JustasMasiulis/PPL.cpp

## PPL.cpp
struct RTL_PROTECTED_ACCESS {
  DWORD DominateMask;
  DWORD DeniedProcessAccess;
  DWORD DeniedThreadAccess;
};

bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target)
{
  if ( Target.Type == 0 )
    return true;

  if ( Requester.Type < Target.Type )
    return false;

  return _bittest(&RtlProtectedAccess[Requester.Signer].DominateMask, Requester.Signer);
}

bool PspCheckForInvalidAccessByProtection(KPROCESSOR_MODE Mode, _PS_PROTECTION RequesterProt, _PS_PROTECTION TargetProt)
{
  return Mode == UserMode && !RtlTestProtectedAccess(RequesterProt, TargetProt);
}

bool PsTestProtectedProcessIncompatibility(KPROCESSOR_MODE Mode, _EPROCESS *Requester, _EPROCESS *Target)
{
  // 2 checks against unknown global variables omitted
  return Requester != Target
      && PspCheckForInvalidAccessByProtection(Mode, Requester->Protection, Target->Protection);
}
	struct RTL_PROTECTED_ACCESS {
	DWORD DominateMask;
	DWORD DeniedProcessAccess;
	DWORD DeniedThreadAccess;
	};

	bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target)
	{
	if ( Target.Type == 0 )
	return true;

	if ( Requester.Type < Target.Type )
	return false;

	return _bittest(&RtlProtectedAccess[Requester.Signer].DominateMask, Requester.Signer);
	}

	bool PspCheckForInvalidAccessByProtection(KPROCESSOR_MODE Mode, _PS_PROTECTION RequesterProt, _PS_PROTECTION TargetProt)
	{
	return Mode == UserMode && !RtlTestProtectedAccess(RequesterProt, TargetProt);
	}

	bool PsTestProtectedProcessIncompatibility(KPROCESSOR_MODE Mode, _EPROCESS Requester, _EPROCESS Target)
	{
	// 2 checks against unknown global variables omitted
	return Requester != Target
	&& PspCheckForInvalidAccessByProtection(Mode, Requester->Protection, Target->Protection);
	}