NTSTATUS CreateLpcPort(PLPC_PORT LpcPort, LPCWSTR PortName) { NTSTATUS status; OBJECT_ATTRIBUTES portAttr; UNICODE_STRING usPortName; ULONG maxDataSize; maxDataSize = sizeof(LPC_MESSAGE); RtlInitUnicodeString(&usPortName, PortName); InitializeObjectAttributes(&portAttr, &usPortName, 0, NULL, NULL); log("Port Creating..."); status = NtCreatePort( &LpcPort->hPort, &portAttr, MAX_CONNECT_INFO_SIZE, maxDataSize, 0); if (NT_SUCCESS(status)) { log("OK\n"); } else { log("Failed.\nstatus: %x\n", status); } return status; }
main() { NTSTATUS st; OBJECT_ATTRIBUTES Obja; InitializeObjectAttributes(&Obja, NULL, 0, NULL, NULL); st = NtCreatePort( &DebugPort, &Obja, 0L, 256, 256 * 16 ); ASSERT(NT_SUCCESS(st)); UdbgTest2(); UdbgTest1(); }
NTSTATUS StartAuthenticationPort(VOID) { OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING PortName; DWORD ThreadId; UNICODE_STRING EventName; HANDLE EventHandle; NTSTATUS Status; TRACE("StartAuthenticationPort()\n"); /* Initialize the logon context list */ InitializeListHead(&LsapLogonContextList); RtlInitUnicodeString(&PortName, L"\\LsaAuthenticationPort"); InitializeObjectAttributes(&ObjectAttributes, &PortName, 0, NULL, NULL); Status = NtCreatePort(&AuthPortHandle, &ObjectAttributes, sizeof(LSA_CONNECTION_INFO), sizeof(LSA_API_MSG), sizeof(LSA_API_MSG) * 32); if (!NT_SUCCESS(Status)) { WARN("NtCreatePort() failed (Status %lx)\n", Status); return Status; } RtlInitUnicodeString(&EventName, L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED"); InitializeObjectAttributes(&ObjectAttributes, &EventName, OBJ_CASE_INSENSITIVE | OBJ_PERMANENT, NULL, NULL); Status = NtOpenEvent(&EventHandle, EVENT_MODIFY_STATE, &ObjectAttributes); if (!NT_SUCCESS(Status)) { TRACE("NtOpenEvent failed (Status 0x%08lx)\n", Status); Status = NtCreateEvent(&EventHandle, EVENT_MODIFY_STATE, &ObjectAttributes, NotificationEvent, FALSE); if (!NT_SUCCESS(Status)) { WARN("NtCreateEvent failed (Status 0x%08lx)\n", Status); return Status; } } Status = NtSetEvent(EventHandle, NULL); NtClose(EventHandle); if (!NT_SUCCESS(Status)) { WARN("NtSetEvent failed (Status 0x%08lx)\n", Status); return Status; } PortThreadHandle = CreateThread(NULL, 0x1000, (LPTHREAD_START_ROUTINE)AuthPortThreadRoutine, NULL, 0, &ThreadId); return STATUS_SUCCESS; }
NTSTATUS PhSvcApiPortInitialization( _In_ PUNICODE_STRING PortName ) { static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY; NTSTATUS status; OBJECT_ATTRIBUTES objectAttributes; PSECURITY_DESCRIPTOR securityDescriptor; ULONG sdAllocationLength; UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2]; PSID administratorsSid; PACL dacl; ULONG i; // Create the API port. administratorsSid = (PSID)administratorsSidBuffer; RtlInitializeSid(administratorsSid, &ntAuthority, 2); *RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID; *RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS; sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH + (ULONG)sizeof(ACL) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(administratorsSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeEveryoneSid); securityDescriptor = PhAllocate(sdAllocationLength); dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor, SECURITY_DESCRIPTOR_MIN_LENGTH); RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION); RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_ALL_ACCESS, administratorsSid); RtlAddAccessAllowedAce(dacl, ACL_REVISION, PORT_CONNECT, &PhSeEveryoneSid); RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE); InitializeObjectAttributes( &objectAttributes, PortName, OBJ_CASE_INSENSITIVE, NULL, securityDescriptor ); status = NtCreatePort( &PhSvcApiPortHandle, &objectAttributes, sizeof(PHSVC_API_CONNECTINFO), PhIsExecutingInWow64() ? sizeof(PHSVC_API_MSG64) : sizeof(PHSVC_API_MSG), 0 ); PhFree(securityDescriptor); if (!NT_SUCCESS(status)) return status; // Start the API threads. PhSvcApiThreadContextTlsIndex = TlsAlloc(); for (i = 0; i < 2; i++) { PhCreateThread2(PhSvcApiRequestThreadStart, NULL); } return status; }
/*++ * @name CsrSbApiPortInitialize * * The CsrSbApiPortInitialize routine initializes the LPC Port used for * communications with the Session Manager (SM) and initializes the static * thread that will handle connection requests and APIs. * * @param None * * @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL otherwise. * * @remarks None. * *--*/ NTSTATUS NTAPI CsrSbApiPortInitialize(VOID) { ULONG Size; PSECURITY_DESCRIPTOR PortSd; OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS Status; HANDLE hRequestThread; CLIENT_ID ClientId; /* Calculate how much space we'll need for the Port Name */ Size = CsrDirectoryName.Length + sizeof(SB_PORT_NAME) + sizeof(WCHAR); /* Create the buffer for it */ CsrSbApiPortName.Buffer = RtlAllocateHeap(CsrHeap, 0, Size); if (!CsrSbApiPortName.Buffer) return STATUS_NO_MEMORY; /* Setup the rest of the empty string */ CsrSbApiPortName.Length = 0; CsrSbApiPortName.MaximumLength = (USHORT)Size; /* Now append the full port name */ RtlAppendUnicodeStringToString(&CsrSbApiPortName, &CsrDirectoryName); RtlAppendUnicodeToString(&CsrSbApiPortName, UNICODE_PATH_SEP); RtlAppendUnicodeToString(&CsrSbApiPortName, SB_PORT_NAME); if (CsrDebug & 2) DPRINT1("CSRSS: Creating %wZ port and associated thread\n", &CsrSbApiPortName); /* Create Security Descriptor for this Port */ Status = CsrCreateLocalSystemSD(&PortSd); if (!NT_SUCCESS(Status)) return Status; /* Initialize the Attributes */ InitializeObjectAttributes(&ObjectAttributes, &CsrSbApiPortName, 0, NULL, PortSd); /* Create the Port Object */ Status = NtCreatePort(&CsrSbApiPort, &ObjectAttributes, sizeof(SB_CONNECTION_INFO), sizeof(SB_API_MSG), 32 * sizeof(SB_API_MSG)); if (PortSd) RtlFreeHeap(CsrHeap, 0, PortSd); if (NT_SUCCESS(Status)) { /* Create the Thread to handle the API Requests */ Status = RtlCreateUserThread(NtCurrentProcess(), NULL, TRUE, 0, 0, 0, (PVOID)CsrSbApiRequestThread, NULL, &hRequestThread, &ClientId); if (NT_SUCCESS(Status)) { /* Add it as a Static Server Thread */ CsrSbApiRequestThreadPtr = CsrAddStaticServerThread(hRequestThread, &ClientId, 0); /* Activate it */ Status = NtResumeThread(hRequestThread, NULL); } } return Status; }
int security_reference_monitor_t::run() { const int maxlen = 0x100; //dprintf("starting kthread %p p = %p\n", this, process); current = static_cast<thread_t*>( this ); //dprintf("current->process = %p\n", current->process); object_attributes_t rm_oa( (PCWSTR) L"\\SeRmCommandPort" ); HANDLE port = 0, client = 0; NTSTATUS r = NtCreatePort( &port, &rm_oa, 0x100, 0x100, 0 ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtCreatePort(SeRmCommandPort) failed r = %08lx\n", r); BYTE buf[maxlen]; LPC_MESSAGE *req = (LPC_MESSAGE*) buf; r = NtListenPort( port, req ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtListenPort(SeRmCommandPort) failed r = %08lx\n", r); HANDLE conn_port = 0; r = NtAcceptConnectPort( &conn_port, 0, req, TRUE, NULL, NULL ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtAcceptConnectPort(SeRmCommandPort) failed r = %08lx\n", r); r = NtCompleteConnectPort( conn_port ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtCompleteConnectPort(SeRmCommandPort) failed r = %08lx\n", r); unicode_string_t lsa; lsa.copy( (PCWSTR) L"\\SeLsaCommandPort" ); SECURITY_QUALITY_OF_SERVICE qos; qos.Length = sizeof(qos); qos.ImpersonationLevel = SecurityAnonymous; qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; qos.EffectiveOnly = TRUE; r = NtConnectPort( &client, &lsa, &qos, NULL, NULL, NULL, NULL, NULL ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtConnectPort(SeLsaCommandPort) failed r = %08lx\n", r); while (!terminated) { ULONG client_handle; r = NtReplyWaitReceivePort( port, &client_handle, 0, req ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtReplyWaitReceivePort(SeRmCommandPort) failed r = %08lx\n", r); dprintf("got message %ld\n", req->MessageId ); // send something back... r = NtReplyPort( port, req ); if (r == STATUS_THREAD_IS_TERMINATING) return 0; if (r < STATUS_SUCCESS) die("NtReplyPort(SeRmCommandPort) failed r = %08lx\n", r); } dprintf("done\n"); return 0; }
/********************************************************************** * PdxInitializeListener/1 PRIVATE * * DESCRIPTION * Initialize a thread to make an LPC port listen. */ PRIVATE NTSTATUS STDCALL PdxInitializeListener (ULONG ulIndex) { NTSTATUS Status; OBJECT_ATTRIBUTES Oa; ULONG ulThreadIndex; RtlInitUnicodeString ( & Server.Port[ulIndex].usName, Server.Port[ulIndex].wsName ); InitializeObjectAttributes( & Oa, & Server.Port[ulIndex].usName, 0, NULL, NULL ); /* Create the listening LPC port */ Status = NtCreatePort ( & Server.Port[ulIndex].hObject, & Oa, 260, 328, 0 ); if (!NT_SUCCESS(Status)) { debug_print( L"PSXSS: Unable to create port \"%s\": Status %08x\n", Server.Port[ulIndex].wsName, Status); return Status; } /* * Create the server thread that will process * messages sent to this port. */ for ( ulThreadIndex = 0; (ulThreadIndex < PSXSS_THREADS_PER_PORT); ulThreadIndex ++ ) { #ifdef __PSXSS_ON_W32__ Server.Port[ulIndex].ThreadInfo[ulThreadIndex].hObject = CreateThread ( NULL, 0, (PTHREAD_START_ROUTINE) Server.Port[ulIndex].EntryPoint, (PVOID) ulIndex, CREATE_SUSPENDED, & Server.Port[ulIndex].ThreadInfo[ulThreadIndex].Id ); if (NULL == Server.Port[ulIndex].ThreadInfo[ulThreadIndex].hObject) #else if (!NT_SUCCESS(Status)) #endif { debug_print( L"PSXSS: Unable to create a server thread for port \"%s\": Status %08x\n", Server.Port[ulIndex].wsName, Status ); NtClose (Server.Port[ulIndex].hObject); return Status; } } return STATUS_SUCCESS; }
NTSTATUS LsapRmInitializeServer(VOID) { UNICODE_STRING Name; OBJECT_ATTRIBUTES ObjectAttributes; SECURITY_QUALITY_OF_SERVICE SecurityQos; HANDLE InitEvent; HANDLE ThreadHandle; DWORD ThreadId; NTSTATUS Status; /* Create the LSA command port */ RtlInitUnicodeString(&Name, L"\\SeLsaCommandPort"); InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL); Status = NtCreatePort(&SeLsaCommandPort, &ObjectAttributes, 0, PORT_MAXIMUM_MESSAGE_LENGTH, 2 * PAGE_SIZE); if (!NT_SUCCESS(Status)) { ERR("LsapRmInitializeServer - Port Create failed 0x%lx\n", Status); return Status; } /* Open the LSA init event */ RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent"); InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL); Status = NtOpenEvent(&InitEvent, 2, &ObjectAttributes); if (!NT_SUCCESS(Status)) { ERR("LsapRmInitializeServer - Lsa Init Event Open failed 0x%lx\n", Status); return Status; } /* Signal the kernel, that we are ready */ Status = NtSetEvent(InitEvent, 0); if (!NT_SUCCESS(Status)) { ERR("LsapRmInitializeServer - Set Init Event failed 0x%lx\n", Status); return Status; } /* Setup the QoS structure */ SecurityQos.ImpersonationLevel = SecurityIdentification; SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; SecurityQos.EffectiveOnly = TRUE; /* Connect to the kernel server */ RtlInitUnicodeString(&Name, L"\\SeRmCommandPort"); Status = NtConnectPort(&SeRmCommandPort, &Name, &SecurityQos, NULL, NULL, NULL, NULL, NULL); if (!NT_SUCCESS(Status)) { ERR("LsapRmInitializeServer - Connect to Rm Command Port failed 0x%lx\n", Status); return Status; } /* Create the server thread */ ThreadHandle = CreateThread(NULL, 0, LsapRmServerThread, NULL, 0, &ThreadId); if (ThreadHandle == NULL) { ERR("LsapRmInitializeServer - Create Thread failed 0x%lx\n", Status); return STATUS_INSUFFICIENT_RESOURCES; } /* Close the server thread handle */ CloseHandle(ThreadHandle); return STATUS_SUCCESS; }
NTSTATUS SepServerInitialize( ) { NTSTATUS Status; OBJECT_ATTRIBUTES ThreadAttributes; PTEB CurrentTeb; DbgPrint("Se: Server Initializing ...\n"); // // Initialize global variables // RequestCount = 0; // // Get a handle to our thread to so that we can access our thread // even when impersonating an anonymous client (which we can't do // using NtCurrentThread()). // CurrentTeb = NtCurrentTeb(); InitializeObjectAttributes(&ThreadAttributes, NULL, 0, NULL, NULL); Status = NtOpenThread( &SepServerThread, // TargetHandle THREAD_ALL_ACCESS, // DesiredAccess &ThreadAttributes, // ObjectAttributes &CurrentTeb->ClientId // ClientId ); ASSERT( NT_SUCCESS(Status) ); // // Create the server's port // InitializeObjectAttributes( &ObjectAttributes, &PortName, 0, NULL, NULL ); Status = NtCreatePort( &EarPort, &ObjectAttributes, 0, 4, 4 * 256 ); SEASSERT_SUCCESS(Status); // // Spawn a copy of ourselves... // DbgPrint("Se: Server Spawning client process ...\n"); SepServerSpawnClientProcess(); DbgPrint("Se: Server waiting for start of test signal ...\n"); Status = NtWaitForSingleObject( EventHandle, TRUE, NULL ); SEASSERT_SUCCESS(Status); Status = NtClose( EventHandle ); SEASSERT_SUCCESS(Status); return STATUS_SUCCESS; }