summaryrefslogtreecommitdiffhomepage
path: root/src/internal/ntapi.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/internal/ntapi.c')
-rw-r--r--src/internal/ntapi.c24
1 files changed, 21 insertions, 3 deletions
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index f0b4431..aaf1b33 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -94,6 +94,8 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
void * hntdll;
size_t block_size;
size_t buf[64];
+ unsigned char * value;
+ uint16_t sacnt;
nt_oa oa;
nt_cid cid;
ntapi_zw_allocate_virtual_memory * pfn_zw_allocate_virtual_memory;
@@ -482,7 +484,7 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
internals->htoken,
NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE);
- /* sid */
+ /* user */
if ((status = __ntapi->zw_query_information_token(
internals->htoken,
NT_TOKEN_USER,
@@ -490,12 +492,28 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
&block_size)))
return status;
- internals->sid = (nt_sid *)&internals->sid_buffer;
+ internals->user = (nt_sid *)&internals->sid_buffer[0];
+ internals->admin = (nt_sid *)&internals->sid_buffer[1];
__ntapi->tt_sid_copy(
- internals->sid,
+ internals->user,
((nt_sid_and_attributes *)buf)->sid);
+ /* admin */
+ value = internals->user->identifier_authority.value;
+ sacnt = internals->user->sub_authority_count;
+
+ if ((value[0] == 0) && (value[1] == 0)
+ && (value[2] == 0) && (value[3] == 0)
+ && (value[4] == 0) && (value[5] == 5)
+ && internals->user->sub_authority[0] == 21) {
+ __ntapi->tt_sid_copy(
+ internals->admin,
+ internals->user);
+
+ internals->admin->sub_authority[sacnt - 1] = 500;
+ }
+
/* done */
*pvtbl = &___ntapi_shadow;
at_locked_inc(&__ntapi_init_idx);