#include "pch.h"
#pragma hdrstop
#include "bmcommon.h"
static GENERIC_MAPPING FileGenericMapping =
{
FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_GENERIC_EXECUTE,
FILE_ALL_ACCESS
};
static PSECURITY_DESCRIPTOR pSD;
static HANDLE hToken;
EXTERN_C
DWORD
InitNtAccessChecks()
{
DWORD dwError=NO_ERROR;
BOOL b;
PWCHAR szMsg=NULL;
HANDLE hProcessToken=NULL;
b = ConvertStringSecurityDescriptorToSecurityDescriptorW(g_szSd,
SDDL_REVISION_1,
&pSD, NULL);
if (!b)
{
szMsg = L"SDDL";
goto GetError;
}
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_DUPLICATE,
&hProcessToken ) )
{
szMsg = L"OpenProcessToken";
goto GetError;
}
if ( !DuplicateToken( hProcessToken, SecurityImpersonation, &hToken ) )
{
szMsg = L"DuplicateToken";
goto GetError;
}
if ( !SetThreadToken( NULL, hToken ) )
{
szMsg = L"SetThreadToken";
goto GetError;
}
Cleanup:
if ( hProcessToken )
{
CloseHandle( hProcessToken );
}
if ( szMsg )
{
wprintf (L"InitNtAccessChecks: %s: %x\n", szMsg, dwError);
}
return dwError;
GetError:
dwError = GetLastError();
goto Cleanup;
}
EXTERN_C
DWORD
DoNtAccessChecks(
IN ULONG NumChecks,
IN DWORD Flags
)
{
DWORD dwError=NO_ERROR;
PWCHAR StringSD = L"O:BAG:BAD:(OA;;GA;;;WD)S:(AU;FASA;GA;;;WD)";
BOOL b;
ULONG i;
PRIVILEGE_SET Privs = { 0 };
DWORD dwPrivLength=20*sizeof(LUID_AND_ATTRIBUTES);
BOOL fGenOnClose[100];
PWCHAR szMsg=NULL;
HANDLE hObj= (HANDLE) 333444;
if ( Flags & BMF_GenerateAudit )
{
if ( Flags & BMF_UseObjTypeList )
{
for (i=0; i < NumChecks; i++)
{
if (!AccessCheckByTypeResultListAndAuditAlarm(
L"supersystemwithaudit",
hObj,
L"Kernel speed test",
L"sample operation",
pSD,
g_Sid1,
DESIRED_ACCESS,
AuditEventObjectAccess,
0,
ObjectTypeList,
ObjectTypeListLength,
&FileGenericMapping,
FALSE,
dwNtGrantedAccess,
fNtAccessCheckResult,
fGenOnClose ))
{
szMsg = L"AccessCheck";
goto GetError;
}
}
}
else
{
for (i=0; i < NumChecks; i++)
{
if (!AccessCheckAndAuditAlarm(
L"mysystem",
hObj,
L"File",
L"file-object",
pSD, DESIRED_ACCESS,
&FileGenericMapping,
FALSE,
&dwNtGrantedAccess[0],
&fNtAccessCheckResult[0],
&fGenOnClose[0] ))
{
szMsg = L"AccessCheck";
goto GetError;
}
}
}
}
else
{
if ( Flags & BMF_UseObjTypeList )
{
for (i=0; i < NumChecks; i++)
{
if (!AccessCheckByTypeResultList(
pSD,
g_Sid1,
hToken, DESIRED_ACCESS,
ObjectTypeList,
ObjectTypeListLength,
&FileGenericMapping,
&Privs, &dwPrivLength,
dwNtGrantedAccess,
fNtAccessCheckResult ))
{
szMsg = L"AccessCheck";
goto GetError;
}
}
}
else
{
for (i=0; i < NumChecks; i++)
{
if (!AccessCheck( pSD, hToken, DESIRED_ACCESS,
&FileGenericMapping,
&Privs, &dwPrivLength,
&dwNtGrantedAccess[0],
&fNtAccessCheckResult[0] ))
{
szMsg = L"AccessCheck";
goto GetError;
}
}
}
}
Cleanup:
if ( szMsg )
{
wprintf (L"%s: %x\n", szMsg, dwError);
}
return dwError;
GetError:
dwError = GetLastError();
goto Cleanup;
}