windows-xp/Source/XPSP1/NT/ds/security/winsafer/test/guesslev/guesslev.cpp

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <winsafer.h>

int _cdecl dwcompare(const void* pv1, const void* pv2)
{
    DWORD dw1 = *(DWORD*)pv1;
    DWORD dw2 = *(DWORD*)pv2;

    if (dw1 < dw2) return -1;
    if (dw1 > dw2) return 1;

    return 0;
}

void _cdecl main()
{
    BOOL bStatus;
    DWORD dwInert;
    DWORD dwOutBufSize;
    DWORD dwNumLevels;
    DWORD i;
    HANDLE hProcessToken;

    bStatus = OpenProcessToken(GetCurrentProcess(),
                               TOKEN_QUERY,
                               &hProcessToken);
    if (!bStatus) goto done;

    bStatus = GetTokenInformation(hProcessToken,
                                  TokenSandBoxInert,
                                  &dwInert,
                                  sizeof(DWORD),
                                  &dwOutBufSize);

    if (!bStatus) goto done;

        printf("Process Token: INERT = %d\n", dwInert);

    printf("Enumerating available SAFER levels\n");

    bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
                                             CodeAuthzPol_LevelList,
                                             0,
                                             NULL,
                                             &dwOutBufSize,
                                             NULL);
    if (!bStatus)
    {
        if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto done;

        DWORD* pdwLevels = new DWORD[dwOutBufSize];
        if (!pdwLevels)
        {
            printf("Out of memory\n");
            goto done;
        }

        bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
                                                 CodeAuthzPol_LevelList,
                                                 dwOutBufSize * sizeof(DWORD),
                                                 pdwLevels,
                                                 &dwOutBufSize,
                                                 NULL);
        if (!bStatus) goto done;

        dwNumLevels = dwOutBufSize / sizeof(DWORD);

        // I need to compare these in sorted order, so I do that myself rather
        // than rely on the api to do so
        qsort(pdwLevels, dwNumLevels, sizeof(DWORD), dwcompare);

        for (i = 0; i < dwNumLevels; i++)
        {
            HAUTHZLEVEL hCodeAuthLevel;
            HANDLE hOutToken;
            DWORD dwResult;

            bStatus = CreateCodeAuthzLevel(AUTHZSCOPEID_MACHINE,
                                           pdwLevels[i],
                                           AUTHZCRLEV_OPEN,
                                           &hCodeAuthLevel,
                                           NULL);
            if (!bStatus) goto done;

            bStatus = ComputeAccessTokenFromCodeAuthzLevel(hCodeAuthLevel,
                                                           hProcessToken,
                                                           NULL,
                                                           AUTHZTOKEN_COMPARE_ONLY,
                                                           (LPVOID)&dwResult);
            if (!bStatus) printf("ComputeAccessTokenFromCodeAuthzLevel failed with GLE=%d\n", GetLastError());

            if (dwResult != -1)
                printf("Level %d: Authorization comparison equal or greater privileged\n", pdwLevels[i]);
            else
                printf("Level %d: Authorization comparison less privileged.\n", pdwLevels[i]);

            bStatus = CloseCodeAuthzLevel(hCodeAuthLevel);
            if (!bStatus) goto done;
        }
    }

done:

    if (!bStatus)
    {
        printf("operation failed with GLE=%d\n", GetLastError());
    }

//    Sleep(3000);
    return;
}