BOOL SetFileDacl(LPCWSTR path) { BOOL bRet = FALSE; WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'}; PSECURITY_DESCRIPTOR pSD = NULL; LPWSTR pszUserSid; if(GetUserSid(&pszUserSid)) { _snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)", (IsVersion62AndOver() ? L"(A;;FR;;;AC)" : L""), pszUserSid); LocalFree(pszUserSid); } if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &pSD, NULL)) { if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, pSD)) { bRet = TRUE; } LocalFree(pSD); } return bRet; }
BOOL SetFileDacl(LPCWSTR path) { BOOL bRet = FALSE; WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'}; PSECURITY_DESCRIPTOR psd = nullptr; LPWSTR pszUserSid; if(GetUserSid(&pszUserSid)) { // SDDL_ALL_APP_PACKAGES / SDDL_RESTRICTED_CODE / SDDL_LOCAL_SYSTEM / SDDL_BUILTIN_ADMINISTRATORS / User SID _snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)", (IsWindowsVersion62OrLater() ? L"(A;;FR;;;AC)" : L""), pszUserSid); LocalFree(pszUserSid); } if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &psd, nullptr)) { if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, psd)) { bRet = TRUE; } LocalFree(psd); } return bRet; }
static NTSTATUS perm_sddl(PWSTR Sddl) { PSECURITY_DESCRIPTOR SecurityDescriptor = 0; if (!ConvertStringSecurityDescriptorToSecurityDescriptorW( Sddl, SDDL_REVISION_1, &SecurityDescriptor, 0)) return FspNtStatusFromWin32(GetLastError()); perm_print_sd(SecurityDescriptor); LocalFree(SecurityDescriptor); return STATUS_SUCCESS; }
void SetLowLabelToGDSynchroObjects() { // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity #define LOW_INTEGRITY_SDDL_SACL_W L"S:(ML;;NW;;;LW)" PSECURITY_DESCRIPTOR pSD = NULL; PACL pSacl = NULL; // not allocated BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; LPCWSTR pwszMapFileName = L"GoldenDictTextOutHookSharedMem64"; if( ConvertStringSecurityDescriptorToSecurityDescriptorW( LOW_INTEGRITY_SDDL_SACL_W, 1 /* SDDL_REVISION_1 */, &pSD, NULL ) ) { if( GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted)) { // Note that psidOwner, psidGroup, and pDacl are // all NULL and set the new LABEL_SECURITY_INFORMATION SetNamedSecurityInfoW( (LPWSTR)pwszMapFileName, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, pSacl); } LocalFree(pSD); } }
NTSTATUS MemfsCreate( ULONG Flags, ULONG FileInfoTimeout, ULONG MaxFileNodes, ULONG MaxFileSize, PWSTR VolumePrefix, PWSTR RootSddl, MEMFS **PMemfs) { NTSTATUS Result; FSP_FSCTL_VOLUME_PARAMS VolumeParams; PWSTR DevicePath = (Flags & MemfsNet) ? L"" FSP_FSCTL_NET_DEVICE_NAME : L"" FSP_FSCTL_DISK_DEVICE_NAME; UINT64 AllocationUnit; MEMFS *Memfs; MEMFS_FILE_NODE *RootNode; PSECURITY_DESCRIPTOR RootSecurity; ULONG RootSecuritySize; BOOLEAN Inserted; *PMemfs = 0; if (0 == RootSddl) RootSddl = L"O:BAG:BAD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;WD)"; if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(RootSddl, SDDL_REVISION_1, &RootSecurity, &RootSecuritySize)) return FspNtStatusFromWin32(GetLastError()); Memfs = (MEMFS *)malloc(sizeof *Memfs); if (0 == Memfs) { LocalFree(RootSecurity); return STATUS_INSUFFICIENT_RESOURCES; } memset(Memfs, 