Mirrored_Repos/LookingGlass
1
0
Fork 0
mirror of https://github.com/gnif/LookingGlass.git synced 2024-11-10 08:38:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[host] service: compare SIDs directly without string conversion

Browse Source 
Instead of converting every SID to string with ConvertSidToStringSidA
and compare it with the magical SID string for local system with strcmp,
we could instead create the local system SID and compare directly with
EqualSid.
This commit is contained in:
Quantum 2021-04-26 03:11:23 -04:00 committed by Geoffrey McRae
parent 93d97424df
commit 6a1ec9420e
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
host/platform/Windows/src/service.c
View File

@ -171,6 +171,16 @@ HANDLE dupeSystemProcessToken(void)
EnumProcesses(pids, count * sizeof(DWORD), &returned);
returned /= sizeof(DWORD);
char systemSidBuf[SECURITY_MAX_SID_SIZE];
PSID systemSid = (PSID) systemSidBuf;
DWORD cbSystemSid = sizeof systemSidBuf;
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, systemSid, &cbSystemSid))
{
doLog("failed to create local system SID");
return NULL;
}
for(DWORD i = 0; i < returned; ++i)
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pids[i]);
@ -189,13 +199,8 @@ HANDLE dupeSystemProcessToken(void)
if (!GetTokenInformation(hToken, TokenUser, user, sizeof(userBuf), &tmp))
goto err_token;
CHAR * sid = NULL;
if (!ConvertSidToStringSidA(user->User.Sid, &sid))
goto err_token;
if (strcmp(sid, "S-1-5-18") == 0)
if (EqualSid(user->User.Sid, systemSid))
{
LocalFree(sid);
CloseHandle(hProcess);
// duplicate the token so we can use it
@ -208,7 +213,6 @@ HANDLE dupeSystemProcessToken(void)
return hDupe;
}
LocalFree(sid);
err_token:
CloseHandle(hToken);
err_proc: