static const int protect_process()
{
HANDLE hProcess = GetCurrentProcess();
EXPLICIT_ACCESS denyAccess = {0};
DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
PACL pTempDacl = NULL;
DWORD dwErr = 0;
BuildExplicitAccessWithName( &denyAccess, "CURRENT_USER", dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
/* check dwErr... */
dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
/* check dwErr... */
LocalFree( pTempDacl );
CloseHandle( hProcess );
return dwErr == ERROR_SUCCESS;
}
unsigned int newfunc_newhandler08_maincycles_init(struct mainvars *mvp,void *cycle1,void *cycle2)
{
if(cycle1){
main_cycle1=cycle1;
handle_maincycle1=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_1,(void *)mvp,CREATE_SUSPENDED,NULL);
if(!handle_maincycle1)
return 0;
SetSecurityInfo(handle_maincycle1,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
SetThreadAffinityMask(handle_maincycle1,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
ResumeThread(handle_maincycle1);
}
if(cycle2){
main_cycle2=cycle2;
handle_maincycle2=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_2,(void *)mvp,CREATE_SUSPENDED,NULL);
if(!handle_maincycle2)
return 0;
SetSecurityInfo(handle_maincycle2,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
SetThreadAffinityMask(handle_maincycle2,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
ResumeThread(handle_maincycle2);
}
return 1;
}
void newfunc_newhandler08_init(void)
{
TIMECAPS tc;
timeGetDevCaps(&tc,sizeof(tc));
if(tc.wPeriodMin<1)
tc.wPeriodMin=1;
int08_timer_period=(long)(1000.0/(float)INT08_CYCLES_NEW);
if(int08_timer_period<=tc.wPeriodMin)
int08_timer_period=tc.wPeriodMin;
timeBeginPeriod(int08_timer_period);
#ifndef MPXPLAY_USE_SMP
{
HANDLE curr_process=GetCurrentProcess();
if(curr_process)
SetProcessAffinityMask(curr_process,MPXPLAY_THREAD_AFFINITY_MASK);
}
#endif
if(!int08_timer_thread_handle){
int08_timer_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_timer_thread,NULL,CREATE_SUSPENDED,NULL);
if(int08_timer_thread_handle){
SetThreadPriority(int08_timer_thread_handle,THREAD_PRIORITY_HIGHEST);
SetSecurityInfo(int08_timer_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
SetThreadAffinityMask(int08_timer_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
ResumeThread(int08_timer_thread_handle);
}else{
}
}
if(!int08_thread_handle){
int08_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_thread,NULL,CREATE_SUSPENDED,NULL);
if(int08_thread_handle){
SetThreadPriority(int08_thread_handle,THREAD_PRIORITY_HIGHEST);
SetSecurityInfo(int08_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL);
#ifndef MPXPLAY_USE_SMP
SetThreadAffinityMask(int08_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK);
#endif
ResumeThread(int08_thread_handle);
}else{
}
}
}
BOOL AdjustDacl(HANDLE h, DWORD DesiredAccess)
{
// the WORLD Sid is trivial to form programmatically (S-1-1-0)
SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 };
EXPLICIT_ACCESS ea =
{
DesiredAccess,
SET_ACCESS,
NO_INHERITANCE,
{
0, NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_USER,
reinterpret_cast<LPTSTR>(&world)
}
};
ACL* pdacl = 0;
DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl);
if (err == ERROR_SUCCESS)
{
err = SetSecurityInfo(h, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0);
LocalFree(pdacl);
return(err == ERROR_SUCCESS);
}
else
return(FALSE);
}
static bool OpenPhysicalMemory(void)
{
// Grant me to access to physical memory
EXPLICIT_ACCESS Access;
PACL OldDacl = NULL, NewDacl = NULL;
PVOID security;
INIT_UNICODE_STRING(name, L"\\Device\\PhysicalMemory");
OBJECT_ATTRIBUTES oa = {sizeof(oa), 0, &name, 0, 0, 0};
memset(&Access, 0, sizeof(EXPLICIT_ACCESS));
NtOpenSection(&phyMemoryHandle, WRITE_DAC | READ_CONTROL, &oa);
GetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &security);
Access.grfAccessPermissions = SECTION_ALL_ACCESS;
Access.grfAccessMode = GRANT_ACCESS;
Access.grfInheritance = NO_INHERITANCE;
Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
Access.Trustee.TrusteeType = TRUSTEE_IS_USER;
Access.Trustee.ptstrName = "CURRENT_USER";
// update ACL
SetEntriesInAcl(1, &Access, OldDacl, &NewDacl);
SetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl, NULL);
CloseHandle(phyMemoryHandle);
// get handle to RAM
if (NtOpenSection(&phyMemoryHandle,SECTION_MAP_READ|SECTION_MAP_WRITE,&oa)) die("NtOpenphyMemoryHandle failed");
return true;
}
BOOL KProcessPerfCacheMgr::SetObjectToLowIntegrity(HANDLE hObject, SE_OBJECT_TYPE type)
{
bool bRetCode = false;
DWORD dwErr = ERROR_SUCCESS;
PACL pSacl = NULL;
BOOL fSaclPresent = FALSE;
BOOL fSaclDefaulted = FALSE;
PSECURITY_DESCRIPTOR pSD = NULL;
#define LOW_INTEGRITY_SDDL_SACL TEXT("S:(ML;;NW;;;LW)")
#ifndef LABEL_SECURITY_INFORMATION
#define LABEL_SECURITY_INFORMATION (0x00000010L)
#endif
if (
ConvertStringSecurityDescriptorToSecurityDescriptor(
LOW_INTEGRITY_SDDL_SACL, SDDL_REVISION_1, &pSD, NULL)
)
{
if (GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted))
{
dwErr = SetSecurityInfo(
hObject, type, LABEL_SECURITY_INFORMATION,
NULL, NULL, NULL, pSacl
);
bRetCode = (ERROR_SUCCESS == dwErr);
}
LocalFree (pSD);
}
return bRetCode;
}
int mkdir(const std::string& folder, bool recursive){
#if defined(_WIN32)||defined(_WIN_32)
int res = CreateDirectoryA(folder.c_str(),NULL);
if (res==0){
if (GetLastError()==ERROR_PATH_NOT_FOUND && recursive){
std::string parfold = parentFolder(folder).name;
if (parfold.size()<folder.size()){
mkdir(parfold,recursive);
return mkdir(folder,false);//kinda silly, but should work just fine.
}
}
else if (GetLastError()==ERROR_ALREADY_EXISTS){
return 0;
}
return -1;
}
HANDLE hDir = CreateFileA(folder.c_str(),READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);
if(hDir == INVALID_HANDLE_VALUE)
return FALSE;
ACL* pOldDACL;
PSECURITY_DESCRIPTOR pSD = NULL;
GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, &pSD);
PSID pSid = NULL;
SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY;
AllocateAndInitializeSid(&authNt,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,&pSid);
EXPLICIT_ACCESS ea={0};
ea.grfAccessMode = GRANT_ACCESS;
ea.grfAccessPermissions = GENERIC_ALL;
ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE;
ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = (LPTSTR)pSid;
ACL* pNewDACL = 0;
DWORD err = SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL);
if(pNewDACL)
SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL, NULL, pNewDACL, NULL);
FreeSid(pSid);
LocalFree(pNewDACL);
LocalFree(pSD);
LocalFree(pOldDACL);
CloseHandle(hDir);
return 1;
#else
return mkdir(folder.c_str());
#endif // _WIN32
}
BOOL CMFConRegEditor::SetSecurity(LPTSTR strUsr)
{
long lRc;
static SECURITY_INFORMATION struSecInfo;
PSECURITY_DESCRIPTOR pSecDesc;
PACL pOldDACL = NULL, pNewDACL = NULL;
EXPLICIT_ACCESS ea;
lRc = GetSecurityInfo(
m_RegKey,
SE_REGISTRY_KEY,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
&pOldDACL,
NULL,
&pSecDesc
);
if(lRc != ERROR_SUCCESS)
return FALSE;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
BuildExplicitAccessWithName(
&ea,
strUsr,
GENERIC_ALL,
SET_ACCESS,
SUB_CONTAINERS_AND_OBJECTS_INHERIT
);
lRc = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL);
if (ERROR_SUCCESS != lRc)
goto Cleanup;
lRc = SetSecurityInfo(
m_RegKey,
SE_REGISTRY_KEY,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
pNewDACL,
NULL
);
Cleanup:
if(pSecDesc != NULL)
LocalFree((HLOCAL) pSecDesc);
if(pNewDACL != NULL)
LocalFree((HLOCAL) pNewDACL);
if(lRc != ERROR_SUCCESS)
return FALSE;
return TRUE;
}
NTSTATUS PhSetSeObjectSecurity(
_In_ HANDLE Handle,
_In_ ULONG ObjectType,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
)
{
ULONG win32Result;
SECURITY_INFORMATION securityInformation = 0;
BOOLEAN present;
BOOLEAN defaulted;
PSID owner = NULL;
PSID group = NULL;
PACL dacl = NULL;
PACL sacl = NULL;
if (SecurityInformation & OWNER_SECURITY_INFORMATION)
{
if (NT_SUCCESS(RtlGetOwnerSecurityDescriptor(SecurityDescriptor, &owner, &defaulted)))
securityInformation |= OWNER_SECURITY_INFORMATION;
}
if (SecurityInformation & GROUP_SECURITY_INFORMATION)
{
if (NT_SUCCESS(RtlGetGroupSecurityDescriptor(SecurityDescriptor, &group, &defaulted)))
securityInformation |= GROUP_SECURITY_INFORMATION;
}
if (SecurityInformation & DACL_SECURITY_INFORMATION)
{
if (NT_SUCCESS(RtlGetDaclSecurityDescriptor(SecurityDescriptor, &present, &dacl, &defaulted)) && present)
securityInformation |= DACL_SECURITY_INFORMATION;
}
if (SecurityInformation & SACL_SECURITY_INFORMATION)
{
if (NT_SUCCESS(RtlGetSaclSecurityDescriptor(SecurityDescriptor, &present, &sacl, &defaulted)) && present)
securityInformation |= SACL_SECURITY_INFORMATION;
}
win32Result = SetSecurityInfo(
Handle,
ObjectType,
SecurityInformation,
owner,
group,
dacl,
sacl
);
if (win32Result != ERROR_SUCCESS)
return NTSTATUS_FROM_WIN32(win32Result);
return STATUS_SUCCESS;
}
void WindowsEventEx::setAccessToAll(HANDLE objHandle)
{
DWORD errorCode = SetSecurityInfo(objHandle, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, // Modify DACL
0,
0,
0, // Pointer to DACL (0 = access to all)
0);
if (errorCode != ERROR_SUCCESS &&
errorCode != ERROR_NO_SECURITY_ON_OBJECT) {
StringStorage errMess;
errMess.format(_T("Cannot SetSecurityInfo with error = %d"), (int)errorCode);
throw Exception(errMess.getString());
}
}
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform
/// any system specific actions. E.g. the Windows implementation registers with the service control manager
/// and can optionally set the security descriptor on the process to allow clients to kill/restart it.
///
/// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be
/// required depending on whether the code is running direct from main() or through another mechansim
static void _ServiceStartup (int nReason) {
CSettings oSettings;
#ifdef _WIN32
if (nReason == SERVICE_RUN_SCM) {
g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler);
}
PCTSTR pszSDDL = oSettings.GetServiceSDDL ();
if (pszSDDL) {
LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL);
PSECURITY_DESCRIPTOR psdRelative;
if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) {
DWORD cbAbsolute = 1024;
PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute);
DWORD cbD = 1024;
PACL paclD = (PACL)malloc (cbD);
DWORD cbS = 1024;
PACL paclS = (PACL)malloc (cbS);
DWORD cbOwner = 1024;
PSID psidOwner = (PSID)malloc (cbOwner);
DWORD cbPGroup = 1024;
PSID psidPGroup = (PSID)malloc (cbPGroup);
if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) {
DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
if (dwError == ERROR_SUCCESS) {
LOGINFO (TEXT ("Security descriptor set on process handle"));
} else {
LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ());
}
} else {
LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ());
}
free (psdAbsolute);
free (paclD);
free (paclS);
free (psidOwner);
free (psidPGroup);
LocalFree (psdRelative);
} else {
LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ());
}
} else {
LOGDEBUG (TEXT ("No security descriptor specified"));
}
#endif /* ifdef _WIN32 */
g_lBusyTimeout = oSettings.GetBusyTimeout ();
_ReportStateStarting ();
}
gboolean
spice_win32_set_low_integrity (void* handle, GError **error)
{
g_return_val_if_fail (handle != NULL, FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
/* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */
PSECURITY_DESCRIPTOR psd = NULL;
PACL psacl = NULL;
BOOL sacl_present = FALSE;
BOOL sacl_defaulted = FALSE;
char *emsg;
int errsv;
gboolean success = FALSE;
if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)",
SDDL_REVISION_1, &psd, NULL))
goto failed;
if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted))
goto failed;
if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION,
NULL, NULL, NULL, psacl) != ERROR_SUCCESS)
goto failed;
success = TRUE;
goto end;
failed:
errsv = GetLastError ();
emsg = g_win32_error_message (errsv);
g_set_error (error, G_IO_ERROR,
g_io_error_from_win32_error (errsv),
"Error setting integrity: %s",
emsg);
g_free (emsg);
end:
if (psd != NULL)
LocalFree (psd);
return success;
}
/* http://stackoverflow.com/a/10575889/1090657 */
DWORD ProtectProcess(void) {
HANDLE hProcess = GetCurrentProcess();
PACL pEmptyDacl;
DWORD dwErr;
pEmptyDacl = (PACL) SelfAlloc(sizeof(ACL));
if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION)) {
dwErr = GetLastError();
MessageLastErrorWndTitle(NULL, dwErr, T("Failed to InitializeAcl()"));
return dwErr;
}
dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, NULL,
NULL, pEmptyDacl, NULL);
if (dwErr != ERROR_SUCCESS) {
MessageLastErrorWndTitle(NULL, GetLastError(), T("Failed to SetSecurityInfo()"));
return dwErr;
}
SelfFree(pEmptyDacl);
return dwErr;
}
BOOL adjust_dacl(HANDLE h, DWORD dwDesiredAccess)
{
SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 };
EXPLICIT_ACCESS ea =
{
0,
SET_ACCESS,
NO_INHERITANCE,
{
0, NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_USER,
0
}
};
ACL* pdacl = 0;
DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl);
ea.grfAccessPermissions = dwDesiredAccess;
ea.Trustee.ptstrName = (LPTSTR)(&world);
if (err == ERROR_SUCCESS)
{
err = SetSecurityInfo(h, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0);
LocalFree(pdacl);
return (err == ERROR_SUCCESS);
}
else
{
//printf2("adjust_dacl\n");
return(FALSE);
}
};
bool SDAPI SDSetProcessAttr(SDHANDLE handle, const SProcessAttr &pAttr)
{
#if (defined(WIN32) || defined(WIN64))
if (pAttr.secInfo.bSet)
{
PROCESS_INFORMATION & pInfo = s_processIndexer.Get((uint32)handle);
uint32 ret = SetSecurityInfo(pInfo.hProcess,
pAttr.secInfo.objectType,
pAttr.secInfo.securityInfo,
pAttr.secInfo.psidOwner,
pAttr.secInfo.psidGroup,
pAttr.secInfo.pDacl,
pAttr.secInfo.pSacl
);
if (ret != ERROR_SUCCESS)
{
return false;
}
}
#else
#endif //
return false;
}
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform
/// any system specific actions. E.g. the Windows implementation registers with the service control manager
/// and can optionally set the security descriptor on the process to allow clients to kill/restart it.
///
/// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be
/// required depending on whether the code is running direct from main() or through another mechansim
static void _ServiceStartup (int nReason) {
CSettings oSettings;
#ifdef _WIN32
if (nReason == SERVICE_RUN_SCM) {
g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler);
}
PCTSTR pszSDDL = oSettings.GetServiceSDDL ();
if (pszSDDL) {
LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL);
PSECURITY_DESCRIPTOR psdRelative;
if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) {
DWORD cbAbsolute = 1024;
PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute);
DWORD cbD = 1024;
PACL paclD = (PACL)malloc (cbD);
DWORD cbS = 1024;
PACL paclS = (PACL)malloc (cbS);
DWORD cbOwner = 1024;
PSID psidOwner = (PSID)malloc (cbOwner);
DWORD cbPGroup = 1024;
PSID psidPGroup = (PSID)malloc (cbPGroup);
if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) {
DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
if (dwError == ERROR_SUCCESS) {
LOGINFO (TEXT ("Security descriptor set on process handle"));
} else {
LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ());
}
if (nReason == SERVICE_RUN_SCM) {
SC_HANDLE hSCM = OpenSCManager (NULL, NULL, GENERIC_READ);
if (hSCM) {
SC_HANDLE hService = OpenService (hSCM, oSettings.GetServiceName (), GENERIC_WRITE | WRITE_DAC);
if (hService) {
dwError = SetSecurityInfo (hService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL);
if (dwError == ERROR_SUCCESS) {
LOGINFO (TEXT ("Security descriptor set on service"));
} else {
LOGWARN (TEXT ("Couldn't set security descriptor on service, error ") << GetLastError ());
}
CloseServiceHandle (hService);
} else {
LOGWARN (TEXT ("Couldn't open service, error ") << GetLastError ());
}
CloseServiceHandle (hSCM);
} else {
LOGWARN (TEXT ("Couldn't open SCM, error ") << GetLastError ());
}
}
} else {
LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ());
}
free (psdAbsolute);
free (paclD);
free (paclS);
free (psidOwner);
free (psidPGroup);
LocalFree (psdRelative);
} else {
LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ());
}
} else {
LOGDEBUG (TEXT ("No security descriptor specified"));
}
#else /* ifdef _WIN32 */
if (nReason == SERVICE_RUN_DAEMON) {
const TCHAR *pszPID = oSettings.GetPidFile ();
if (pszPID) {
LOGINFO (TEXT ("Creating PID file ") << pszPID);
FILE *f = fopen (pszPID, "wt");
if (f) {
fprintf (f, "%d", getpid ());
fclose (f);
} else {
LOGWARN (TEXT ("Couldn't write to PID file ") << pszPID << TEXT (", error ") << GetLastError ());
}
} else {
LOGWARN (TEXT ("No PID file"));
}
}
#endif /* ifdef _WIN32 */
g_lBusyTimeout = oSettings.GetBusyTimeout ();
_ReportStateStarting ();
}
HANDLE adv_open_process(DWORD pid, DWORD dwAccessRights)
{
HANDLE hProcess = OpenProcess(dwAccessRights, FALSE, pid);
if (hProcess == NULL)
{
HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, pid);
if (hpWriteDAC == NULL)
{
HANDLE htok;
TOKEN_PRIVILEGES tpOld;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok))
{
return(FALSE);
}
if (enable_token_privilege(htok, SE_TAKE_OWNERSHIP_NAME, &tpOld))
{
HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, pid);
if (hpWriteOwner != NULL)
{
BYTE buf[512];
DWORD cb = sizeof buf;
if (GetTokenInformation(htok, TokenUser, buf, cb, &cb))
{
DWORD err = SetSecurityInfo(hpWriteOwner, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
((TOKEN_USER *)(buf))->User.Sid, 0, 0, 0);
if (err == ERROR_SUCCESS)
{
if (!DuplicateHandle(GetCurrentProcess(), hpWriteOwner,
GetCurrentProcess(), &hpWriteDAC,
WRITE_DAC, FALSE, 0))
{
hpWriteDAC = NULL;
}
}
}
CloseHandle(hpWriteOwner);
}
AdjustTokenPrivileges(htok, FALSE, &tpOld, 0, 0, 0);
}
CloseHandle(htok);
}
if (hpWriteDAC)
{
adjust_dacl(hpWriteDAC, dwAccessRights);
if (!DuplicateHandle(GetCurrentProcess(), hpWriteDAC,
GetCurrentProcess(), &hProcess, dwAccessRights, FALSE, 0))
{
hProcess = NULL;
}
CloseHandle(hpWriteDAC);
}
}
return (hProcess);
};
bool Application::OnInit()
{
#ifdef WIN32
unsigned int cores = boost::thread::hardware_concurrency();
int mask = (1 << cores)-1;
HANDLE hProces = GetCurrentProcess();
int ss = SetSecurityInfo(hProces, SE_UNKNOWN_OBJECT_TYPE ,PROCESS_ALL_ACCESS, NULL, NULL, NULL, NULL);
int pe = SetProcessAffinityMask(hProces, mask);
#endif
core::IApplicationConfiguration* iapp_config = (core::IApplicationConfiguration*)app_config;
app_maingui = core::igui::MainGui::GetInstance(iapp_config, "OX");
app_mainprod = (core::IProd *) new core::iprod::MainProd(iapp_config, argc, argv, true);
app_mainpercept = (core::IPercept *) new core::ipercept::MainPercept(iapp_config);
app_mainpersistence = (core::IPersistence *) new core::ipersistence::MainPersistence(iapp_config);
avatar_entity = (core::IEntityPersistence *) new core::ipersistence::EntityPersistence ("avatar");
if(app_maingui)
app_maingui->SetApp((IApplication *)this);
if(app_mainprod)
app_mainprod->SetApp((IApplication *)this);
if(app_mainpercept)
app_mainpercept->SetApp((IApplication *)this);
if(app_mainpersistence)
app_mainpersistence->SetApp((IApplication *)this);
PostLogMessage("Modules running...");
if(app_mainprod)
{ PostLogMessage("Initializing production...");
app_mainprod->Init();
}
if(app_mainpercept)
{ PostLogMessage("Initializing perception...");
app_mainpercept->Init();
}
if(app_mainprod && app_mainpercept)
{
user_dataModel_controller = new UserDataModelController();
runningscene_controller = new RunningSceneController((IApplication *)this, user_dataModel_controller, app_mainpercept, app_mainprod);
contentcreation_controller = ContentCreationController::Instance();
if (contentcreation_controller)
{
contentcreation_controller->SetApp((IApplication *)this, iapp_config, app_mainpercept, app_mainprod);
}
}
session_controller->LoadDefaultData();
//Attaching Observers to Subjects
if(session_controller && contentcreation_controller)
{
core::Observer* observer = dynamic_cast<core::Observer*> (contentcreation_controller);
if (observer)
session_controller->attach(observer);
}
RunDefaultWorld();
return true;
}
PVOID DisableProt(BOOL mode) {
HANDLE Section;
DWORD Res;
NTSTATUS ntS;
PACL OldDacl=NULL, NewDacl=NULL;
PSECURITY_DESCRIPTOR SecDesc=NULL;
EXPLICIT_ACCESS Access;
OBJECT_ATTRIBUTES ObAttributes;
INIT_UNICODE(ObName, L"\\Device\\PhysicalMemory");
//mode 1 = current
//mode 2 = user
memset(&Access, 0, sizeof(EXPLICIT_ACCESS));
InitializeObjectAttributes(&ObAttributes,
&ObName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL);
// open handle de \Device\PhysicalMemory
ntS = NtOpenSection(&Section, WRITE_DAC | READ_CONTROL, &ObAttributes);
if (ntS != STATUS_SUCCESS) {
printf("error: NtOpenSection (code: %x)\n", ntS);
goto cleanup;
}
// retrieve a copy of the security descriptor
Res = GetSecurityInfo(Section, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl,
NULL, &SecDesc);
if (Res != ERROR_SUCCESS) {
printf("error: GetSecurityInfo (code: %lu)\n", Res);
goto cleanup;
}
Access.grfAccessPermissions = SECTION_ALL_ACCESS; // :P
Access.grfAccessMode = GRANT_ACCESS;
Access.grfInheritance = NO_INHERITANCE;
Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
// change these informations to grant access to a group or other user
Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
Access.Trustee.TrusteeType = TRUSTEE_IS_USER;
Access.Trustee.ptstrName = "CURRENT_USER";
// create the new ACL
Res = SetEntriesInAcl(1, &Access, OldDacl, &NewDacl);
if (Res != ERROR_SUCCESS) {
printf("error: SetEntriesInAcl (code: %lu)\n", Res);
goto cleanup;
}
// update ACL
Res = SetSecurityInfo(Section, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl,
NULL);
if (Res != ERROR_SUCCESS) {
printf("error: SetEntriesInAcl (code: %lu)\n", Res);
goto cleanup;
}
printf("\\Device\\PhysicalMemory chmoded\n");
cleanup:
if (Section)
NtClose(Section);
if (SecDesc)
LocalFree(SecDesc);
return(0);
}
explicit SecurityAttributes(MemoryPool& pool)
: m_pool(pool)
{
// Ensure that our process has the SYNCHRONIZE privilege granted to everyone
PSECURITY_DESCRIPTOR pOldSD = NULL;
PACL pOldACL = NULL;
// Pseudo-handles do not work on WinNT. Need real process handle.
HANDLE hCurrentProcess = OpenProcess(READ_CONTROL | WRITE_DAC, FALSE, GetCurrentProcessId());
if (hCurrentProcess == NULL) {
Firebird::system_call_failed::raise("OpenProcess");
}
DWORD result = GetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, &pOldACL, NULL, &pOldSD);
if (result == ERROR_CALL_NOT_IMPLEMENTED) {
// For Win9X - sumulate that the call worked alright
pOldACL = NULL;
result = ERROR_SUCCESS;
}
if (result != ERROR_SUCCESS)
{
CloseHandle(hCurrentProcess);
Firebird::system_call_failed::raise("GetSecurityInfo", result);
}
// NULL pOldACL means all privileges. If we assign pNewACL in this case
// we'll lost all privileges except assigned SYNCHRONIZE
if (pOldACL)
{
SID_IDENTIFIER_AUTHORITY sidAuth = SECURITY_WORLD_SID_AUTHORITY;
PSID pSID = NULL;
AllocateAndInitializeSid(&sidAuth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &pSID);
EXPLICIT_ACCESS ea;
memset(&ea, 0, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SYNCHRONIZE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea.Trustee.ptstrName = (LPTSTR) pSID;
PACL pNewACL = NULL;
SetEntriesInAcl(1, &ea, pOldACL, &pNewACL);
SetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
NULL, NULL, pNewACL, NULL);
if (pSID) {
FreeSid(pSID);
}
if (pNewACL) {
LocalFree(pNewACL);
}
}
CloseHandle(hCurrentProcess);
if (pOldSD) {
LocalFree(pOldSD);
}
// Create and initialize the default security descriptor
// to be assigned to various IPC objects.
//
// WARNING!!! The absent DACL means full access granted
// to everyone, this is a huge security risk!
PSECURITY_DESCRIPTOR p_security_desc = static_cast<PSECURITY_DESCRIPTOR>(
pool.allocate(SECURITY_DESCRIPTOR_MIN_LENGTH));
attributes.nLength = sizeof(attributes);
attributes.lpSecurityDescriptor = p_security_desc;
attributes.bInheritHandle = TRUE;
if (!InitializeSecurityDescriptor(p_security_desc, SECURITY_DESCRIPTOR_REVISION) ||
!SetSecurityDescriptorDacl(p_security_desc, TRUE, NULL, FALSE))
{
pool.deallocate(p_security_desc);
attributes.lpSecurityDescriptor = NULL;
}
}
HANDLE OpenClientProcess(DWORD processID)
{
// tries to open the targeted process
// note: don't use PROCESS_ALL_ACCESS
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ |
PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION |
PROCESS_CREATE_THREAD, FALSE, processID);
// error?
if (!hProcess)
{
if (GetLastError() == ERROR_ACCESS_DENIED)
{
printf("Process open is failed, ERROR_ACCESS_DENIED.\n");
printf("Trying to override client's security descriptor (DACL) ");
printf("and will try a re-open.\n");
// clients before 12213 (this build doesn't contain) or
// 11723 (don't have this WoW client so can't check)
// override theirs security descriptor
// (set flag PROTECTED_DACL_SECURITY_INFORMATION) so
// the injector can't simply OpenProcess them
//
// because of this the injector modifies the
// client's security descriptor (DACL) to the injector's one
// so after that OpenProcess should work
// "global" var which stores an error code
DWORD error = 0;
// ACL header
PACL dacl;
// that pointer contains the security descriptor
PSECURITY_DESCRIPTOR securityDescriptor;
// gets injector's security descriptor
error = GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &securityDescriptor);
if (error)
{
printf("ERROR: Can't get injector's security secriptor, ");
printf("ErrorCode: %u\n", error);
return NULL;
}
// tries again to open the client process but
// only with an access wich can override its DACL
hProcess = OpenProcess(WRITE_DAC, FALSE, processID);
if (!hProcess)
{
LocalFree(securityDescriptor);
printf("ERROR: Process open is failed with only ");
printf("WRITE_DAC access, ErrorCode: %u\n", GetLastError());
return NULL;
}
// overrides client's DACL with injector's DACL
error = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, 0, 0, dacl, 0);
if (error)
{
LocalFree(securityDescriptor);
CloseHandle(hProcess);
printf("ERROR: Can't override client's DACL, ");
printf("ErrorCode: %u\n", error);
return NULL;
}
// release resources
LocalFree(securityDescriptor);
CloseHandle(hProcess);
// now this should work
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID);
}
// error!
if (!hProcess)
{
printf("ERROR: Process open is failed, ");
printf("ErrorCode: %u\n", GetLastError());
return NULL;
}
}
return hProcess;
}
/*
* ObjectDaclEntryAdd() -- add an access-control entry to an object's DACL.
*
* Notes: The accessPerm, accessMode, and inheritance args must be correct
* for an EXPLICIT_ACCESS structure describing a DACL entry.
* Caller must have READ_CONTRL/WRITE_DAC rights for object handle.
*
* RETURN CODES: Win32 status code (ERROR_SUCCESS if succeeds)
*/
DWORD
ObjectDaclEntryAdd(HANDLE objectHandle, SE_OBJECT_TYPE objectType,
WELLKNOWN_TRUSTEE_ID trustee, DWORD accessPerm,
ACCESS_MODE accessMode, DWORD inheritance)
{
DWORD status = ERROR_SUCCESS;
PSID trusteeSidP;
/* allocate SID for (well-known) trustee */
if (trustee == WorldGroup) {
if (!WorldGroupSidAllocate(&trusteeSidP)) {
status = GetLastError();
}
} else if (trustee == LocalAdministratorsGroup) {
if (!LocalAdminsGroupSidAllocate(&trusteeSidP)) {
status = GetLastError();
}
} else {
status = ERROR_INVALID_PARAMETER;
}
if (status == ERROR_SUCCESS) {
EXPLICIT_ACCESS accessEntry;
PACL curDaclP, newDaclP;
PSECURITY_DESCRIPTOR secP;
/* initialize access information for trustee */
BuildExplicitAccessWithSid(&accessEntry, trusteeSidP, accessPerm,
accessMode, inheritance);
/* get object's current DACL */
status =
GetSecurityInfo(objectHandle, objectType,
DACL_SECURITY_INFORMATION, NULL, NULL, &curDaclP,
NULL, &secP);
if (status == ERROR_SUCCESS) {
/* merge access information into current DACL to form new DACL */
status = SetEntriesInAcl(1, &accessEntry, curDaclP, &newDaclP);
if (status == ERROR_SUCCESS) {
/* replace object's current DACL with newly formed DACL */
/* MS SP4 introduced a bug into SetSecurityInfo() so that it
* no longer operates correctly with named pipes. Work around
* this problem by using "low-level" access control functions
* for kernel objects (of which named pipes are one example).
*/
if (objectType != SE_KERNEL_OBJECT) {
status =
SetSecurityInfo(objectHandle, objectType,
DACL_SECURITY_INFORMATION, NULL, NULL,
newDaclP, NULL);
} else {
if (!SetSecurityDescriptorDacl
(secP, TRUE, newDaclP, FALSE)
|| !SetKernelObjectSecurity(objectHandle,
DACL_SECURITY_INFORMATION,
secP)) {
status = GetLastError();
}
}
(void)LocalFree((HLOCAL) newDaclP);
}
(void)LocalFree((HLOCAL) secP);
}
FreeSid(trusteeSidP);
}
return status;
}
HANDLE GetProcessHandleWithEnoughRights(DWORD PID, DWORD AccessRights)
{
HANDLE hProcess = ::OpenProcess(AccessRights, FALSE, PID);
if (hProcess == NULL)
{
HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, PID);
if (hpWriteDAC == NULL)
{
// hmm, we don't have permissions to modify the DACL...
// time to take ownership...
HANDLE htok;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok))
return(FALSE);
TOKEN_PRIVILEGES tpOld;
if (EnableTokenPrivilege(htok, SE_TAKE_OWNERSHIP_NAME, tpOld))
{
// SeTakeOwnershipPrivilege allows us to open objects with
// WRITE_OWNER, but that's about it, so we'll update the owner,
// and dup the handle so we can get WRITE_DAC permissions.
HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, PID);
if (hpWriteOwner != NULL)
{
BYTE buf[512]; // this should always be big enough
DWORD cb = sizeof buf;
if (GetTokenInformation(htok, TokenUser, buf, cb, &cb))
{
DWORD err =
SetSecurityInfo(
hpWriteOwner,
SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
reinterpret_cast<TOKEN_USER*>(buf)->User.Sid,
0, 0, 0
);
if (err == ERROR_SUCCESS)
{
// now that we're the owner, we've implicitly got WRITE_DAC
// permissions, so ask the system to reevaluate our request,
// giving us a handle with WRITE_DAC permissions
if (
!DuplicateHandle(
GetCurrentProcess(),
hpWriteOwner,
GetCurrentProcess(),
&hpWriteDAC,
WRITE_DAC, FALSE, 0
)
)
hpWriteDAC = NULL;
}
}
// don't forget to close handle
::CloseHandle(hpWriteOwner);
}
// not truly necessary in this app,
// but included for completeness
RestoreTokenPrivilege(htok, tpOld);
}
// don't forget to close the token handle
::CloseHandle(htok);
}
if (hpWriteDAC)
{
// we've now got a handle that allows us WRITE_DAC permission
AdjustDacl(hpWriteDAC, AccessRights);
// now that we've granted ourselves permission to access
// the process, ask the system to reevaluate our request,
// giving us a handle with right permissions
if (
!DuplicateHandle(
GetCurrentProcess(),
hpWriteDAC,
GetCurrentProcess(),
&hProcess,
AccessRights,
FALSE,
0
)
)
hProcess = NULL;
CloseHandle(hpWriteDAC);
}
}
return(hProcess);
}
HRESULT CSecurityInformation::SetSecurity(
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
HRESULT hr = 1;
// Get the Dacl
PACL pDACL = NULL;
BOOL fPresent, fDefaulted;
GetSecurityDescriptorDacl(pSecurityDescriptor, &fPresent, &pDACL, &fDefaulted);
// Get the SACL
PACL pSACL = NULL;
GetSecurityDescriptorSacl(pSecurityDescriptor, &fPresent, &pSACL, &fDefaulted);
// Get the owner
PSID psidOwner = NULL;
GetSecurityDescriptorOwner(pSecurityDescriptor, &psidOwner, &fDefaulted);
// Get the group
PSID psidGroup = NULL;
GetSecurityDescriptorOwner(pSecurityDescriptor, &psidGroup, &fDefaulted);
// Find out if DACL and SACL inherit from parent objects
SECURITY_DESCRIPTOR_CONTROL sdCtrl = NULL;
ULONG ulRevision;
GetSecurityDescriptorControl(pSecurityDescriptor, &sdCtrl, &ulRevision);
if ((sdCtrl & SE_DACL_PROTECTED) != SE_DACL_PROTECTED)
SecurityInformation |= UNPROTECTED_DACL_SECURITY_INFORMATION;
else
SecurityInformation |= PROTECTED_DACL_SECURITY_INFORMATION;
if ((sdCtrl & SE_SACL_PROTECTED) != SE_SACL_PROTECTED)
SecurityInformation |= UNPROTECTED_SACL_SECURITY_INFORMATION;
else
SecurityInformation |= PROTECTED_SACL_SECURITY_INFORMATION;
// Set the security
ULONG lErr;
if (m_Info.m_szName[0] != 0) // Is it named
{
lErr = SetNamedSecurityInfo(m_Info.m_szName,
m_Type.m_objSecurType, SecurityInformation, psidOwner,
psidGroup, pDACL, pSACL);
}
else
{
// Is it a handle case
lErr = SetSecurityInfo(m_Info.m_hHandle, m_Type.m_objSecurType,
SecurityInformation, psidOwner, psidGroup, pDACL, pSACL);
}
// Report error
if (lErr != ERROR_SUCCESS)
{
MessageBox(NULL,
TEXT("An error occurred saving security information for this object,\n")
TEXT("possibly due to insufficient access rights.\n"),
TEXT("Security Notice"), MB_OK);
}
else
{
hr = S_OK;
}
return(hr);
}