0, sizeof *Memfs); Memfs->MaxFileNodes = MaxFileNodes; AllocationUnit = MEMFS_SECTOR_SIZE * MEMFS_SECTORS_PER_ALLOCATION_UNIT; Memfs->MaxFileSize = (ULONG)((MaxFileSize + AllocationUnit - 1) / AllocationUnit * AllocationUnit); Result = MemfsFileNodeMapCreate(&Memfs->FileNodeMap); if (!NT_SUCCESS(Result)) { free(Memfs); LocalFree(RootSecurity); return Result; } memset(&VolumeParams, 0, sizeof VolumeParams); VolumeParams.SectorSize = MEMFS_SECTOR_SIZE; VolumeParams.SectorsPerAllocationUnit = MEMFS_SECTORS_PER_ALLOCATION_UNIT; VolumeParams.VolumeCreationTime = MemfsGetSystemTime(); VolumeParams.VolumeSerialNumber = (UINT32)(MemfsGetSystemTime() / (10000 * 1000)); VolumeParams.FileInfoTimeout = FileInfoTimeout; VolumeParams.CaseSensitiveSearch = 1; VolumeParams.CasePreservedNames = 1; VolumeParams.UnicodeOnDisk = 1; VolumeParams.PersistentAcls = 1; if (0 != VolumePrefix) wcscpy_s(VolumeParams.Prefix, sizeof VolumeParams.Prefix / sizeof(WCHAR), VolumePrefix); Result = FspFileSystemCreate(DevicePath, &VolumeParams, &MemfsInterface, &Memfs->FileSystem); if (!NT_SUCCESS(Result)) { MemfsFileNodeMapDelete(Memfs->FileNodeMap); free(Memfs); LocalFree(RootSecurity); return Result; } Memfs->FileSystem->UserContext = Memfs; Memfs->VolumeLabelLength = sizeof L"MEMFS" - sizeof(WCHAR); memcpy(Memfs->VolumeLabel, L"MEMFS", Memfs->VolumeLabelLength); #if 0 FspFileSystemSetOperationGuardStrategy(Memfs->FileSystem, FSP_FILE_SYSTEM_OPERATION_GUARD_STRATEGY_COARSE); #endif /* * Create root directory. */ Result = MemfsFileNodeCreate(L"\\", &RootNode); if (!NT_SUCCESS(Result)) { MemfsDelete(Memfs); LocalFree(RootSecurity); return Result; } RootNode->FileInfo.FileAttributes = FILE_ATTRIBUTE_DIRECTORY; RootNode->FileSecurity = malloc(RootSecuritySize); if (0 == RootNode->FileSecurity) { MemfsFileNodeDelete(RootNode); MemfsDelete(Memfs); LocalFree(RootSecurity); return STATUS_INSUFFICIENT_RESOURCES; } RootNode->FileSecuritySize = RootSecuritySize; memcpy(RootNode->FileSecurity, RootSecurity, RootSecuritySize); Result = MemfsFileNodeMapInsert(Memfs->FileNodeMap, RootNode, &Inserted); if (!NT_SUCCESS(Result)) { MemfsFileNodeDelete(RootNode); MemfsDelete(Memfs); LocalFree(RootSecurity); return Result; } LocalFree(RootSecurity); *PMemfs = Memfs; return STATUS_SUCCESS; }
static VOID Test(PWSTR Prefix) { static PWSTR Sddl = L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;WD)"; static const GUID ReparseGuid = { 0x2cf25cfa, 0x41af, 0x4796, { 0xb5, 0xef, 0xac, 0xa3, 0x85, 0x3, 0xe2, 0xd8 } }; WCHAR FileName[1024], VolumeName[MAX_PATH]; PSECURITY_DESCRIPTOR SecurityDescriptor; HANDLE Handle; BOOL Success; UINT8 RdBuffer[4096], WrBuffer[4096]; REPARSE_GUID_DATA_BUFFER ReparseDataBuf; DWORD BytesTransferred, Offset; WIN32_FIND_DATAW FindData; WIN32_FIND_STREAM_DATA FindStreamData; memset(WrBuffer, 'B', sizeof WrBuffer); Success = ConvertStringSecurityDescriptorToSecurityDescriptorW( Sddl, SDDL_REVISION_1, &SecurityDescriptor, 0); ASSERT(Success); wsprintfW(FileName, L"%s\\", Prefix); Success = GetVolumeInformationW(FileName, VolumeName, MAX_PATH, 0, 0, 0, 0, 