I'm trying to retrieve with Rust the unique identifier of the MSV authentication package. For that, i'm trying to use the Windows API function LsaLookupAuthenticationPackage, but it is returning the NTSTATUS constant 0xC00000FE (STATUS_NO_SUCH_PACKAGE), which acording to the official documentation it means "A specified authentication package is unknown".
To call LsaLookupAuthenticationPackage, I'm using the official crate to access the Windows API. Below I detail the activities that I perform before calling LsaLookupAuthenticationPackage:
1.- I run my code as System.
2.- I successfully enable SeTcbPrivilege using the function RtlAdjustPrivilege.
3.- I successfully call LsaRegisterLogonProcess to open a handle to start the interaction with the LSA.
4.- I use this handle to call LsaLookupAuthenticationPackage. Below, I show the code that I'm using to call LsaLookupAuthenticationPackage:
let package:[char;20]= ['M','S','V','1','_','0','_','P','A','C','K','A','G','E','_','N','A','M','E','\0'];
let auth_package: STRING = STRING {Length:19, MaximumLength:19, Buffer:transmute(package.as_ptr())};
let auth_package_ptr: *const STRING = transmute(&auth_package);
let auth_id: *mut u32 = transmute(&u32::default());
let ret = LsaLookupAuthenticationPackage(handle,auth_package_ptr,auth_id);
I also tried to use an &str instead of the char array to store the auth package name, but it didn't work either.
For me it's obvious that the function is working, so the problem seems to be that I'm not passing correctly the auth package name.