Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _tprintf(_T("Checking process' ACL for problematic entries...\n"));
- // prepare to change ACL, open with limited access
- process_handle = OpenProcess(WRITE_DAC|READ_CONTROL, FALSE, pid);
- if (process_handle == NULL)
- {
- _tprintf(_T("Failed to open process 0x%x to adjust ACL: 0x%x\n"), pid, GetLastError());
- return -1;
- }
- PACL dacl;
- ACL_SIZE_INFORMATION acl_info;
- PSECURITY_DESCRIPTOR sd;
- PVOID ace;
- PACCESS_DENIED_ACE ad_ace;
- DWORD num_aces = 0;
- if (ERROR_SUCCESS != GetSecurityInfo(process_handle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, &dacl, 0, &sd))
- {
- _tprintf(_T("GetSecurityInfo failed: 0x%x\n"), GetLastError());
- }
- if (!GetAclInformation(dacl, &acl_info, sizeof(acl_info), AclSizeInformation))
- {
- _tprintf(_T("GetAclInformation failed: 0x%x\n"), GetLastError());
- }
- num_aces = acl_info.AceCount;
- _tprintf(_T("Number of ACEs: %d\n"), num_aces);
- for (int a=0; a<num_aces; a++) // walk through ACE list
- {
- if (!GetAce(dacl, a, &ace))
- {
- _tprintf(_T("GetAce(%d) failed: 0x%x\n"), a, GetLastError());
- }
- if (((PACE_HEADER)ace)->AceType == ACCESS_DENIED_ACE_TYPE)
- {
- _tprintf(_T("Got ACCESS_DENIED ACE (%d)\n"), a);
- ad_ace = (PACCESS_DENIED_ACE)ace;
- DWORD mask = PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_SUSPEND_RESUME;
- //_tprintf(_T("ACE mask: 0x%x, target: 0x%x\n"), ad_ace->Mask, mask);
- if ((ad_ace->Mask & mask) != 0) // this ACE denies what we need, remove it
- {
- _tprintf(_T("Deleting ACE %d that denies VM operations\n"), a);
- if (!DeleteAce(dacl, a))
- {
- _tprintf(_T("DeleteAce failed: 0x%x\n"), GetLastError());
- }
- else
- {
- num_aces--;
- if (!SetSecurityInfo(process_handle, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, dacl, 0))
- {
- _tprintf(_T("SetSecurityInfo failed: 0x%x\n"), GetLastError());
- }
- }
- }
- }
- }
- LocalFree(sd);
- CloseHandle(process_handle);
- Checking process' ACL for problematic entries...
- Number of ACEs: 4
- Got ACCESS_DENIED ACE (0)
- Deleting ACE 0 that denies VM operations
- SetSecurityInfo failed: 0x7a
- Opened \Device\HarddiskVolume2\Program Files\Internet Explorer\iexplore.exe as PID 00000164
- Process suspended, 23 threads
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement