NTSTATUS kkll_m_process_token_toProcess(SIZE_T szBufferIn, PVOID bufferIn, PKIWI_BUFFER outBuffer, HANDLE hSrcToken, PEPROCESS pToProcess)
{
PROCESS_ACCESS_TOKEN ProcessTokenInformation = {NULL, NULL};
HANDLE hToProcess;
PULONG pFlags2 = NULL;
NTSTATUS status;
HANDLE processId = PsGetProcessId(pToProcess);
PCHAR processName = PsGetProcessImageFileName(pToProcess);
status = ObOpenObjectByPointer(pToProcess, OBJ_KERNEL_HANDLE, NULL, 0, *PsProcessType, KernelMode, &hToProcess);
if(NT_SUCCESS(status))
{
status = ZwDuplicateToken(hSrcToken, 0, NULL, FALSE, TokenPrimary, &ProcessTokenInformation.Token);
if(NT_SUCCESS(status))
{
if(KiwiOsIndex >= KiwiOsIndex_VISTA)
{
pFlags2 = (PULONG) (((ULONG_PTR) pToProcess) + EPROCESS_OffSetTable[KiwiOsIndex][EprocessFlags2]);
if(*pFlags2 & TOKEN_FROZEN_MASK)
*pFlags2 &= ~TOKEN_FROZEN_MASK;
else
pFlags2 = NULL;
}
status = ZwSetInformationProcess(hToProcess, ProcessAccessToken, &ProcessTokenInformation, sizeof(PROCESS_ACCESS_TOKEN));
if(NT_SUCCESS(status))
status = kprintf(outBuffer, L" * to %u/%-14S\n", processId, processName);
else
status = kprintf(outBuffer, L" ! ZwSetInformationProcess 0x%08x for %u/%-14S\n", status, processId, processName);
if((KiwiOsIndex >= KiwiOsIndex_VISTA) && pFlags2)
*pFlags2 |= TOKEN_FROZEN_MASK;
ZwClose(ProcessTokenInformation.Token);
}
ZwClose(hToProcess);
}
return status;
}
DualErr
DuplicateProcessToken(PGPUInt32 procId, PHANDLE pDupedToken)
{
CLIENT_ID clientId;
DualErr derr;
HANDLE procHandle, token;
NTSTATUS status;
OBJECT_ATTRIBUTES objAttribs;
PGPBoolean openedProcess, openedToken;
openedProcess = openedToken = FALSE;
pgpAssertAddrValid(pDupedToken, HANDLE);
InitializeObjectAttributes(&objAttribs, NULL, 0, NULL, NULL);
clientId.UniqueThread = NULL;
clientId.UniqueProcess = (PVOID) procId;
// Open a handle to the process.
status = ZwOpenProcess(&procHandle, PROCESS_ALL_ACCESS, &objAttribs,
&clientId);
if (!NT_SUCCESS(status))
{
derr = DualErr(kPGDMinorError_ZwOpenProcessFailed, status);
}
openedProcess = derr.IsntError();
// Open a handle to the process token.
if (derr.IsntError())
{
status = ZwOpenProcessToken(procHandle, TOKEN_ALL_ACCESS, &token);
if (!NT_SUCCESS(status))
{
derr = DualErr(kPGDMinorError_ZwOpenProcessTokenFailed, status);
}
openedToken = derr.IsntError();
}
// Duplicate the token.
if (derr.IsntError())
{
SECURITY_QUALITY_OF_SERVICE SQOS;
SQOS.Length = sizeof(SQOS);
SQOS.ImpersonationLevel = SecurityImpersonation;
SQOS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
SQOS.EffectiveOnly = FALSE;
objAttribs.SecurityQualityOfService = (PVOID) &SQOS;
status = ZwDuplicateToken(token, TOKEN_QUERY | TOKEN_IMPERSONATE,
&objAttribs, SecurityAnonymous, TokenImpersonation, pDupedToken);
if (!NT_SUCCESS(status))
{
derr = DualErr(kPGDMinorError_ZwDuplicateTokenFailed, status);
}
}
if (openedToken)
ZwClose(token);
if (openedProcess)
ZwClose(procHandle);
return derr;
}
