Blame src/debug/ntapi_tt_create_debug_object.c

03cd3c
/********************************************************/
03cd3c
/*  ntapi: Native API core library                      */
03cd3c
/*  Copyright (C) 2013--2019  Z. Gilboa                 */
03cd3c
/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
03cd3c
/********************************************************/
03cd3c
e20eeb
#include <psxtypes/psxtypes.h>
e20eeb
#include <ntapi/nt_object.h>
e20eeb
#include <ntapi/nt_debug.h>
e20eeb
#include <ntapi/nt_guid.h>
e20eeb
#include <ntapi/nt_acl.h>
e20eeb
#include "ntapi_impl.h"
e20eeb
e20eeb
static nt_access_allowed_ace * __dbg_ace_init(
e20eeb
	nt_access_allowed_ace * ace,
e20eeb
	uint32_t		mask,
e20eeb
	const nt_sid *		sid)
e20eeb
{
e20eeb
	ace->mask             = mask;
e20eeb
	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
e20eeb
	ace->header.ace_flags = 0;
e20eeb
	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
e20eeb
	                        + __offsetof(nt_access_allowed_ace,sid_start)
e20eeb
	                        + __offsetof(nt_sid,sub_authority);
e20eeb
e20eeb
	__ntapi->tt_sid_copy(
e20eeb
		(nt_sid *)&ace->sid_start,
e20eeb
		sid);
e20eeb
e20eeb
	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
e20eeb
}
e20eeb
e20eeb
static void __dbg_sd_init(nt_sd_common_buffer * sd)
e20eeb
{
e20eeb
	nt_access_allowed_ace * ace;
e20eeb
	uint32_t		mask_system;
e20eeb
	uint32_t		mask_owner;
e20eeb
	uint32_t		mask_other;
e20eeb
e20eeb
	/* access mask */
e20eeb
	mask_system = NT_DEBUG_ALL_ACCESS;
e20eeb
	mask_owner  = NT_DEBUG_ALL_ACCESS;
e20eeb
	mask_other  = NT_SEC_READ_CONTROL | NT_SEC_SYNCHRONIZE;
e20eeb
e20eeb
	/* sd header */
e20eeb
	sd->sd.revision         = 1;
e20eeb
	sd->sd.sbz_1st          = 0;
e20eeb
	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
e20eeb
	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
e20eeb
	sd->sd.offset_group     = 0;
e20eeb
	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
e20eeb
	sd->sd.offset_sacl      = 0;
e20eeb
e20eeb
	/* owner sid */
e20eeb
	__ntapi->tt_sid_copy(
e20eeb
		(nt_sid *)&sd->owner,
e20eeb
		__ntapi_internals()->user);
e20eeb
e20eeb
e20eeb
	/* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
e20eeb
	ace = (nt_access_allowed_ace *)&sd->buffer;
e20eeb
	ace = __dbg_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
e20eeb
	ace = __dbg_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
e20eeb
	ace = __dbg_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);
e20eeb
e20eeb
	sd->dacl.acl_revision   = 0x02;
e20eeb
	sd->dacl.sbz_1st        = 0;
e20eeb
	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
e20eeb
	sd->dacl.ace_count      = 3;
e20eeb
	sd->dacl.sbz_2nd        = 0;
e20eeb
e20eeb
}
e20eeb
e20eeb
int32_t __stdcall __ntapi_tt_create_debug_object(
e20eeb
	__out	void **		hdbgobj,
e20eeb
	__in	uint32_t	flags)
e20eeb
{
e20eeb
	nt_oa			oa;
e20eeb
	nt_sd_common_buffer	sd;
e20eeb
	nt_sqos			sqos = {
e20eeb
					sizeof(sqos),
e20eeb
					NT_SECURITY_IMPERSONATION,
e20eeb
					NT_SECURITY_TRACKING_DYNAMIC,
e20eeb
					1};
e20eeb
e20eeb
	__dbg_sd_init(&sd);
e20eeb
e20eeb
	oa.len       = sizeof(oa);
e20eeb
	oa.root_dir  = 0;
e20eeb
	oa.obj_name  = 0;
e20eeb
	oa.obj_attr  = 0;
e20eeb
	oa.sec_desc  = &sd.sd;
e20eeb
	oa.sec_qos   = &sqo;;
e20eeb
e20eeb
	return __ntapi->zw_create_debug_object(
e20eeb
		hdbgobj,
e20eeb
		NT_DEBUG_ALL_ACCESS,
e20eeb
		&oa,flags);
e20eeb
}
e20eeb
e20eeb
int32_t __stdcall __ntapi_tt_create_attach_debug_object(
e20eeb
	__out	void **		hdbgobj,
e20eeb
	__in	void *		hprocess,
e20eeb
	__in	uint32_t	flags)
e20eeb
{
e20eeb
	int32_t	status;
e20eeb
	void *	hdebug;
e20eeb
e20eeb
	if ((status = __ntapi_tt_create_debug_object(&hdebug,flags)))
e20eeb
		return status;
e20eeb
e20eeb
	if ((status = __ntapi->zw_debug_active_process(hprocess,hdebug))) {
e20eeb
		__ntapi->zw_close(hdebug);
e20eeb
		return status;
e20eeb
	}
e20eeb
e20eeb
	*hdbgobj = hdebug;
e20eeb
e20eeb
	return NT_STATUS_SUCCESS;
e20eeb
}