GetCurrentProcessToken() is Win8+, so open our own token

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2019-08-03 08:45:56 +00:00
parent 0e5c1a7a94
commit bc22e2dd25

View File

@ -35,7 +35,7 @@ ConsoleLogger(_In_ LOGGER_LEVEL Level, _In_ const TCHAR *LogLine)
static BOOL ElevateToSystem(VOID) static BOOL ElevateToSystem(VOID)
{ {
HANDLE ThreadToken, ProcessSnapshot, WinlogonProcess, WinlogonToken, DuplicatedToken; HANDLE CurrentProcessToken, ThreadToken, ProcessSnapshot, WinlogonProcess, WinlogonToken, DuplicatedToken;
PROCESSENTRY32 ProcessEntry = { .dwSize = sizeof(PROCESSENTRY32) }; PROCESSENTRY32 ProcessEntry = { .dwSize = sizeof(PROCESSENTRY32) };
BOOL Ret; BOOL Ret;
DWORD LastError = ERROR_SUCCESS; DWORD LastError = ERROR_SUCCESS;
@ -50,8 +50,13 @@ static BOOL ElevateToSystem(VOID)
TOKEN_USER MaybeLocalSystem; TOKEN_USER MaybeLocalSystem;
CHAR LargeEnoughForLocalSystem[0x400]; CHAR LargeEnoughForLocalSystem[0x400];
} TokenUserBuffer; } TokenUserBuffer;
if (!GetTokenInformation( if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &CurrentProcessToken))
GetCurrentProcessToken(), TokenUser, &TokenUserBuffer, sizeof(TokenUserBuffer), &RequiredBytes)) goto cleanup;
Ret =
GetTokenInformation(CurrentProcessToken, TokenUser, &TokenUserBuffer, sizeof(TokenUserBuffer), &RequiredBytes);
LastError = GetLastError();
CloseHandle(CurrentProcessToken);
if (!Ret)
goto cleanup; goto cleanup;
if (EqualSid(TokenUserBuffer.MaybeLocalSystem.User.Sid, LocalSystemSid)) if (EqualSid(TokenUserBuffer.MaybeLocalSystem.User.Sid, LocalSystemSid))
return TRUE; return TRUE;
@ -116,7 +121,12 @@ RunAsAdministrator(HWND hwnd, TCHAR *Verb, int nCmdShow)
{ {
TOKEN_ELEVATION Elevation; TOKEN_ELEVATION Elevation;
DWORD Required; DWORD Required;
if (!GetTokenInformation(GetCurrentProcessToken(), TokenElevation, &Elevation, sizeof(Elevation), &Required)) HANDLE CurrentProcessToken;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &CurrentProcessToken))
return;
BOOL Ret = GetTokenInformation(CurrentProcessToken, TokenElevation, &Elevation, sizeof(Elevation), &Required);
CloseHandle(CurrentProcessToken);
if (!Ret)
return; return;
if (Elevation.TokenIsElevated) if (Elevation.TokenIsElevated)
return; return;
@ -155,6 +165,6 @@ VOID __stdcall InstallWintun(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int
VOID __stdcall UninstallWintun(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) VOID __stdcall UninstallWintun(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
{ {
RunAsAdministrator(hwnd, TEXT(__FUNCTION__) , nCmdShow); RunAsAdministrator(hwnd, TEXT(__FUNCTION__), nCmdShow);
Do(FALSE, !!nCmdShow); Do(FALSE, !!nCmdShow);
} }