static const int protect_process() { HANDLE hProcess = GetCurrentProcess(); EXPLICIT_ACCESS denyAccess = {0}; DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL; PACL pTempDacl = NULL; DWORD dwErr = 0; BuildExplicitAccessWithName( &denyAccess, "CURRENT_USER", dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE ); dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl ); /* check dwErr... */ dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL ); /* check dwErr... */ LocalFree( pTempDacl ); CloseHandle( hProcess ); return dwErr == ERROR_SUCCESS; }
unsigned int newfunc_newhandler08_maincycles_init(struct mainvars *mvp,void *cycle1,void *cycle2) { if(cycle1){ main_cycle1=cycle1; handle_maincycle1=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_1,(void *)mvp,CREATE_SUSPENDED,NULL); if(!handle_maincycle1) return 0; SetSecurityInfo(handle_maincycle1,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL); #ifndef MPXPLAY_USE_SMP SetThreadAffinityMask(handle_maincycle1,MPXPLAY_THREAD_AFFINITY_MASK); #endif ResumeThread(handle_maincycle1); } if(cycle2){ main_cycle2=cycle2; handle_maincycle2=(HANDLE)_beginthreadex(NULL,0,(void *)thread_maincycle_2,(void *)mvp,CREATE_SUSPENDED,NULL); if(!handle_maincycle2) return 0; SetSecurityInfo(handle_maincycle2,SE_KERNEL_OBJECT,MPXPLAY_MAINTHREAD_RIGHTS,NULL,NULL,NULL,NULL); #ifndef MPXPLAY_USE_SMP SetThreadAffinityMask(handle_maincycle2,MPXPLAY_THREAD_AFFINITY_MASK); #endif ResumeThread(handle_maincycle2); } return 1; }
void newfunc_newhandler08_init(void) { TIMECAPS tc; timeGetDevCaps(&tc,sizeof(tc)); if(tc.wPeriodMin<1) tc.wPeriodMin=1; int08_timer_period=(long)(1000.0/(float)INT08_CYCLES_NEW); if(int08_timer_period<=tc.wPeriodMin) int08_timer_period=tc.wPeriodMin; timeBeginPeriod(int08_timer_period); #ifndef MPXPLAY_USE_SMP { HANDLE curr_process=GetCurrentProcess(); if(curr_process) SetProcessAffinityMask(curr_process,MPXPLAY_THREAD_AFFINITY_MASK); } #endif if(!int08_timer_thread_handle){ int08_timer_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_timer_thread,NULL,CREATE_SUSPENDED,NULL); if(int08_timer_thread_handle){ SetThreadPriority(int08_timer_thread_handle,THREAD_PRIORITY_HIGHEST); SetSecurityInfo(int08_timer_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL); #ifndef MPXPLAY_USE_SMP SetThreadAffinityMask(int08_timer_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK); #endif ResumeThread(int08_timer_thread_handle); }else{ } } if(!int08_thread_handle){ int08_thread_handle=(HANDLE)_beginthreadex(NULL,0,(void *)newhandler_08_thread,NULL,CREATE_SUSPENDED,NULL); if(int08_thread_handle){ SetThreadPriority(int08_thread_handle,THREAD_PRIORITY_HIGHEST); SetSecurityInfo(int08_thread_handle,SE_KERNEL_OBJECT,MPXPLAY_INT08THREAD_RIGHTS,NULL,NULL,NULL,NULL); #ifndef MPXPLAY_USE_SMP SetThreadAffinityMask(int08_thread_handle,MPXPLAY_THREAD_AFFINITY_MASK); #endif ResumeThread(int08_thread_handle); }else{ } } }
BOOL AdjustDacl(HANDLE h, DWORD DesiredAccess) { // the WORLD Sid is trivial to form programmatically (S-1-1-0) SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 }; EXPLICIT_ACCESS ea = { DesiredAccess, SET_ACCESS, NO_INHERITANCE, { 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, reinterpret_cast<LPTSTR>(&world) } }; ACL* pdacl = 0; DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl); if (err == ERROR_SUCCESS) { err = SetSecurityInfo(h, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0); LocalFree(pdacl); return(err == ERROR_SUCCESS); } else return(FALSE); }
static bool OpenPhysicalMemory(void) { // Grant me to access to physical memory EXPLICIT_ACCESS Access; PACL OldDacl = NULL, NewDacl = NULL; PVOID security; INIT_UNICODE_STRING(name, L"\\Device\\PhysicalMemory"); OBJECT_ATTRIBUTES oa = {sizeof(oa), 0, &name, 0, 0, 0}; memset(&Access, 0, sizeof(EXPLICIT_ACCESS)); NtOpenSection(&phyMemoryHandle, WRITE_DAC | READ_CONTROL, &oa); GetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &security); Access.grfAccessPermissions = SECTION_ALL_ACCESS; Access.grfAccessMode = GRANT_ACCESS; Access.grfInheritance = NO_INHERITANCE; Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME; Access.Trustee.TrusteeType = TRUSTEE_IS_USER; Access.Trustee.ptstrName = "CURRENT_USER"; // update ACL SetEntriesInAcl(1, &Access, OldDacl, &NewDacl); SetSecurityInfo(phyMemoryHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl, NULL); CloseHandle(phyMemoryHandle); // get handle to RAM if (NtOpenSection(&phyMemoryHandle,SECTION_MAP_READ|SECTION_MAP_WRITE,&oa)) die("NtOpenphyMemoryHandle failed"); return true; }
BOOL KProcessPerfCacheMgr::SetObjectToLowIntegrity(HANDLE hObject, SE_OBJECT_TYPE type) { bool bRetCode = false; DWORD dwErr = ERROR_SUCCESS; PACL pSacl = NULL; BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; PSECURITY_DESCRIPTOR pSD = NULL; #define LOW_INTEGRITY_SDDL_SACL TEXT("S:(ML;;NW;;;LW)") #ifndef LABEL_SECURITY_INFORMATION #define LABEL_SECURITY_INFORMATION (0x00000010L) #endif if ( ConvertStringSecurityDescriptorToSecurityDescriptor( LOW_INTEGRITY_SDDL_SACL, SDDL_REVISION_1, &pSD, NULL) ) { if (GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted)) { dwErr = SetSecurityInfo( hObject, type, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, pSacl ); bRetCode = (ERROR_SUCCESS == dwErr); } LocalFree (pSD); } return bRetCode; }
int mkdir(const std::string& folder, bool recursive){ #if defined(_WIN32)||defined(_WIN_32) int res = CreateDirectoryA(folder.c_str(),NULL); if (res==0){ if (GetLastError()==ERROR_PATH_NOT_FOUND && recursive){ std::string parfold = parentFolder(folder).name; if (parfold.size()<folder.size()){ mkdir(parfold,recursive); return mkdir(folder,false);//kinda silly, but should work just fine. } } else if (GetLastError()==ERROR_ALREADY_EXISTS){ return 0; } return -1; } HANDLE hDir = CreateFileA(folder.c_str(),READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL); if(hDir == INVALID_HANDLE_VALUE) return FALSE; ACL* pOldDACL; PSECURITY_DESCRIPTOR pSD = NULL; GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, &pSD); PSID pSid = NULL; SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY; AllocateAndInitializeSid(&authNt,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,&pSid); EXPLICIT_ACCESS ea={0}; ea.grfAccessMode = GRANT_ACCESS; ea.grfAccessPermissions = GENERIC_ALL; ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE; ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; ea.Trustee.ptstrName = (LPTSTR)pSid; ACL* pNewDACL = 0; DWORD err = SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL); if(pNewDACL) SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL, NULL, pNewDACL, NULL); FreeSid(pSid); LocalFree(pNewDACL); LocalFree(pSD); LocalFree(pOldDACL); CloseHandle(hDir); return 1; #else return mkdir(folder.c_str()); #endif // _WIN32 }
BOOL CMFConRegEditor::SetSecurity(LPTSTR strUsr) { long lRc; static SECURITY_INFORMATION struSecInfo; PSECURITY_DESCRIPTOR pSecDesc; PACL pOldDACL = NULL, pNewDACL = NULL; EXPLICIT_ACCESS ea; lRc = GetSecurityInfo( m_RegKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, &pSecDesc ); if(lRc != ERROR_SUCCESS) return FALSE; ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); BuildExplicitAccessWithName( &ea, strUsr, GENERIC_ALL, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT ); lRc = SetEntriesInAcl(1, &ea, pOldDACL, &pNewDACL); if (ERROR_SUCCESS != lRc) goto Cleanup; lRc = SetSecurityInfo( m_RegKey, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL ); Cleanup: if(pSecDesc != NULL) LocalFree((HLOCAL) pSecDesc); if(pNewDACL != NULL) LocalFree((HLOCAL) pNewDACL); if(lRc != ERROR_SUCCESS) return FALSE; return TRUE; }
NTSTATUS PhSetSeObjectSecurity( _In_ HANDLE Handle, _In_ ULONG ObjectType, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor ) { ULONG win32Result; SECURITY_INFORMATION securityInformation = 0; BOOLEAN present; BOOLEAN defaulted; PSID owner = NULL; PSID group = NULL; PACL dacl = NULL; PACL sacl = NULL; if (SecurityInformation & OWNER_SECURITY_INFORMATION) { if (NT_SUCCESS(RtlGetOwnerSecurityDescriptor(SecurityDescriptor, &owner, &defaulted))) securityInformation |= OWNER_SECURITY_INFORMATION; } if (SecurityInformation & GROUP_SECURITY_INFORMATION) { if (NT_SUCCESS(RtlGetGroupSecurityDescriptor(SecurityDescriptor, &group, &defaulted))) securityInformation |= GROUP_SECURITY_INFORMATION; } if (SecurityInformation & DACL_SECURITY_INFORMATION) { if (NT_SUCCESS(RtlGetDaclSecurityDescriptor(SecurityDescriptor, &present, &dacl, &defaulted)) && present) securityInformation |= DACL_SECURITY_INFORMATION; } if (SecurityInformation & SACL_SECURITY_INFORMATION) { if (NT_SUCCESS(RtlGetSaclSecurityDescriptor(SecurityDescriptor, &present, &sacl, &defaulted)) && present) securityInformation |= SACL_SECURITY_INFORMATION; } win32Result = SetSecurityInfo( Handle, ObjectType, SecurityInformation, owner, group, dacl, sacl ); if (win32Result != ERROR_SUCCESS) return NTSTATUS_FROM_WIN32(win32Result); return STATUS_SUCCESS; }
void WindowsEventEx::setAccessToAll(HANDLE objHandle) { DWORD errorCode = SetSecurityInfo(objHandle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, // Modify DACL 0, 0, 0, // Pointer to DACL (0 = access to all) 0); if (errorCode != ERROR_SUCCESS && errorCode != ERROR_NO_SECURITY_ON_OBJECT) { StringStorage errMess; errMess.format(_T("Cannot SetSecurityInfo with error = %d"), (int)errorCode); throw Exception(errMess.getString()); } }
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform /// any system specific actions. E.g. the Windows implementation registers with the service control manager /// and can optionally set the security descriptor on the process to allow clients to kill/restart it. /// /// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be /// required depending on whether the code is running direct from main() or through another mechansim static void _ServiceStartup (int nReason) { CSettings oSettings; #ifdef _WIN32 if (nReason == SERVICE_RUN_SCM) { g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler); } PCTSTR pszSDDL = oSettings.GetServiceSDDL (); if (pszSDDL) { LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL); PSECURITY_DESCRIPTOR psdRelative; if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) { DWORD cbAbsolute = 1024; PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute); DWORD cbD = 1024; PACL paclD = (PACL)malloc (cbD); DWORD cbS = 1024; PACL paclS = (PACL)malloc (cbS); DWORD cbOwner = 1024; PSID psidOwner = (PSID)malloc (cbOwner); DWORD cbPGroup = 1024; PSID psidPGroup = (PSID)malloc (cbPGroup); if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) { DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL); if (dwError == ERROR_SUCCESS) { LOGINFO (TEXT ("Security descriptor set on process handle")); } else { LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ()); } } else { LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ()); } free (psdAbsolute); free (paclD); free (paclS); free (psidOwner); free (psidPGroup); LocalFree (psdRelative); } else { LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ()); } } else { LOGDEBUG (TEXT ("No security descriptor specified")); } #endif /* ifdef _WIN32 */ g_lBusyTimeout = oSettings.GetBusyTimeout (); _ReportStateStarting (); }
gboolean spice_win32_set_low_integrity (void* handle, GError **error) { g_return_val_if_fail (handle != NULL, FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE); /* see also http://msdn.microsoft.com/en-us/library/bb625960.aspx */ PSECURITY_DESCRIPTOR psd = NULL; PACL psacl = NULL; BOOL sacl_present = FALSE; BOOL sacl_defaulted = FALSE; char *emsg; int errsv; gboolean success = FALSE; if (!ConvertStringSecurityDescriptorToSecurityDescriptor ("S:(ML;;NW;;;LW)", SDDL_REVISION_1, &psd, NULL)) goto failed; if (!GetSecurityDescriptorSacl (psd, &sacl_present, &psacl, &sacl_defaulted)) goto failed; if (SetSecurityInfo (handle, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, psacl) != ERROR_SUCCESS) goto failed; success = TRUE; goto end; failed: errsv = GetLastError (); emsg = g_win32_error_message (errsv); g_set_error (error, G_IO_ERROR, g_io_error_from_win32_error (errsv), "Error setting integrity: %s", emsg); g_free (emsg); end: if (psd != NULL) LocalFree (psd); return success; }
/* http://stackoverflow.com/a/10575889/1090657 */ DWORD ProtectProcess(void) { HANDLE hProcess = GetCurrentProcess(); PACL pEmptyDacl; DWORD dwErr; pEmptyDacl = (PACL) SelfAlloc(sizeof(ACL)); if (!InitializeAcl(pEmptyDacl, sizeof(ACL), ACL_REVISION)) { dwErr = GetLastError(); MessageLastErrorWndTitle(NULL, dwErr, T("Failed to InitializeAcl()")); return dwErr; } dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pEmptyDacl, NULL); if (dwErr != ERROR_SUCCESS) { MessageLastErrorWndTitle(NULL, GetLastError(), T("Failed to SetSecurityInfo()")); return dwErr; } SelfFree(pEmptyDacl); return dwErr; }
BOOL adjust_dacl(HANDLE h, DWORD dwDesiredAccess) { SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY, 0 }; EXPLICIT_ACCESS ea = { 0, SET_ACCESS, NO_INHERITANCE, { 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, 0 } }; ACL* pdacl = 0; DWORD err = SetEntriesInAcl(1, &ea, 0, &pdacl); ea.grfAccessPermissions = dwDesiredAccess; ea.Trustee.ptstrName = (LPTSTR)(&world); if (err == ERROR_SUCCESS) { err = SetSecurityInfo(h, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0); LocalFree(pdacl); return (err == ERROR_SUCCESS); } else { //printf2("adjust_dacl\n"); return(FALSE); } };
bool SDAPI SDSetProcessAttr(SDHANDLE handle, const SProcessAttr &pAttr) { #if (defined(WIN32) || defined(WIN64)) if (pAttr.secInfo.bSet) { PROCESS_INFORMATION & pInfo = s_processIndexer.Get((uint32)handle); uint32 ret = SetSecurityInfo(pInfo.hProcess, pAttr.secInfo.objectType, pAttr.secInfo.securityInfo, pAttr.secInfo.psidOwner, pAttr.secInfo.psidGroup, pAttr.secInfo.pDacl, pAttr.secInfo.pSacl ); if (ret != ERROR_SUCCESS) { return false; } } #else #endif // return false; }
/// Prelude actions to start up the service, e.g. to set any global variables from the settings or perform /// any system specific actions. E.g. the Windows implementation registers with the service control manager /// and can optionally set the security descriptor on the process to allow clients to kill/restart it. /// /// @param[in] nReason how the startup is occuring (e.g. SERVICE_RUN_INLINE) - different actions may be /// required depending on whether the code is running direct from main() or through another mechansim static void _ServiceStartup (int nReason) { CSettings oSettings; #ifdef _WIN32 if (nReason == SERVICE_RUN_SCM) { g_hServiceStatus = RegisterServiceCtrlHandler (oSettings.GetServiceName (), ServiceHandler); } PCTSTR pszSDDL = oSettings.GetServiceSDDL (); if (pszSDDL) { LOGDEBUG (TEXT ("Setting security descriptor ") << pszSDDL); PSECURITY_DESCRIPTOR psdRelative; if (ConvertStringSecurityDescriptorToSecurityDescriptor (pszSDDL, SDDL_REVISION_1, &psdRelative, NULL)) { DWORD cbAbsolute = 1024; PSECURITY_DESCRIPTOR psdAbsolute = (PSECURITY_DESCRIPTOR)malloc (cbAbsolute); DWORD cbD = 1024; PACL paclD = (PACL)malloc (cbD); DWORD cbS = 1024; PACL paclS = (PACL)malloc (cbS); DWORD cbOwner = 1024; PSID psidOwner = (PSID)malloc (cbOwner); DWORD cbPGroup = 1024; PSID psidPGroup = (PSID)malloc (cbPGroup); if (MakeAbsoluteSD (psdRelative, psdAbsolute, &cbAbsolute, paclD, &cbD, paclS, &cbS, psidOwner, &cbOwner, psidPGroup, &cbPGroup)) { DWORD dwError = SetSecurityInfo (GetCurrentProcess (), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL); if (dwError == ERROR_SUCCESS) { LOGINFO (TEXT ("Security descriptor set on process handle")); } else { LOGWARN (TEXT ("Couldn't set security descriptor on process handle, error ") << GetLastError ()); } if (nReason == SERVICE_RUN_SCM) { SC_HANDLE hSCM = OpenSCManager (NULL, NULL, GENERIC_READ); if (hSCM) { SC_HANDLE hService = OpenService (hSCM, oSettings.GetServiceName (), GENERIC_WRITE | WRITE_DAC); if (hService) { dwError = SetSecurityInfo (hService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, paclD, NULL); if (dwError == ERROR_SUCCESS) { LOGINFO (TEXT ("Security descriptor set on service")); } else { LOGWARN (TEXT ("Couldn't set security descriptor on service, error ") << GetLastError ()); } CloseServiceHandle (hService); } else { LOGWARN (TEXT ("Couldn't open service, error ") << GetLastError ()); } CloseServiceHandle (hSCM); } else { LOGWARN (TEXT ("Couldn't open SCM, error ") << GetLastError ()); } } } else { LOGWARN (TEXT ("Couldn't create absolute security description, error ") << GetLastError ()); } free (psdAbsolute); free (paclD); free (paclS); free (psidOwner); free (psidPGroup); LocalFree (psdRelative); } else { LOGWARN (TEXT ("Couldn't parse SDDL ") << pszSDDL << TEXT (", error ") << GetLastError ()); } } else { LOGDEBUG (TEXT ("No security descriptor specified")); } #else /* ifdef _WIN32 */ if (nReason == SERVICE_RUN_DAEMON) { const TCHAR *pszPID = oSettings.GetPidFile (); if (pszPID) { LOGINFO (TEXT ("Creating PID file ") << pszPID); FILE *f = fopen (pszPID, "wt"); if (f) { fprintf (f, "%d", getpid ()); fclose (f); } else { LOGWARN (TEXT ("Couldn't write to PID file ") << pszPID << TEXT (", error ") << GetLastError ()); } } else { LOGWARN (TEXT ("No PID file")); } } #endif /* ifdef _WIN32 */ g_lBusyTimeout = oSettings.GetBusyTimeout (); _ReportStateStarting (); }
HANDLE adv_open_process(DWORD pid, DWORD dwAccessRights) { HANDLE hProcess = OpenProcess(dwAccessRights, FALSE, pid); if (hProcess == NULL) { HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, pid); if (hpWriteDAC == NULL) { HANDLE htok; TOKEN_PRIVILEGES tpOld; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok)) { return(FALSE); } if (enable_token_privilege(htok, SE_TAKE_OWNERSHIP_NAME, &tpOld)) { HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, pid); if (hpWriteOwner != NULL) { BYTE buf[512]; DWORD cb = sizeof buf; if (GetTokenInformation(htok, TokenUser, buf, cb, &cb)) { DWORD err = SetSecurityInfo(hpWriteOwner, SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION, ((TOKEN_USER *)(buf))->User.Sid, 0, 0, 0); if (err == ERROR_SUCCESS) { if (!DuplicateHandle(GetCurrentProcess(), hpWriteOwner, GetCurrentProcess(), &hpWriteDAC, WRITE_DAC, FALSE, 0)) { hpWriteDAC = NULL; } } } CloseHandle(hpWriteOwner); } AdjustTokenPrivileges(htok, FALSE, &tpOld, 0, 0, 0); } CloseHandle(htok); } if (hpWriteDAC) { adjust_dacl(hpWriteDAC, dwAccessRights); if (!DuplicateHandle(GetCurrentProcess(), hpWriteDAC, GetCurrentProcess(), &hProcess, dwAccessRights, FALSE, 0)) { hProcess = NULL; } CloseHandle(hpWriteDAC); } } return (hProcess); };
bool Application::OnInit() { #ifdef WIN32 unsigned int cores = boost::thread::hardware_concurrency(); int mask = (1 << cores)-1; HANDLE hProces = GetCurrentProcess(); int ss = SetSecurityInfo(hProces, SE_UNKNOWN_OBJECT_TYPE ,PROCESS_ALL_ACCESS, NULL, NULL, NULL, NULL); int pe = SetProcessAffinityMask(hProces, mask); #endif core::IApplicationConfiguration* iapp_config = (core::IApplicationConfiguration*)app_config; app_maingui = core::igui::MainGui::GetInstance(iapp_config, "OX"); app_mainprod = (core::IProd *) new core::iprod::MainProd(iapp_config, argc, argv, true); app_mainpercept = (core::IPercept *) new core::ipercept::MainPercept(iapp_config); app_mainpersistence = (core::IPersistence *) new core::ipersistence::MainPersistence(iapp_config); avatar_entity = (core::IEntityPersistence *) new core::ipersistence::EntityPersistence ("avatar"); if(app_maingui) app_maingui->SetApp((IApplication *)this); if(app_mainprod) app_mainprod->SetApp((IApplication *)this); if(app_mainpercept) app_mainpercept->SetApp((IApplication *)this); if(app_mainpersistence) app_mainpersistence->SetApp((IApplication *)this); PostLogMessage("Modules running..."); if(app_mainprod) { PostLogMessage("Initializing production..."); app_mainprod->Init(); } if(app_mainpercept) { PostLogMessage("Initializing perception..."); app_mainpercept->Init(); } if(app_mainprod && app_mainpercept) { user_dataModel_controller = new UserDataModelController(); runningscene_controller = new RunningSceneController((IApplication *)this, user_dataModel_controller, app_mainpercept, app_mainprod); contentcreation_controller = ContentCreationController::Instance(); if (contentcreation_controller) { contentcreation_controller->SetApp((IApplication *)this, iapp_config, app_mainpercept, app_mainprod); } } session_controller->LoadDefaultData(); //Attaching Observers to Subjects if(session_controller && contentcreation_controller) { core::Observer* observer = dynamic_cast<core::Observer*> (contentcreation_controller); if (observer) session_controller->attach(observer); } RunDefaultWorld(); return true; }
PVOID DisableProt(BOOL mode) { HANDLE Section; DWORD Res; NTSTATUS ntS; PACL OldDacl=NULL, NewDacl=NULL; PSECURITY_DESCRIPTOR SecDesc=NULL; EXPLICIT_ACCESS Access; OBJECT_ATTRIBUTES ObAttributes; INIT_UNICODE(ObName, L"\\Device\\PhysicalMemory"); //mode 1 = current //mode 2 = user memset(&Access, 0, sizeof(EXPLICIT_ACCESS)); InitializeObjectAttributes(&ObAttributes, &ObName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); // open handle de \Device\PhysicalMemory ntS = NtOpenSection(&Section, WRITE_DAC | READ_CONTROL, &ObAttributes); if (ntS != STATUS_SUCCESS) { printf("error: NtOpenSection (code: %x)\n", ntS); goto cleanup; } // retrieve a copy of the security descriptor Res = GetSecurityInfo(Section, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &OldDacl, NULL, &SecDesc); if (Res != ERROR_SUCCESS) { printf("error: GetSecurityInfo (code: %lu)\n", Res); goto cleanup; } Access.grfAccessPermissions = SECTION_ALL_ACCESS; // :P Access.grfAccessMode = GRANT_ACCESS; Access.grfInheritance = NO_INHERITANCE; Access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; // change these informations to grant access to a group or other user Access.Trustee.TrusteeForm = TRUSTEE_IS_NAME; Access.Trustee.TrusteeType = TRUSTEE_IS_USER; Access.Trustee.ptstrName = "CURRENT_USER"; // create the new ACL Res = SetEntriesInAcl(1, &Access, OldDacl, &NewDacl); if (Res != ERROR_SUCCESS) { printf("error: SetEntriesInAcl (code: %lu)\n", Res); goto cleanup; } // update ACL Res = SetSecurityInfo(Section, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NewDacl, NULL); if (Res != ERROR_SUCCESS) { printf("error: SetEntriesInAcl (code: %lu)\n", Res); goto cleanup; } printf("\\Device\\PhysicalMemory chmoded\n"); cleanup: if (Section) NtClose(Section); if (SecDesc) LocalFree(SecDesc); return(0); }
explicit SecurityAttributes(MemoryPool& pool) : m_pool(pool) { // Ensure that our process has the SYNCHRONIZE privilege granted to everyone PSECURITY_DESCRIPTOR pOldSD = NULL; PACL pOldACL = NULL; // Pseudo-handles do not work on WinNT. Need real process handle. HANDLE hCurrentProcess = OpenProcess(READ_CONTROL | WRITE_DAC, FALSE, GetCurrentProcessId()); if (hCurrentProcess == NULL) { Firebird::system_call_failed::raise("OpenProcess"); } DWORD result = GetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldACL, NULL, &pOldSD); if (result == ERROR_CALL_NOT_IMPLEMENTED) { // For Win9X - sumulate that the call worked alright pOldACL = NULL; result = ERROR_SUCCESS; } if (result != ERROR_SUCCESS) { CloseHandle(hCurrentProcess); Firebird::system_call_failed::raise("GetSecurityInfo", result); } // NULL pOldACL means all privileges. If we assign pNewACL in this case // we'll lost all privileges except assigned SYNCHRONIZE if (pOldACL) { SID_IDENTIFIER_AUTHORITY sidAuth = SECURITY_WORLD_SID_AUTHORITY; PSID pSID = NULL; AllocateAndInitializeSid(&sidAuth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSID); EXPLICIT_ACCESS ea; memset(&ea, 0, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = SYNCHRONIZE; ea.grfAccessMode = GRANT_ACCESS; ea.grfInheritance = NO_INHERITANCE; ea.Trustee.TrusteeForm = TRUSTEE_IS_SID; ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP; ea.Trustee.ptstrName = (LPTSTR) pSID; PACL pNewACL = NULL; SetEntriesInAcl(1, &ea, pOldACL, &pNewACL); SetSecurityInfo(hCurrentProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewACL, NULL); if (pSID) { FreeSid(pSID); } if (pNewACL) { LocalFree(pNewACL); } } CloseHandle(hCurrentProcess); if (pOldSD) { LocalFree(pOldSD); } // Create and initialize the default security descriptor // to be assigned to various IPC objects. // // WARNING!!! The absent DACL means full access granted // to everyone, this is a huge security risk! PSECURITY_DESCRIPTOR p_security_desc = static_cast<PSECURITY_DESCRIPTOR>( pool.allocate(SECURITY_DESCRIPTOR_MIN_LENGTH)); attributes.nLength = sizeof(attributes); attributes.lpSecurityDescriptor = p_security_desc; attributes.bInheritHandle = TRUE; if (!InitializeSecurityDescriptor(p_security_desc, SECURITY_DESCRIPTOR_REVISION) || !SetSecurityDescriptorDacl(p_security_desc, TRUE, NULL, FALSE)) { pool.deallocate(p_security_desc); attributes.lpSecurityDescriptor = NULL; } }
HANDLE OpenClientProcess(DWORD processID) { // tries to open the targeted process // note: don't use PROCESS_ALL_ACCESS HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD, FALSE, processID); // error? if (!hProcess) { if (GetLastError() == ERROR_ACCESS_DENIED) { printf("Process open is failed, ERROR_ACCESS_DENIED.\n"); printf("Trying to override client's security descriptor (DACL) "); printf("and will try a re-open.\n"); // clients before 12213 (this build doesn't contain) or // 11723 (don't have this WoW client so can't check) // override theirs security descriptor // (set flag PROTECTED_DACL_SECURITY_INFORMATION) so // the injector can't simply OpenProcess them // // because of this the injector modifies the // client's security descriptor (DACL) to the injector's one // so after that OpenProcess should work // "global" var which stores an error code DWORD error = 0; // ACL header PACL dacl; // that pointer contains the security descriptor PSECURITY_DESCRIPTOR securityDescriptor; // gets injector's security descriptor error = GetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &dacl, NULL, &securityDescriptor); if (error) { printf("ERROR: Can't get injector's security secriptor, "); printf("ErrorCode: %u\n", error); return NULL; } // tries again to open the client process but // only with an access wich can override its DACL hProcess = OpenProcess(WRITE_DAC, FALSE, processID); if (!hProcess) { LocalFree(securityDescriptor); printf("ERROR: Process open is failed with only "); printf("WRITE_DAC access, ErrorCode: %u\n", GetLastError()); return NULL; } // overrides client's DACL with injector's DACL error = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION, 0, 0, dacl, 0); if (error) { LocalFree(securityDescriptor); CloseHandle(hProcess); printf("ERROR: Can't override client's DACL, "); printf("ErrorCode: %u\n", error); return NULL; } // release resources LocalFree(securityDescriptor); CloseHandle(hProcess); // now this should work hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID); } // error! if (!hProcess) { printf("ERROR: Process open is failed, "); printf("ErrorCode: %u\n", GetLastError()); return NULL; } } return hProcess; }
/* * ObjectDaclEntryAdd() -- add an access-control entry to an object's DACL. * * Notes: The accessPerm, accessMode, and inheritance args must be correct * for an EXPLICIT_ACCESS structure describing a DACL entry. * Caller must have READ_CONTRL/WRITE_DAC rights for object handle. * * RETURN CODES: Win32 status code (ERROR_SUCCESS if succeeds) */ DWORD ObjectDaclEntryAdd(HANDLE objectHandle, SE_OBJECT_TYPE objectType, WELLKNOWN_TRUSTEE_ID trustee, DWORD accessPerm, ACCESS_MODE accessMode, DWORD inheritance) { DWORD status = ERROR_SUCCESS; PSID trusteeSidP; /* allocate SID for (well-known) trustee */ if (trustee == WorldGroup) { if (!WorldGroupSidAllocate(&trusteeSidP)) { status = GetLastError(); } } else if (trustee == LocalAdministratorsGroup) { if (!LocalAdminsGroupSidAllocate(&trusteeSidP)) { status = GetLastError(); } } else { status = ERROR_INVALID_PARAMETER; } if (status == ERROR_SUCCESS) { EXPLICIT_ACCESS accessEntry; PACL curDaclP, newDaclP; PSECURITY_DESCRIPTOR secP; /* initialize access information for trustee */ BuildExplicitAccessWithSid(&accessEntry, trusteeSidP, accessPerm, accessMode, inheritance); /* get object's current DACL */ status = GetSecurityInfo(objectHandle, objectType, DACL_SECURITY_INFORMATION, NULL, NULL, &curDaclP, NULL, &secP); if (status == ERROR_SUCCESS) { /* merge access information into current DACL to form new DACL */ status = SetEntriesInAcl(1, &accessEntry, curDaclP, &newDaclP); if (status == ERROR_SUCCESS) { /* replace object's current DACL with newly formed DACL */ /* MS SP4 introduced a bug into SetSecurityInfo() so that it * no longer operates correctly with named pipes. Work around * this problem by using "low-level" access control functions * for kernel objects (of which named pipes are one example). */ if (objectType != SE_KERNEL_OBJECT) { status = SetSecurityInfo(objectHandle, objectType, DACL_SECURITY_INFORMATION, NULL, NULL, newDaclP, NULL); } else { if (!SetSecurityDescriptorDacl (secP, TRUE, newDaclP, FALSE) || !SetKernelObjectSecurity(objectHandle, DACL_SECURITY_INFORMATION, secP)) { status = GetLastError(); } } (void)LocalFree((HLOCAL) newDaclP); } (void)LocalFree((HLOCAL) secP); } FreeSid(trusteeSidP); } return status; }
HANDLE GetProcessHandleWithEnoughRights(DWORD PID, DWORD AccessRights) { HANDLE hProcess = ::OpenProcess(AccessRights, FALSE, PID); if (hProcess == NULL) { HANDLE hpWriteDAC = OpenProcess(WRITE_DAC, FALSE, PID); if (hpWriteDAC == NULL) { // hmm, we don't have permissions to modify the DACL... // time to take ownership... HANDLE htok; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &htok)) return(FALSE); TOKEN_PRIVILEGES tpOld; if (EnableTokenPrivilege(htok, SE_TAKE_OWNERSHIP_NAME, tpOld)) { // SeTakeOwnershipPrivilege allows us to open objects with // WRITE_OWNER, but that's about it, so we'll update the owner, // and dup the handle so we can get WRITE_DAC permissions. HANDLE hpWriteOwner = OpenProcess(WRITE_OWNER, FALSE, PID); if (hpWriteOwner != NULL) { BYTE buf[512]; // this should always be big enough DWORD cb = sizeof buf; if (GetTokenInformation(htok, TokenUser, buf, cb, &cb)) { DWORD err = SetSecurityInfo( hpWriteOwner, SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION, reinterpret_cast<TOKEN_USER*>(buf)->User.Sid, 0, 0, 0 ); if (err == ERROR_SUCCESS) { // now that we're the owner, we've implicitly got WRITE_DAC // permissions, so ask the system to reevaluate our request, // giving us a handle with WRITE_DAC permissions if ( !DuplicateHandle( GetCurrentProcess(), hpWriteOwner, GetCurrentProcess(), &hpWriteDAC, WRITE_DAC, FALSE, 0 ) ) hpWriteDAC = NULL; } } // don't forget to close handle ::CloseHandle(hpWriteOwner); } // not truly necessary in this app, // but included for completeness RestoreTokenPrivilege(htok, tpOld); } // don't forget to close the token handle ::CloseHandle(htok); } if (hpWriteDAC) { // we've now got a handle that allows us WRITE_DAC permission AdjustDacl(hpWriteDAC, AccessRights); // now that we've granted ourselves permission to access // the process, ask the system to reevaluate our request, // giving us a handle with right permissions if ( !DuplicateHandle( GetCurrentProcess(), hpWriteDAC, GetCurrentProcess(), &hProcess, AccessRights, FALSE, 0 ) ) hProcess = NULL; CloseHandle(hpWriteDAC); } } return(hProcess); }
HRESULT CSecurityInformation::SetSecurity( SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor) { HRESULT hr = 1; // Get the Dacl PACL pDACL = NULL; BOOL fPresent, fDefaulted; GetSecurityDescriptorDacl(pSecurityDescriptor, &fPresent, &pDACL, &fDefaulted); // Get the SACL PACL pSACL = NULL; GetSecurityDescriptorSacl(pSecurityDescriptor, &fPresent, &pSACL, &fDefaulted); // Get the owner PSID psidOwner = NULL; GetSecurityDescriptorOwner(pSecurityDescriptor, &psidOwner, &fDefaulted); // Get the group PSID psidGroup = NULL; GetSecurityDescriptorOwner(pSecurityDescriptor, &psidGroup, &fDefaulted); // Find out if DACL and SACL inherit from parent objects SECURITY_DESCRIPTOR_CONTROL sdCtrl = NULL; ULONG ulRevision; GetSecurityDescriptorControl(pSecurityDescriptor, &sdCtrl, &ulRevision); if ((sdCtrl & SE_DACL_PROTECTED) != SE_DACL_PROTECTED) SecurityInformation |= UNPROTECTED_DACL_SECURITY_INFORMATION; else SecurityInformation |= PROTECTED_DACL_SECURITY_INFORMATION; if ((sdCtrl & SE_SACL_PROTECTED) != SE_SACL_PROTECTED) SecurityInformation |= UNPROTECTED_SACL_SECURITY_INFORMATION; else SecurityInformation |= PROTECTED_SACL_SECURITY_INFORMATION; // Set the security ULONG lErr; if (m_Info.m_szName[0] != 0) // Is it named { lErr = SetNamedSecurityInfo(m_Info.m_szName, m_Type.m_objSecurType, SecurityInformation, psidOwner, psidGroup, pDACL, pSACL); } else { // Is it a handle case lErr = SetSecurityInfo(m_Info.m_hHandle, m_Type.m_objSecurType, SecurityInformation, psidOwner, psidGroup, pDACL, pSACL); } // Report error if (lErr != ERROR_SUCCESS) { MessageBox(NULL, TEXT("An error occurred saving security information for this object,\n") TEXT("possibly due to insufficient access rights.\n"), TEXT("Security Notice"), MB_OK); } else { hr = S_OK; } return(hr); }