-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathutils.cpp
117 lines (105 loc) · 2.95 KB
/
utils.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#include <windows.h>
#include <map>
#include <string>
#include <iostream>
#include <TlHelp32.h>
using namespace std;
DWORD CreatePrivProc(PHANDLE hPrivProc, LPWSTR commandLine) {
STARTUPINFOEX sinfo = { sizeof(sinfo) };
PROCESS_INFORMATION pinfo;
LPPROC_THREAD_ATTRIBUTE_LIST ptList = NULL;
SIZE_T bytes = 0;
sinfo.StartupInfo.cb = sizeof(STARTUPINFOEX);
InitializeProcThreadAttributeList(NULL, 1, 0, &bytes);
if (bytes == 0)
return FALSE;
ptList = (LPPROC_THREAD_ATTRIBUTE_LIST)LocalAlloc(LPTR, bytes);
if (ptList == NULL)
return false;
InitializeProcThreadAttributeList(ptList, 1, 0, &bytes);
UpdateProcThreadAttribute(ptList, 0, PROC_THREAD_ATTRIBUTE_PARENT_PROCESS, hPrivProc, sizeof(HANDLE), NULL, NULL);
sinfo.lpAttributeList = ptList;
if (CreateProcess(NULL, commandLine,
NULL, NULL, TRUE,
EXTENDED_STARTUPINFO_PRESENT, NULL, NULL,
&sinfo.StartupInfo, &pinfo)) {
return pinfo.dwProcessId;
}
else {
return 0;
}
}
BOOL CloneHandle(DWORD ownerPid, HANDLE handle, PHANDLE clonedHandle) {
HANDLE elevatedToken = NULL;
HANDLE hOwner = OpenProcess(PROCESS_DUP_HANDLE, false, ownerPid);
if (hOwner == NULL)
return FALSE;
bool result = DuplicateHandle(
hOwner,
handle,
GetCurrentProcess(),
clonedHandle,
NULL,
false,
DUPLICATE_SAME_ACCESS
);
CloseHandle(hOwner);
return result;
}
DWORD GetTargetIntegrityLevel(HANDLE hProc) {
HANDLE hToken;
if (!OpenProcessToken(hProc, TOKEN_QUERY, &hToken))
{
CloseHandle(hProc);
return 0;
}
PTOKEN_MANDATORY_LABEL tokenInformation;
DWORD returnLength;
DWORD integrityLevel;
GetTokenInformation(hToken, TokenIntegrityLevel, NULL, 0, &returnLength);
if (returnLength <= 0) {
CloseHandle(hToken);
CloseHandle(hProc);
return 0;
}
tokenInformation = (PTOKEN_MANDATORY_LABEL)LocalAlloc(LPTR, returnLength);
if (!GetTokenInformation(hToken, TokenIntegrityLevel, tokenInformation, returnLength, &returnLength)) {
LocalFree(tokenInformation);
CloseHandle(hToken);
CloseHandle(hProc);
return 0;
}
integrityLevel = *GetSidSubAuthority(tokenInformation->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(tokenInformation->Label.Sid) - 1));
LocalFree(tokenInformation);
CloseHandle(hToken);
CloseHandle(hProc);
return integrityLevel;
}
DWORD GetTargetIntegrityLevel(DWORD pid) {
HANDLE hProc;
hProc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid);
if (hProc == NULL)
return 0;
return GetTargetIntegrityLevel(hProc);
}
wstring GetProcName(DWORD pid)
{
PROCESSENTRY32 processInfo;
processInfo.dwSize = sizeof(processInfo);
HANDLE processesSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (processesSnapshot == INVALID_HANDLE_VALUE)
{
return wstring();
}
for (BOOL bok = Process32First(processesSnapshot, &processInfo); bok; bok = Process32Next(processesSnapshot, &processInfo))
{
if (pid == processInfo.th32ProcessID)
{
CloseHandle(processesSnapshot);
return processInfo.szExeFile;
}
}
CloseHandle(processesSnapshot);
return wstring();
}