Skip to content

Instantly share code, notes, and snippets.

@tyranid

tyranid/check_virtual_account.c Secret

Created May 23, 2020
Embed
What would you like to do?
NTSTATUS LsapCheckVirtualAccountRestriction(DWORD dwRid, DWORD dwPid) {
if ( dwRid == 80 )
{
if ( !_InterlockedCompareExchange(&global_scm_pid, dwPid, 0) || dwPid == global_scm_pid)
return STATUS_SUCCESS;
}
else
{
if ( dwRid != 87 )
return STATUS_SUCCESS;
if (NT_SUCCESS(LsapImpersonateClientEx(NULL)) {
HANDLE TokenHandle;
OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &TokenHandle);
BOOL IsMember;
CheckTokenMembership(TokenHandle, g_pScheduleServiceSid, &IsMember);
if (IsMember)
return STATUS_SUCCESS;
}
}
return STATUS_ACCESS_DENIED;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.