Created
February 8, 2020 16:21
-
-
Save hfiref0x/57b54dd3c8a53130b2813485c0e1ec68 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NTSTATUS HandleOpen(PDEVICE_OBJECT DeviceObject, IRP *Irp) | |
{ | |
NTSTATUS ntStatus; | |
BOOL bAllowed; | |
PIO_SECURITY_CONTEXT SecurityContext; | |
PACCESS_STATE AccessState; | |
PACCESS_TOKEN Token; | |
DWORD IsTokenElevated; | |
DWORD tokenIntegrityLevel; | |
PTOKEN_ELEVATION tokenElevation; | |
ntStatus = STATUS_SUCCESS; | |
bAllowed = TRUE; | |
UNREFERENCED_PARAMETE(DeviceObject); | |
if ( Irp->RequestorMode == UserMode ) | |
{ | |
SecurityContext = Irp->Tail.Overlay.CurrentStackLocation->Parameters.Create.SecurityContext; | |
if ( SecurityContext | |
&& (AccessState = SecurityContext->AccessState) != NULL | |
&& ((Token = AccessState->SubjectSecurityContext.ClientToken) != NULL | |
|| (Token = AccessState->SubjectSecurityContext.PrimaryToken) != NULL) ) | |
{ | |
tokenElevation = NULL; | |
ntStatus = SeQueryInformationToken(Token, TokenElevation, &tokenElevation); | |
if ( NT_SUCCESS(ntStatus) ) | |
{ | |
IsTokenElevated = tokenElevation->TokenIsElevated; | |
ExFreePoolWithTag(tokenElevation, 0); | |
tokenIntegrityLevel = 0; | |
ntStatus = SeQueryInformationToken(Token, TokenIntegrityLevel, &tokenIntegrityLevel); | |
if ( NT_SUCCESS(ntStatus) ) | |
{ | |
if ( !IsTokenElevated || tokenIntegrityLevel < SECURITY_MANDATORY_HIGH_RID ) | |
bAllowed = 0; | |
ntStatus = (bAllowed == 0) ? STATUS_ACCESS_DENIED : STATUS_SUCCESS; | |
} | |
} | |
} | |
else | |
{ | |
ntStatus = STATUS_ACCESS_DENIED; | |
} | |
} | |
Irp->IoStatus.Information = 0i64; | |
Irp->IoStatus.Status = ntStatus; | |
IofCompleteRequest(Irp, 0); | |
return ntStatus; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment