diff --git a/driver/driver.vcxproj b/driver/driver.vcxproj
index 915326e..4457db2 100644
--- a/driver/driver.vcxproj
+++ b/driver/driver.vcxproj
@@ -96,7 +96,7 @@
NDIS_MINIPORT_DRIVER=1;NDIS620_MINIPORT=1;NDIS683_MINIPORT=1;NDIS_WDM=1;%(PreprocessorDefinitions)
- ndis.lib;wdmsec.lib;ksecdd.lib;%(AdditionalDependencies)
+ ndis.lib;wdmsec.lib;%(AdditionalDependencies)
sha256
diff --git a/driver/undocumented.h b/driver/undocumented.h
index 7f538b7..c642361 100644
--- a/driver/undocumented.h
+++ b/driver/undocumented.h
@@ -45,22 +45,9 @@ NTSTATUS
NTAPI
ZwYieldExecution(VOID);
-NTSYSAPI
NTSTATUS
NTAPI
-RtlSetSaclSecurityDescriptor(
- _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
- _In_ BOOLEAN SaclPresent,
- _In_opt_ PACL Sacl,
- _In_opt_ BOOLEAN SaclDefaulted);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAddMandatoryAce(
- _Inout_ PACL Acl,
- _In_ ULONG AceRevision,
- _In_ ULONG AceFlags,
- _In_ PSID Sid,
- _In_ UCHAR AceType,
- _In_ ULONG AccessMask);
+SeSddlSecurityDescriptorFromSDDL(
+ const PUNICODE_STRING SecurityDescriptorString,
+ BOOLEAN SuppliedByDefaultMechanism,
+ PSECURITY_DESCRIPTOR *SecurityDescriptor);
diff --git a/driver/wintun.c b/driver/wintun.c
index d7e3ef4..d3f2bd9 100644
--- a/driver/wintun.c
+++ b/driver/wintun.c
@@ -844,86 +844,9 @@ static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID);
_Use_decl_annotations_
static NTSTATUS TunInitializeDispatchSecurityDescriptor(VOID)
{
- NTSTATUS Status;
- struct
- {
- SID Sid;
- } LocalSystem;
- struct
- {
- SID Sid;
- ULONG ExtraAuthority;
- } BuiltinAdministrators;
- struct
- {
- SID Sid;
- } HighLabel;
- ULONG SidSize = sizeof(LocalSystem);
- if (!NT_SUCCESS(Status = SecLookupWellKnownSid(WinLocalSystemSid, &LocalSystem.Sid, SidSize, &SidSize)))
- return Status;
- SidSize = sizeof(BuiltinAdministrators);
- if (!NT_SUCCESS(
- Status = SecLookupWellKnownSid(WinBuiltinAdministratorsSid, &BuiltinAdministrators.Sid, SidSize, &SidSize)))
- return Status;
- SidSize = sizeof(HighLabel);
- if (!NT_SUCCESS(Status = SecLookupWellKnownSid(WinHighLabelSid, &HighLabel.Sid, SidSize, &SidSize)))
- return Status;
- struct
- {
- ACL Dacl;
- ACCESS_ALLOWED_ACE Ace1;
- SID Sid1;
- ACCESS_ALLOWED_ACE Ace2;
- SID Sid2;
- } DaclStorage = { 0 };
- struct
- {
- ACL Sacl;
- SYSTEM_MANDATORY_LABEL_ACE Ace;
- SID Sid;
- } SaclStorage = { 0 };
- if (!NT_SUCCESS(Status = RtlCreateAcl(&DaclStorage.Dacl, sizeof(DaclStorage), ACL_REVISION)))
- return Status;
- if (!NT_SUCCESS(Status = RtlCreateAcl(&SaclStorage.Sacl, sizeof(SaclStorage), ACL_REVISION)))
- return Status;
- ACCESS_MASK AccessMask = GENERIC_ALL;
- RtlMapGenericMask(&AccessMask, IoGetFileObjectGenericMapping());
- if (!NT_SUCCESS(Status = RtlAddAccessAllowedAce(&DaclStorage.Dacl, ACL_REVISION, AccessMask, &LocalSystem.Sid)))
- return Status;
- if (!NT_SUCCESS(
- Status = RtlAddAccessAllowedAce(&DaclStorage.Dacl, ACL_REVISION, AccessMask, &BuiltinAdministrators.Sid)))
- return Status;
- if (!NT_SUCCESS(RtlAddMandatoryAce(
- &SaclStorage.Sacl,
- ACL_REVISION,
- 0,
- &HighLabel.Sid,
- SYSTEM_MANDATORY_LABEL_ACE_TYPE,
- SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_WRITE_UP |
- SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)))
- return Status;
- SECURITY_DESCRIPTOR SecurityDescriptor = { 0 };
- if (!NT_SUCCESS(Status = RtlCreateSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)))
- return Status;
- if (!NT_SUCCESS(Status = RtlSetDaclSecurityDescriptor(&SecurityDescriptor, TRUE, &DaclStorage.Dacl, FALSE)))
- return Status;
- if (!NT_SUCCESS(Status = RtlSetSaclSecurityDescriptor(&SecurityDescriptor, TRUE, &SaclStorage.Sacl, FALSE)))
- return Status;
- SecurityDescriptor.Control |= SE_DACL_PROTECTED;
- ULONG RequiredBytes = 0;
- Status = RtlAbsoluteToSelfRelativeSD(&SecurityDescriptor, NULL, &RequiredBytes);
- if (Status != STATUS_BUFFER_TOO_SMALL)
- return NT_SUCCESS(Status) ? STATUS_INSUFFICIENT_RESOURCES : Status;
- TunDispatchSecurityDescriptor = ExAllocatePoolWithTag(NonPagedPoolNx, RequiredBytes, TUN_MEMORY_TAG);
- if (!TunDispatchSecurityDescriptor)
- return STATUS_INSUFFICIENT_RESOURCES;
- Status = RtlAbsoluteToSelfRelativeSD(&SecurityDescriptor, TunDispatchSecurityDescriptor, &RequiredBytes);
- if (!NT_SUCCESS(Status))
- {
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
- return Status;
- }
- return STATUS_SUCCESS;
+ UNICODE_STRING Sddl;
+ RtlInitUnicodeString(&Sddl, L"O:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)S:(ML;;NWNRNX;;;HI)");
+ return SeSddlSecurityDescriptorFromSDDL(&Sddl, FALSE, &TunDispatchSecurityDescriptor);
}
_IRQL_requires_max_(PASSIVE_LEVEL)
@@ -1493,7 +1416,7 @@ TunUnload(PDRIVER_OBJECT DriverObject)
NdisMDeregisterMiniportDriver(NdisMiniportDriverHandle);
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ ExFreePool(TunDispatchSecurityDescriptor);
}
DRIVER_INITIALIZE DriverEntry;
@@ -1569,6 +1492,6 @@ cleanupNotifier:
cleanupResources:
ExDeleteResourceLite(&TunDispatchCtxGuard);
ExDeleteResourceLite(&TunDispatchDeviceListLock);
- ExFreePoolWithTag(TunDispatchSecurityDescriptor, TUN_MEMORY_TAG);
+ ExFreePool(TunDispatchSecurityDescriptor);
return Status;
}