From e20eeb3eb159688c1417b4bb6f0371dbed7ec8e6 Mon Sep 17 00:00:00 2001 From: midipix Date: Mon, 27 May 2019 21:58:54 +0000 Subject: debug helpers: added __ntapi_tt_create_{attach_}debug_object(). --- src/debug/ntapi_tt_create_debug_object.c | 114 +++++++++++++++++++++++++++++++ src/internal/ntapi.c | 4 ++ src/internal/ntapi_fnapi.h | 6 +- 3 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 src/debug/ntapi_tt_create_debug_object.c (limited to 'src') diff --git a/src/debug/ntapi_tt_create_debug_object.c b/src/debug/ntapi_tt_create_debug_object.c new file mode 100644 index 0000000..334ffd2 --- /dev/null +++ b/src/debug/ntapi_tt_create_debug_object.c @@ -0,0 +1,114 @@ +#include +#include +#include +#include +#include +#include "ntapi_impl.h" + +static nt_access_allowed_ace * __dbg_ace_init( + nt_access_allowed_ace * ace, + uint32_t mask, + const nt_sid * sid) +{ + ace->mask = mask; + ace->header.ace_type = NT_ACE_TYPE_ACCESS_ALLOWED; + ace->header.ace_flags = 0; + ace->header.ace_size = sizeof(uint32_t) * sid->sub_authority_count + + __offsetof(nt_access_allowed_ace,sid_start) + + __offsetof(nt_sid,sub_authority); + + __ntapi->tt_sid_copy( + (nt_sid *)&ace->sid_start, + sid); + + return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size); +} + +static void __dbg_sd_init(nt_sd_common_buffer * sd) +{ + nt_access_allowed_ace * ace; + uint32_t mask_system; + uint32_t mask_owner; + uint32_t mask_other; + + /* access mask */ + mask_system = NT_DEBUG_ALL_ACCESS; + mask_owner = NT_DEBUG_ALL_ACCESS; + mask_other = NT_SEC_READ_CONTROL | NT_SEC_SYNCHRONIZE; + + /* sd header */ + sd->sd.revision = 1; + sd->sd.sbz_1st = 0; + sd->sd.control = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT; + sd->sd.offset_owner = __offsetof(nt_sd_common_buffer,owner); + sd->sd.offset_group = 0; + sd->sd.offset_dacl = __offsetof(nt_sd_common_buffer,dacl); + sd->sd.offset_sacl = 0; + + /* owner sid */ + __ntapi->tt_sid_copy( + (nt_sid *)&sd->owner, + __ntapi_internals()->user); + + + /* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */ + ace = (nt_access_allowed_ace *)&sd->buffer; + ace = __dbg_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}}); + ace = __dbg_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}}); + ace = __dbg_ace_init(ace,mask_owner,(nt_sid *)&sd->owner); + + sd->dacl.acl_revision = 0x02; + sd->dacl.sbz_1st = 0; + sd->dacl.acl_size = (uint16_t)((char *)ace - (char *)&sd->dacl); + sd->dacl.ace_count = 3; + sd->dacl.sbz_2nd = 0; + +} + +int32_t __stdcall __ntapi_tt_create_debug_object( + __out void ** hdbgobj, + __in uint32_t flags) +{ + nt_oa oa; + nt_sd_common_buffer sd; + nt_sqos sqos = { + sizeof(sqos), + NT_SECURITY_IMPERSONATION, + NT_SECURITY_TRACKING_DYNAMIC, + 1}; + + __dbg_sd_init(&sd); + + oa.len = sizeof(oa); + oa.root_dir = 0; + oa.obj_name = 0; + oa.obj_attr = 0; + oa.sec_desc = &sd.sd; + oa.sec_qos = &sqos; + + return __ntapi->zw_create_debug_object( + hdbgobj, + NT_DEBUG_ALL_ACCESS, + &oa,flags); +} + +int32_t __stdcall __ntapi_tt_create_attach_debug_object( + __out void ** hdbgobj, + __in void * hprocess, + __in uint32_t flags) +{ + int32_t status; + void * hdebug; + + if ((status = __ntapi_tt_create_debug_object(&hdebug,flags))) + return status; + + if ((status = __ntapi->zw_debug_active_process(hprocess,hdebug))) { + __ntapi->zw_close(hdebug); + return status; + } + + *hdbgobj = hdebug; + + return NT_STATUS_SUCCESS; +} diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c index c96c62b..2bd5299 100644 --- a/src/internal/ntapi.c +++ b/src/internal/ntapi.c @@ -443,6 +443,10 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl) __ntapi->log_fn_call = __ntapi_log_fn_call; __ntapi->log_msg = __ntapi_log_msg; + /* nt_debug.h */ + __ntapi->tt_create_debug_object = __ntapi_tt_create_debug_object; + __ntapi->tt_create_attach_debug_object = __ntapi_tt_create_attach_debug_object; + /* OS version dependent functions */ if (__ntapi->zw_create_user_process) { diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h index f1a6792..1ee52ed 100644 --- a/src/internal/ntapi_fnapi.h +++ b/src/internal/ntapi_fnapi.h @@ -329,11 +329,15 @@ NTAPI_UFN(tt_guid_compare); NTAPI_UFN(tt_guid_to_string_utf16); NTAPI_UFN(tt_string_to_guid_utf16); -/* debug */ +/* log */ NTAPI_UFN(log_write); NTAPI_UFN(log_fn_call); NTAPI_UFN(log_msg); +/* debug */ +NTAPI_UFN(tt_create_debug_object); +NTAPI_UFN(tt_create_attach_debug_object); + /* csrss */ NTAPI_VFN(tt_get_csr_port_handle_addr_by_logic,i386); NTAPI_VFN(tt_get_csr_port_handle_addr_by_logic,x86_64); -- cgit v1.2.3