0); ASSERT(Success); wsprintfW(FileName, L"%s\\", Prefix); Success = SetVolumeLabelW(FileName, VolumeName); //ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash", Prefix); Success = CreateDirectoryW(FileName, 0); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash\\file0", Prefix); Handle = CreateFileW(FileName, GENERIC_ALL, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); ASSERT(INVALID_HANDLE_VALUE != Handle); Success = CloseHandle(Handle); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash\\file0", Prefix); Handle = CreateFileW(FileName, GENERIC_ALL, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); ASSERT(INVALID_HANDLE_VALUE != Handle); Success = WriteFile(Handle, WrBuffer, sizeof WrBuffer, &BytesTransferred, 0); ASSERT(Success); ASSERT(sizeof WrBuffer == BytesTransferred); Success = FlushFileBuffers(Handle); ASSERT(Success); Offset = SetFilePointer(Handle, 0, 0, FILE_BEGIN); ASSERT(0 == Offset); Success = ReadFile(Handle, RdBuffer, sizeof RdBuffer, &BytesTransferred, 0); ASSERT(Success); ASSERT(sizeof WrBuffer == BytesTransferred); Offset = SetFilePointer(Handle, 0, 0, FILE_BEGIN); ASSERT(0 == Offset); Success = SetEndOfFile(Handle); ASSERT(Success); Offset = GetFileSize(Handle, 0); ASSERT(0 == Offset); Success = LockFile(Handle, 0, 0, 1, 0); ASSERT(Success); Success = UnlockFile(Handle, 0, 0, 1, 0); ASSERT(Success); Success = SetKernelObjectSecurity(Handle, DACL_SECURITY_INFORMATION, SecurityDescriptor); ASSERT(Success); Success = GetKernelObjectSecurity(Handle, DACL_SECURITY_INFORMATION, 0, 0, &BytesTransferred); ASSERT(!Success); ASSERT(ERROR_INSUFFICIENT_BUFFER == GetLastError()); ReparseDataBuf.ReparseTag = 0x1234; ReparseDataBuf.ReparseDataLength = 0; ReparseDataBuf.Reserved = 0; memcpy(&ReparseDataBuf.ReparseGuid, &ReparseGuid, sizeof ReparseGuid); Success = DeviceIoControl(Handle, FSCTL_SET_REPARSE_POINT, &ReparseDataBuf, REPARSE_GUID_DATA_BUFFER_HEADER_SIZE + ReparseDataBuf.ReparseDataLength, 0, 0, &BytesTransferred, 0); ASSERT(Success); Success = CloseHandle(Handle); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash\\*", Prefix); Handle = FindFirstFileW(FileName, &FindData); ASSERT(INVALID_HANDLE_VALUE != Handle); do { } while (FindNextFileW(Handle, &FindData)); ASSERT(ERROR_NO_MORE_FILES == GetLastError()); Success = FindClose(Handle); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash\\file0", Prefix); Handle = FindFirstStreamW(FileName, FindStreamInfoStandard, &FindStreamData, 0); ASSERT(INVALID_HANDLE_VALUE != Handle); do { } while (FindNextStreamW(Handle, &FindStreamData)); ASSERT(ERROR_HANDLE_EOF == GetLastError()); Success = FindClose(Handle); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash\\file0", Prefix); Success = DeleteFileW(FileName); ASSERT(Success); wsprintfW(FileName, L"%s\\fscrash", Prefix); Success = RemoveDirectoryW(FileName); ASSERT(Success); LocalFree(SecurityDescriptor); }
int APIENTRY wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow) { MSG msg; WNDCLASSEXW wc; HWND hWnd; WSADATA wsaData; PSECURITY_DESCRIPTOR psd; SECURITY_ATTRIBUTES sa; _wsetlocale(LC_ALL, L"JPN"); CreateConfigPath(); if(ConvertStringSecurityDescriptorToSecurityDescriptorW(krnlobjsddl, SDDL_REVISION_1, &psd, NULL)) { sa.nLength = sizeof(sa); sa.lpSecurityDescriptor = psd; sa.bInheritHandle = FALSE; hMutex = CreateMutexW(&sa, FALSE, mgrmutexname); if(hMutex == NULL || GetLastError() == ERROR_ALREADY_EXISTS) { LocalFree(psd); return 0; } LocalFree(psd); } else { return 0; } WSAStartup(WINSOCK_VERSION, &wsaData); ZeroMemory(&ftConfig, sizeof(ftConfig)); if(IsFileUpdated(pathconfigxml, &ftConfig)) { LoadConfig(); } ZeroMemory(&ftSKKDic, sizeof(ftSKKDic)); if(IsFileUpdated(pathskkdic, &ftSKKDic)) { MakeSKKDicPos(); } InitLua(); hInst = hInstance; ZeroMemory(&wc, sizeof(wc)); wc.cbSize = sizeof(wc); wc.style = CS_HREDRAW | CS_VREDRAW; wc.lpfnWndProc = WndProc; wc.hInstance = hInst; wc.hCursor = LoadCursor(NULL, IDC_ARROW); wc.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1); wc.lpszClassName = DictionaryManagerClass; RegisterClassExW(&wc); #ifdef _DEBUG hWnd = CreateWindowW(DictionaryManagerClass, TextServiceDesc, WS_OVERLAPPEDWINDOW, 0, 0, 600, 800, NULL, NULL, hInst, NULL); #else hWnd = CreateWindowW(DictionaryManagerClass, TextServiceDesc, WS_POPUP, 0, 0, 0, 0, NULL, NULL, hInst, NULL); #endif if(!hWnd) { UninitLua(); WSACleanup(); return 0; } #ifdef _DEBUG ShowWindow(hWnd, SW_MINIMIZE); #else ShowWindow(hWnd, SW_HIDE); #endif UpdateWindow(hWnd); while(GetMessageW(&msg, NULL, 0, 0)) { if(!TranslateAcceleratorW(msg.hwnd, NULL, &msg)) { TranslateMessage(&msg); DispatchMessageW(&msg); } } UninitLua(); WSACleanup(); return (int) msg.wParam; }
bool InitializeProfAPISharedObj() { gCAProfAPISharedMapFile = OpenFileMappingW(FILE_MAP_ALL_ACCESS, // read/write access FALSE, // do not inherit the name CPU_PROF_SHARED_OBJ); // name of mapping object if (!gCAProfAPISharedMapFile) { SECURITY_ATTRIBUTES secAttr; char secDesc[ SECURITY_DESCRIPTOR_MIN_LENGTH ]; secAttr.nLength = sizeof(secAttr); secAttr.bInheritHandle = FALSE; secAttr.lpSecurityDescriptor = &secDesc; bool bHasSD = false; OSVERSIONINFO osVersionInfo; osVersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if (GetVersionEx(&osVersionInfo)) { if (osVersionInfo.dwMajorVersion >= 6) { // Vista, Longhorn or later; bHasSD = true; } } if (bHasSD) { PSECURITY_DESCRIPTOR pSD; PACL pSacl = nullptr; // not allocated BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; ConvertStringSecurityDescriptorToSecurityDescriptorW(L"S:(ML;;NW;;;LW)", // this means "low integrity" SDDL_REVISION_1, &pSD, nullptr); GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted); SetSecurityDescriptorSacl(secAttr.lpSecurityDescriptor, TRUE, pSacl, FALSE); } InitializeSecurityDescriptor(secAttr.lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(secAttr.lpSecurityDescriptor, TRUE, 0, FALSE); gCAProfAPISharedMapFile = CreateFileMappingW(INVALID_HANDLE_VALUE, &secAttr, // default security PAGE_READWRITE, // read/write access 0, // max. object size CPU_PROF_SHARED_MEM_SIZE, // buffer size CPU_PROF_SHARED_OBJ); // name of mapping object } if (gCAProfAPISharedMapFile) { return true; } else { return false; } }