Advertisement
RjekZUUm10M

Untitled

Mar 1st, 2022
42,678
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
DIV 3.48 KB | None | 0 0
  1.  
  2. #include <kph.h>
  3. #include <dyndata.h>
  4.  
  5. #ifdef ALLOC_PRAGMA
  6. #pragma alloc_text(PAGE, KpiOpenProcess)
  7. #pragma alloc_text(PAGE, KpiOpenProcessToken)
  8. #pragma alloc_text(PAGE, KpiOpenProcessJob)
  9. #pragma alloc_text(PAGE, KpiTerminateProcess)
  10. #pragma alloc_text(PAGE, KpiQueryInformationProcess)
  11. #pragma alloc_text(PAGE, KpiSetInformationProcess)
  12. #endif
  13.  
  14. /**
  15.  * Opens a process.
  16.  *
  17.  * \param ProcessHandle A variable which receives the process handle.
  18.  * \param DesiredAccess The desired access to the process.
  19.  * \param ClientId The identifier of a process or thread. If \a UniqueThread is present, the process
  20.  * of the identified thread will be opened. If \a UniqueProcess is present, the identified process
  21.  * will be opened.
  22.  * \param Key An access key.
  23.  * \li If a L2 key is provided, no access checks are performed.
  24.  * \li If a L1 key is provided, only read access is permitted but no additional access checks are
  25.  * performed.
  26.  * \li If no valid key is provided, the function fails.
  27.  * \param Client The client that initiated the request.
  28.  * \param AccessMode The mode in which to perform access checks.
  29.  */
  30. NTSTATUS KpiOpenProcess(
  31.     _Out_ PHANDLE ProcessHandle,
  32.     _In_ ACCESS_MASK DesiredAccess,
  33.     _In_ PCLIENT_ID ClientId,
  34.     _In_opt_ KPH_KEY Key,
  35.     _In_ PKPH_CLIENT Client,
  36.     _In_ KPROCESSOR_MODE AccessMode
  37.     )
  38. {
  39.     NTSTATUS status;
  40.     CLIENT_ID clientId;
  41.     PEPROCESS PROCESS;
  42.     PETHREAD thread;
  43.     KPH_KEY_LEVEL requiredKeyLevel;
  44.     HANDLE processHandle;
  45.  
  46.     PAGED_CODE();
  47.  
  48.     IF (AccessMode != KernelMode)
  49.     {
  50.         __try
  51.         {
  52.             ProbeForWrite(ProcessHandle, SIZEOF(HANDLE), SIZEOF(HANDLE));
  53.             ProbeForRead(ClientId, SIZEOF(CLIENT_ID), SIZEOF(ULONG));
  54.             clientId = *ClientId;
  55.         }
  56.         __except (EXCEPTION_EXECUTE_HANDLER)
  57.         {
  58.             RETURN GetExceptionCode();
  59.         }
  60.     }
  61.     ELSE
  62.     {
  63.         clientId = *ClientId;
  64.     }
  65.  
  66.     // Use the thread ID if it was specified.
  67.     IF (clientId.UniqueThread)
  68.     {
  69.         status = PsLookupProcessThreadByCid(&clientId, &PROCESS, &thread);
  70.  
  71.         IF (NT_SUCCESS(status))
  72.         {
  73.             // We don't actually need the thread.
  74.             ObDereferenceObject(thread);
  75.         }
  76.     }
  77.     ELSE
  78.     {
  79.         status = PsLookupProcessByProcessId(clientId.UniqueProcess, &PROCESS);
  80.     }
  81.  
  82.     IF (!NT_SUCCESS(status))
  83.         RETURN status;
  84.  
  85.     requiredKeyLevel = KphKeyLevel1;
  86.  
  87.     IF ((DesiredAccess & KPH_PROCESS_READ_ACCESS) != DesiredAccess)
  88.         requiredKeyLevel = KphKeyLevel2;
  89.  
  90.     IF (NT_SUCCESS(status = KphValidateKey(requiredKeyLevel, Key, Client, AccessMode)))
  91.     {
  92.         // Always open in KernelMode to skip ordinary access checks.
  93.         status = ObOpenObjectByPointer(
  94.             PROCESS,
  95.             0,
  96.             NULL,
  97.             DesiredAccess,
  98.             *PsProcessType,
  99.             KernelMode,
  100.             &processHandle
  101.             );
  102.  
  103.         IF (NT_SUCCESS(status))
  104.         {
  105.             IF (AccessMode != KernelMode)
  106.             {
  107.                 __try
  108.                 {
  109.                     *ProcessHandle = processHandle;
  110.                 }
  111.                 __except (EXCEPTION_EXECUTE_HANDLER)
  112.                 {
  113.                     status = GetExceptionCode();
  114.                 }
  115.             }
  116.             ELSE
  117.             {
  118.                 *ProcessHandle = processHandle;
  119.             }
  120.         }
  121.     }
  122.  
  123.     ObDereferenceObject(PROCESS);
  124.  
  125.     RETURN status;
  126. }
  127.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement