driver: hard code security descriptor bytes
This is compatible with old Windows. Generated by:
#include <stdio.h>
#include <windows.h>
#include <sddl.h>
int main(int argc, char *argv[])
{
PSECURITY_DESCRIPTOR sd;
ULONG sd_len;
if (!ConvertStringSecurityDescriptorToSecurityDescriptorA("O:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)S:(ML;;NWNRNX;;;HI)", SDDL_REVISION_1, &sd, &sd_len))
return 1;
for (ULONG i = 0; i < sd_len; ++i)
printf("0x%02x%s%s", ((unsigned char *)sd)[i], i == sd_len - 1 ? "" : ",", i == sd_len -1 || i % 8 == 7 ? "\n": " ");
return 0;
}
This can be easily checked from kernel space with this ugly snippet:
UNICODE_STRING Func;
RtlInitUnicodeString(&Func, L"SeConvertSecurityDescriptorToStringSecurityDescriptor");
WCHAR *Str = NULL;
((NTSTATUS(NTAPI *)(PSECURITY_DESCRIPTOR, DWORD, DWORD, WCHAR **, DWORD *))MmGetSystemRoutineAddress(&Func))(
TunDispatchSecurityDescriptor, 1, 0x14, &Str, NULL);
DbgPrint("Did it work? %ls\n", Str);
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
d33732ab4b