diff options
Diffstat (limited to 'src/internal/ntapi.c')
-rw-r--r-- | src/internal/ntapi.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index f0b4431..aaf1b33 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -94,6 +94,8 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) void * hntdll; size_t block_size; size_t buf[64]; + unsigned char * value; + uint16_t sacnt; nt_oa oa; nt_cid cid; ntapi_zw_allocate_virtual_memory * pfn_zw_allocate_virtual_memory; @@ -482,7 +484,7 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) internals->htoken, NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE); - /* sid */ + /* user */ if ((status = __ntapi->zw_query_information_token( internals->htoken, NT_TOKEN_USER, @@ -490,12 +492,28 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) &block_size))) return status; - internals->sid = (nt_sid *)&internals->sid_buffer; + internals->user = (nt_sid *)&internals->sid_buffer[0]; + internals->admin = (nt_sid *)&internals->sid_buffer[1]; __ntapi->tt_sid_copy( - internals->sid, + internals->user, ((nt_sid_and_attributes *)buf)->sid); + /* admin */ + value = internals->user->identifier_authority.value; + sacnt = internals->user->sub_authority_count; + + if ((value[0] == 0) && (value[1] == 0) + && (value[2] == 0) && (value[3] == 0) + && (value[4] == 0) && (value[5] == 5) + && internals->user->sub_authority[0] == 21) { + __ntapi->tt_sid_copy( + internals->admin, + internals->user); + + internals->admin->sub_authority[sacnt - 1] = 500; + } + /* done */ *pvtbl = &___ntapi_shadow; at_locked_inc(&__ntapi_init_idx); |