mirror of
https://github.com/gnif/LookingGlass.git
synced 2024-11-10 08:38:20 +00:00
[host] service: compare SIDs directly without string conversion
Instead of converting every SID to string with ConvertSidToStringSidA and compare it with the magical SID string for local system with strcmp, we could instead create the local system SID and compare directly with EqualSid.
This commit is contained in:
parent
93d97424df
commit
6a1ec9420e
@ -171,6 +171,16 @@ HANDLE dupeSystemProcessToken(void)
|
||||
EnumProcesses(pids, count * sizeof(DWORD), &returned);
|
||||
returned /= sizeof(DWORD);
|
||||
|
||||
char systemSidBuf[SECURITY_MAX_SID_SIZE];
|
||||
PSID systemSid = (PSID) systemSidBuf;
|
||||
DWORD cbSystemSid = sizeof systemSidBuf;
|
||||
|
||||
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, systemSid, &cbSystemSid))
|
||||
{
|
||||
doLog("failed to create local system SID");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
for(DWORD i = 0; i < returned; ++i)
|
||||
{
|
||||
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pids[i]);
|
||||
@ -189,13 +199,8 @@ HANDLE dupeSystemProcessToken(void)
|
||||
if (!GetTokenInformation(hToken, TokenUser, user, sizeof(userBuf), &tmp))
|
||||
goto err_token;
|
||||
|
||||
CHAR * sid = NULL;
|
||||
if (!ConvertSidToStringSidA(user->User.Sid, &sid))
|
||||
goto err_token;
|
||||
|
||||
if (strcmp(sid, "S-1-5-18") == 0)
|
||||
if (EqualSid(user->User.Sid, systemSid))
|
||||
{
|
||||
LocalFree(sid);
|
||||
CloseHandle(hProcess);
|
||||
|
||||
// duplicate the token so we can use it
|
||||
@ -208,7 +213,6 @@ HANDLE dupeSystemProcessToken(void)
|
||||
return hDupe;
|
||||
}
|
||||
|
||||
LocalFree(sid);
|
||||
err_token:
|
||||
CloseHandle(hToken);
|
||||
err_proc:
|
||||
|
Loading…
Reference in New Issue
Block a user