[NDK][NTOS:SE] Add the missing "LogonSession" member to TOKEN structure

And also fix the wrong member offsets in comments. The said offset values are based upon the ones retrieved with WinDBG.
2025-04-26 08:30:21 +00:00 · 2021-05-09 17:34:02 +02:00 · 2021-05-09 17:34:02 +02:00 · f5dc1c77b5
commit f5dc1c77b5
parent 9e0a3cdf6c
2 changed files with 18 additions and 14 deletions
--- a/ntoskrnl/se/srm.c
+++ b/ntoskrnl/se/srm.c
@ -22,16 +22,6 @@ extern LUID SeAnonymousAuthenticationId;
 #define SEP_LOGON_SESSION_TAG 'sLeS'
 #define SEP_LOGON_NOTIFICATION_TAG 'nLeS'

-typedef struct _SEP_LOGON_SESSION_REFERENCES
-{
-    struct _SEP_LOGON_SESSION_REFERENCES *Next;
-    LUID LogonId;
-    ULONG ReferenceCount;
-    ULONG Flags;
-    PDEVICE_MAP pDeviceMap;
-    LIST_ENTRY TokenList;
-} SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES;
-
 typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
 {
    struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION *Next;
--- a/sdk/include/ndk/setypes.h
+++ b/sdk/include/ndk/setypes.h
@ -151,6 +151,19 @@ typedef struct _SEP_AUDIT_POLICY
    };
 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;

+//
+// Security Logon Session References
+//
+typedef struct _SEP_LOGON_SESSION_REFERENCES
+{
+    struct _SEP_LOGON_SESSION_REFERENCES *Next;
+    LUID LogonId;
+    ULONG ReferenceCount;
+    ULONG Flags;
+    PDEVICE_MAP pDeviceMap;
+    LIST_ENTRY TokenList;
+} SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES;
+
 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
 {
    POBJECT_NAME_INFORMATION ImageFileName;
@ -189,7 +202,7 @@ typedef struct _TOKEN
    LUID ParentTokenId;                               /* 0x20 */
    LARGE_INTEGER ExpirationTime;                     /* 0x28 */
    PERESOURCE TokenLock;                             /* 0x30 */
-    SEP_AUDIT_POLICY  AuditPolicy;                    /* 0x38 */
+    SEP_AUDIT_POLICY AuditPolicy;                     /* 0x38 */
    LUID ModifiedId;                                  /* 0x40 */
    ULONG SessionId;                                  /* 0x48 */
    ULONG UserAndGroupCount;                          /* 0x4C */
@ -208,9 +221,10 @@ typedef struct _TOKEN
    TOKEN_TYPE TokenType;                             /* 0x80 */
    SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;  /* 0x84 */
    ULONG TokenFlags;                                 /* 0x88 */
-    BOOLEAN TokenInUse;                               /* 0x8C */
-    PSECURITY_TOKEN_PROXY_DATA ProxyData;             /* 0x90 */
-    PSECURITY_TOKEN_AUDIT_DATA AuditData;             /* 0x94 */
+    BOOLEAN TokenInUse;                               /* 0x89 */
+    PSECURITY_TOKEN_PROXY_DATA ProxyData;             /* 0x8C */
+    PSECURITY_TOKEN_AUDIT_DATA AuditData;             /* 0x90 */
+    PSEP_LOGON_SESSION_REFERENCES LogonSession;       /* 0x94 */
    LUID OriginatingLogonSession;                     /* 0x98 */
    ULONG VariablePart;                               /* 0xA0 */
 } TOKEN, *PTOKEN;