fb17429f67
- added new event checks - Explicit Logon Events, Logon Events, PowerShell Events, Process Creation Events - added PrintSecurityPackagesCredentials check - added Windows Defender enumeration
27 lines
1.3 KiB
C#
27 lines
1.3 KiB
C#
using System;
|
|
using System.Runtime.InteropServices;
|
|
|
|
namespace winPEAS.Native
|
|
{
|
|
internal class Vaultcli
|
|
{
|
|
// pulled directly from @djhohnstein's SharpWeb project: https://github.com/djhohnstein/SharpWeb/blob/master/Edge/SharpEdge.cs
|
|
|
|
[DllImport("vaultcli.dll")]
|
|
internal extern static Int32 VaultOpenVault(ref Guid vaultGuid, UInt32 offset, ref IntPtr vaultHandle);
|
|
|
|
[DllImport("vaultcli.dll")]
|
|
internal extern static Int32 VaultEnumerateVaults(Int32 offset, ref Int32 vaultCount, ref IntPtr vaultGuid);
|
|
|
|
[DllImport("vaultcli.dll")]
|
|
internal extern static Int32 VaultEnumerateItems(IntPtr vaultHandle, Int32 chunkSize, ref Int32 vaultItemCount, ref IntPtr vaultItem);
|
|
|
|
[DllImport("vaultcli.dll", EntryPoint = "VaultGetItem")]
|
|
internal extern static Int32 VaultGetItem_WIN8(IntPtr vaultHandle, ref Guid schemaId, IntPtr pResourceElement, IntPtr pIdentityElement, IntPtr pPackageSid, IntPtr zero, Int32 arg6, ref IntPtr passwordVaultPtr);
|
|
|
|
[DllImport("vaultcli.dll", EntryPoint = "VaultGetItem")]
|
|
internal extern static Int32 VaultGetItem_WIN7(IntPtr vaultHandle, ref Guid schemaId, IntPtr pResourceElement, IntPtr pIdentityElement, IntPtr zero, Int32 arg5, ref IntPtr passwordVaultPtr);
|
|
|
|
}
|
|
}
|