Skip to content

Instantly share code, notes, and snippets.

@hfiref0x

hfiref0x/handleopen.c

Created February 8, 2020 16:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hfiref0x/57b54dd3c8a53130b2813485c0e1ec68 to your computer and use it in GitHub Desktop.
Save hfiref0x/57b54dd3c8a53130b2813485c0e1ec68 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
handleopen.c
NTSTATUS HandleOpen(PDEVICE_OBJECT DeviceObject, IRP *Irp)
{
NTSTATUS ntStatus;
BOOL bAllowed;
PIO_SECURITY_CONTEXT SecurityContext;
PACCESS_STATE AccessState;
PACCESS_TOKEN Token;
DWORD IsTokenElevated;
DWORD tokenIntegrityLevel;
PTOKEN_ELEVATION tokenElevation;
ntStatus = STATUS_SUCCESS;
bAllowed = TRUE;
UNREFERENCED_PARAMETE(DeviceObject);
if ( Irp->RequestorMode == UserMode )
{
SecurityContext = Irp->Tail.Overlay.CurrentStackLocation->Parameters.Create.SecurityContext;
if ( SecurityContext
&& (AccessState = SecurityContext->AccessState) != NULL
&& ((Token = AccessState->SubjectSecurityContext.ClientToken) != NULL
|| (Token = AccessState->SubjectSecurityContext.PrimaryToken) != NULL) )
{
tokenElevation = NULL;
ntStatus = SeQueryInformationToken(Token, TokenElevation, &tokenElevation);
if ( NT_SUCCESS(ntStatus) )
{
IsTokenElevated = tokenElevation->TokenIsElevated;
ExFreePoolWithTag(tokenElevation, 0);
tokenIntegrityLevel = 0;
ntStatus = SeQueryInformationToken(Token, TokenIntegrityLevel, &tokenIntegrityLevel);
if ( NT_SUCCESS(ntStatus) )
{
if ( !IsTokenElevated || tokenIntegrityLevel < SECURITY_MANDATORY_HIGH_RID )
bAllowed = 0;
ntStatus = (bAllowed == 0) ? STATUS_ACCESS_DENIED : STATUS_SUCCESS;
}
}
}
else
{
ntStatus = STATUS_ACCESS_DENIED;
}
}
Irp->IoStatus.Information = 0i64;
Irp->IoStatus.Status = ntStatus;
IofCompleteRequest(Irp, 0);
return ntStatus;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment