Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

113 lines
3.6 KiB

  1. #include <windows.h>
  2. #include <stdio.h>
  3. #include <stdlib.h>
  4. #include <winsafer.h>
  5. int _cdecl dwcompare(const void* pv1, const void* pv2)
  6. {
  7. DWORD dw1 = *(DWORD*)pv1;
  8. DWORD dw2 = *(DWORD*)pv2;
  9. if (dw1 < dw2) return -1;
  10. if (dw1 > dw2) return 1;
  11. return 0;
  12. }
  13. void _cdecl main()
  14. {
  15. BOOL bStatus;
  16. DWORD dwInert;
  17. DWORD dwOutBufSize;
  18. DWORD dwNumLevels;
  19. DWORD i;
  20. HANDLE hProcessToken;
  21. bStatus = OpenProcessToken(GetCurrentProcess(),
  22. TOKEN_QUERY,
  23. &hProcessToken);
  24. if (!bStatus) goto done;
  25. bStatus = GetTokenInformation(hProcessToken,
  26. TokenSandBoxInert,
  27. &dwInert,
  28. sizeof(DWORD),
  29. &dwOutBufSize);
  30. if (!bStatus) goto done;
  31. printf("Process Token: INERT = %d\n", dwInert);
  32. printf("Enumerating available SAFER levels\n");
  33. bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
  34. CodeAuthzPol_LevelList,
  35. 0,
  36. NULL,
  37. &dwOutBufSize,
  38. NULL);
  39. if (!bStatus)
  40. {
  41. if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto done;
  42. DWORD* pdwLevels = new DWORD[dwOutBufSize];
  43. if (!pdwLevels)
  44. {
  45. printf("Out of memory\n");
  46. goto done;
  47. }
  48. bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
  49. CodeAuthzPol_LevelList,
  50. dwOutBufSize * sizeof(DWORD),
  51. pdwLevels,
  52. &dwOutBufSize,
  53. NULL);
  54. if (!bStatus) goto done;
  55. dwNumLevels = dwOutBufSize / sizeof(DWORD);
  56. // I need to compare these in sorted order, so I do that myself rather
  57. // than rely on the api to do so
  58. qsort(pdwLevels, dwNumLevels, sizeof(DWORD), dwcompare);
  59. for (i = 0; i < dwNumLevels; i++)
  60. {
  61. HAUTHZLEVEL hCodeAuthLevel;
  62. HANDLE hOutToken;
  63. DWORD dwResult;
  64. bStatus = CreateCodeAuthzLevel(AUTHZSCOPEID_MACHINE,
  65. pdwLevels[i],
  66. AUTHZCRLEV_OPEN,
  67. &hCodeAuthLevel,
  68. NULL);
  69. if (!bStatus) goto done;
  70. bStatus = ComputeAccessTokenFromCodeAuthzLevel(hCodeAuthLevel,
  71. hProcessToken,
  72. NULL,
  73. AUTHZTOKEN_COMPARE_ONLY,
  74. (LPVOID)&dwResult);
  75. if (!bStatus) printf("ComputeAccessTokenFromCodeAuthzLevel failed with GLE=%d\n", GetLastError());
  76. if (dwResult != -1)
  77. printf("Level %d: Authorization comparison equal or greater privileged\n", pdwLevels[i]);
  78. else
  79. printf("Level %d: Authorization comparison less privileged.\n", pdwLevels[i]);
  80. bStatus = CloseCodeAuthzLevel(hCodeAuthLevel);
  81. if (!bStatus) goto done;
  82. }
  83. }
  84. done:
  85. if (!bStatus)
  86. {
  87. printf("operation failed with GLE=%d\n", GetLastError());
  88. }
  89. // Sleep(3000);
  90. return;
  91. }