ipc.c rolback to 1.14.0
https://github.com/sandboxie-plus/Sandboxie/issues/4012
This commit is contained in:
DavidXanatos
parent
1c8037591f
commit
0239e66827
|
|
@ -1402,30 +1402,34 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
|
||||||
|
|
||||||
} else if (IS_ARG_CURRENT_PROCESS(TargetProcessHandle)) {
|
} else if (IS_ARG_CURRENT_PROCESS(TargetProcessHandle)) {
|
||||||
|
|
||||||
|
//
|
||||||
|
// we duplicate the handle into kernel space such that that user
|
||||||
|
// won't be able to grab it while we are evaluaiting it
|
||||||
|
//
|
||||||
|
|
||||||
HANDLE SourceProcessKernelHandle;
|
HANDLE SourceProcessKernelHandle;
|
||||||
status = Thread_GetKernelHandleForUserHandle(&SourceProcessKernelHandle, SourceProcessHandle);
|
status = Thread_GetKernelHandleForUserHandle(&SourceProcessKernelHandle, SourceProcessHandle);
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
HANDLE TargetProcessKernelHandle = ZwCurrentProcess(); // TargetProcessHandle == NtCurrentProcess();
|
HANDLE TargetProcessKernelHandle = ZwCurrentProcess(); // TargetProcessHandle == NtCurrentProcess();
|
||||||
|
|
||||||
HANDLE SourceKernelHandle;
|
//
|
||||||
status = Thread_GetKernelHandleForUserHandle(&SourceKernelHandle, SourceHandle);
|
// driver verifier wants us to provide a kernel handle as process handles
|
||||||
|
// but the source handle must be a user handle and the ZwDuplicateObject
|
||||||
|
// function creates another user handle hence NtClose
|
||||||
|
//
|
||||||
|
|
||||||
|
status = ZwDuplicateObject(
|
||||||
|
SourceProcessKernelHandle, SourceHandle,
|
||||||
|
TargetProcessKernelHandle, &DuplicatedHandle,
|
||||||
|
DesiredAccess, HandleAttributes,
|
||||||
|
Options & ~DUPLICATE_CLOSE_SOURCE);
|
||||||
|
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
status = ZwDuplicateObject(
|
status = Ipc_CheckObjectName(DuplicatedHandle, UserMode);
|
||||||
SourceProcessKernelHandle, SourceHandle,
|
|
||||||
TargetProcessKernelHandle, &DuplicatedHandle,
|
|
||||||
DesiredAccess, HandleAttributes,
|
|
||||||
Options & ~DUPLICATE_CLOSE_SOURCE);
|
|
||||||
|
|
||||||
if (NT_SUCCESS(status)) {
|
NtClose(DuplicatedHandle);
|
||||||
|
|
||||||
status = Ipc_CheckObjectName(DuplicatedHandle, UserMode);
|
|
||||||
|
|
||||||
NtClose(DuplicatedHandle);
|
|
||||||
}
|
|
||||||
|
|
||||||
ZwClose(SourceKernelHandle);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ZwClose(SourceProcessKernelHandle);
|
ZwClose(SourceProcessKernelHandle);
|
||||||
|
|
@ -1440,40 +1444,30 @@ _FX NTSTATUS Ipc_Api_DuplicateObject(PROCESS *proc, ULONG64 *parms)
|
||||||
|
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
HANDLE SourceProcessKernelHandle = ZwCurrentProcess();
|
HANDLE SourceProcessKernelHandle = (HANDLE)-1;
|
||||||
|
HANDLE TargetProcessKernelHandle = (HANDLE)-1;
|
||||||
|
|
||||||
if (!IS_ARG_CURRENT_PROCESS(SourceProcessHandle))
|
if (!IS_ARG_CURRENT_PROCESS(SourceProcessHandle))
|
||||||
status = Thread_GetKernelHandleForUserHandle(&SourceProcessKernelHandle, SourceProcessHandle);
|
status = Thread_GetKernelHandleForUserHandle(&SourceProcessKernelHandle, SourceProcessHandle);
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
HANDLE TargetProcessKernelHandle = ZwCurrentProcess();
|
|
||||||
if (!IS_ARG_CURRENT_PROCESS(TargetProcessHandle))
|
if (!IS_ARG_CURRENT_PROCESS(TargetProcessHandle))
|
||||||
status = Thread_GetKernelHandleForUserHandle(&TargetProcessKernelHandle, TargetProcessHandle);
|
status = Thread_GetKernelHandleForUserHandle(&TargetProcessKernelHandle, TargetProcessHandle);
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
HANDLE SourceKernelHandle;
|
status = ZwDuplicateObject(
|
||||||
status = Thread_GetKernelHandleForUserHandle(&SourceKernelHandle, SourceHandle);
|
SourceProcessKernelHandle, SourceHandle,
|
||||||
if (NT_SUCCESS(status)) {
|
TargetProcessKernelHandle, &DuplicatedHandle,
|
||||||
|
DesiredAccess, HandleAttributes, Options);
|
||||||
|
|
||||||
status = ZwDuplicateObject(
|
*TargetHandle = DuplicatedHandle;
|
||||||
SourceProcessKernelHandle, SourceKernelHandle,
|
|
||||||
TargetProcessKernelHandle, &DuplicatedHandle,
|
|
||||||
DesiredAccess, HandleAttributes, Options & ~DUPLICATE_CLOSE_SOURCE);
|
|
||||||
|
|
||||||
if (Options & DUPLICATE_CLOSE_SOURCE)
|
|
||||||
NtClose(SourceHandle);
|
|
||||||
|
|
||||||
*TargetHandle = DuplicatedHandle;
|
|
||||||
|
|
||||||
ZwClose(SourceKernelHandle);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!IS_ARG_CURRENT_PROCESS(TargetProcessKernelHandle))
|
|
||||||
ZwClose(TargetProcessKernelHandle);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!IS_ARG_CURRENT_PROCESS(SourceProcessKernelHandle))
|
|
||||||
ZwClose(SourceProcessKernelHandle);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (SourceProcessKernelHandle && !IS_ARG_CURRENT_PROCESS(SourceProcessKernelHandle))
|
||||||
|
ZwClose(SourceProcessKernelHandle);
|
||||||
|
if (TargetProcessKernelHandle && !IS_ARG_CURRENT_PROCESS(TargetProcessKernelHandle))
|
||||||
|
ZwClose(TargetProcessKernelHandle);
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue