Last active
June 10, 2022 17:03
-
-
Save BlackOfWorld/9218ea68c6c72f38986359ef45987f4d to your computer and use it in GitHub Desktop.
A useful wrapper for kernel mode stuff (like creating registry keys)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SecurityDescriptor descriptor(SeExports->SeAliasAdminsSid, SecurityInheritance::ContainersAndObjects); | |
| descriptor.Create(2, SeExports->SeAliasUsersSid, SeExports->SeAliasSystemOpsSid); | |
| //use descriptor.SecurityDesc as output |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "SecurityDescriptor.h" | |
| #include <cstdarg> | |
| #define va_copy(a,b) (a = b) | |
| bool SecurityDescriptor::Create(int count,...) | |
| { | |
| va_list list, list2; | |
| va_start(list, count); | |
| va_copy(list2, list); | |
| SecurityDesc = (PSECURITY_DESCRIPTOR)ExAllocatePoolWithTag(PagedPool, sizeof(SECURITY_DESCRIPTOR), ' SeX'); | |
| size = sizeof(ACL); | |
| for (auto i = 0; i < count; i++) { | |
| PSID sid = va_arg(list, PSID); | |
| size += sizeof(ACCESS_ALLOWED_ACE) - sizeof(ACCESS_ALLOWED_ACE::SidStart) + RtlLengthSid(sid); | |
| } | |
| acl = (PACL)ExAllocatePoolWithTag(PagedPool, size, ' SeX'); | |
| // Create a new ACL that contains the new ACEs. | |
| RtlCreateAcl(acl, size, ACL_REVISION); | |
| for (auto i = 0; i < count; i++) { | |
| PSID sid = va_arg(list2, PSID); | |
| RtlAddAccessAllowedAceEx(acl, ACL_REVISION, Inheritance, GENERIC_ALL, sid); | |
| } | |
| RtlCreateSecurityDescriptor(SecurityDesc, SECURITY_DESCRIPTOR_REVISION); | |
| RtlSetOwnerSecurityDescriptor(SecurityDesc, Owner, FALSE); | |
| RtlSetDaclSecurityDescriptor(SecurityDesc, TRUE, acl, FALSE); | |
| va_end(list); | |
| va_end(list2); | |
| return RtlValidSecurityDescriptor(SecurityDesc); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <ntifs.h> | |
| #include <wdm.h> | |
| enum SecurityInheritance | |
| { | |
| NoInheritance, | |
| ObjectsOnly, | |
| ContainersOnly, | |
| ContainersAndObjects | |
| }; | |
| class SecurityDescriptor | |
| { | |
| public: | |
| SecurityDescriptor(PSID Owner, SecurityInheritance Inherit) : Owner(Owner), Inheritance(Inherit) {} | |
| bool Create(int count, ...); | |
| ~SecurityDescriptor() | |
| { | |
| ExFreePoolWithTag(acl, ' SeX'); | |
| ExFreePoolWithTag(SecurityDesc, ' SeX'); | |
| } | |
| private: | |
| ULONG size = 0; | |
| PACL acl = nullptr; | |
| PSID Owner = nullptr; | |
| SecurityInheritance Inheritance = SecurityInheritance::ContainersAndObjects; | |
| public: | |
| PSECURITY_DESCRIPTOR SecurityDesc = nullptr; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment