_tprintf(_T("Checking process' ACL for problematic entries...\n"));// prepare

1. _tprintf(_T("Checking process' ACL for problematic entries...\n"));
2. // prepare to change ACL, open with limited access
3. process_handle = OpenProcess(WRITE_DAC|READ_CONTROL, FALSE, pid);
4. if (process_handle == NULL)
5. {
6.     _tprintf(_T("Failed to open process 0x%x to adjust ACL: 0x%x\n"), pid, GetLastError());
7.     return -1;
8. }
9.  
10. PACL dacl;
11. ACL_SIZE_INFORMATION acl_info;
12. PSECURITY_DESCRIPTOR sd;
13. PVOID ace;
14. PACCESS_DENIED_ACE ad_ace;
15. DWORD num_aces = 0;
16.  
17. if (ERROR_SUCCESS != GetSecurityInfo(process_handle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, &dacl, 0, &sd))
18. {
19.     _tprintf(_T("GetSecurityInfo failed: 0x%x\n"), GetLastError());
20. }
21.  
22. if (!GetAclInformation(dacl, &acl_info, sizeof(acl_info), AclSizeInformation))
23. {
24.     _tprintf(_T("GetAclInformation failed: 0x%x\n"), GetLastError());
25. }
26.  
27. num_aces = acl_info.AceCount;
28. _tprintf(_T("Number of ACEs: %d\n"), num_aces);
29. for (int a=0; a<num_aces; a++)  // walk through ACE list
30. {
31.     if (!GetAce(dacl, a, &ace))
32.     {
33.         _tprintf(_T("GetAce(%d) failed: 0x%x\n"), a, GetLastError());
34.     }
35.     if (((PACE_HEADER)ace)->AceType == ACCESS_DENIED_ACE_TYPE)
36.     {
37.         _tprintf(_T("Got ACCESS_DENIED ACE (%d)\n"), a);
38.         ad_ace = (PACCESS_DENIED_ACE)ace;
39.         DWORD mask = PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_SUSPEND_RESUME;
40.         //_tprintf(_T("ACE mask: 0x%x, target: 0x%x\n"), ad_ace->Mask, mask);
41.         if ((ad_ace->Mask & mask) != 0) // this ACE denies what we need, remove it
42.         {
43.             _tprintf(_T("Deleting ACE %d that denies VM operations\n"), a);
44.             if (!DeleteAce(dacl, a))
45.             {
46.                 _tprintf(_T("DeleteAce failed: 0x%x\n"), GetLastError());
47.             }
48.             else
49.             {
50.                 num_aces--;
51.                 if (!SetSecurityInfo(process_handle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, dacl, 0))
52.                 {
53.                     _tprintf(_T("SetSecurityInfo failed: 0x%x\n"), GetLastError());
54.                 }
55.             }
56.         }
57.     }
58. }
59.    
60. LocalFree(sd);
61. CloseHandle(process_handle);
62.  
63. Checking process' ACL for problematic entries...
64. Number of ACEs: 4
65. Got ACCESS_DENIED ACE (0)
66. Deleting ACE 0 that denies VM operations
67. SetSecurityInfo failed: 0x7a
68. Opened \Device\HarddiskVolume2\Program Files\Internet Explorer\iexplore.exe as PID 00000164
69. Process suspended, 23 threads