The Data::BitMask objects are created by the first call and lexically cached.

&Win32::Security::SE_OBJECT_TYPE

Win32 constants for SE_OBJECT_TYPE, along with the following aliases:

FILE (SE_FILE_OBJECT)
SERVICE (SE_SERVICE)
PRINTER (SE_PRINTER)
REG (SE_REGISTRY_KEY)
REGISTRY (SE_REGISTRY_KEY)
SHARE (SE_LMSHARE)

&Win32::Security::SECURITY_INFORMATION

&Win32::Security::SECURITY_DESCRIPTOR_CONTROL

&Win32::Security::ACL_INFORMATION_CLASS

&Win32::Security::TokenRights

&Win32::Security::LUID_ATTRIBUTES

&Win32::Security::LMEM_FLAGS

AUTHOR

Toby Ovod-Everett, toby@ovod-everett.org

To install Win32::Security, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Win32::Security

CPAN shell

perl -MCPAN -e shell
install Win32::Security

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

Installation instructions

Function Reference: Helper functions

_is_x64

_uint32

_uint64

_pack_uint32

_pack_uint64

_format_error

Function Reference: Memory functions

LocalAlloc

LocalFree

LocalSize

CopyMemory_Read

CopyMemory_Write