Last active
September 21, 2024 01:46
-
-
Save JustasMasiulis/960d7335db199e68fcb71f0d35ceda03 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct RTL_PROTECTED_ACCESS { | |
| DWORD DominateMask; | |
| DWORD DeniedProcessAccess; | |
| DWORD DeniedThreadAccess; | |
| }; | |
| bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target) | |
| { | |
| if ( Target.Type == 0 ) | |
| return true; | |
| if ( Requester.Type < Target.Type ) | |
| return false; | |
| return _bittest(&RtlProtectedAccess[Requester.Signer].DominateMask, Requester.Signer); | |
| } | |
| bool PspCheckForInvalidAccessByProtection(KPROCESSOR_MODE Mode, _PS_PROTECTION RequesterProt, _PS_PROTECTION TargetProt) | |
| { | |
| return Mode == UserMode && !RtlTestProtectedAccess(RequesterProt, TargetProt); | |
| } | |
| bool PsTestProtectedProcessIncompatibility(KPROCESSOR_MODE Mode, _EPROCESS *Requester, _EPROCESS *Target) | |
| { | |
| // 2 checks against unknown global variables omitted | |
| return Requester != Target | |
| && PspCheckForInvalidAccessByProtection(Mode, Requester->Protection, Target->Protection); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment