Skip to content

Instantly share code, notes, and snippets.

@tyranid
Created May 23, 2020 18:04
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save tyranid/6693b94462dd62b917b063e30717534e to your computer and use it in GitHub Desktop.
NTSTATUS LsapCheckVirtualAccountRestriction(DWORD dwRid, DWORD dwPid) {
if ( dwRid == 80 )
{
if ( !_InterlockedCompareExchange(&global_scm_pid, dwPid, 0) || dwPid == global_scm_pid)
return STATUS_SUCCESS;
}
else
{
if ( dwRid != 87 )
return STATUS_SUCCESS;
if (NT_SUCCESS(LsapImpersonateClientEx(NULL)) {
HANDLE TokenHandle;
OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &TokenHandle);
BOOL IsMember;
CheckTokenMembership(TokenHandle, g_pScheduleServiceSid, &IsMember);
if (IsMember)
return STATUS_SUCCESS;
}
}
return STATUS_ACCESS_DENIED;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment