summaryrefslogtreecommitdiffhomepage
path: root/src/debug/ntapi_tt_create_debug_object.c
blob: 334ffd25d6722bd6b1f514a3d8f6bc4cf76c5922 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#include <psxtypes/psxtypes.h>
#include <ntapi/nt_object.h>
#include <ntapi/nt_debug.h>
#include <ntapi/nt_guid.h>
#include <ntapi/nt_acl.h>
#include "ntapi_impl.h"

static nt_access_allowed_ace * __dbg_ace_init(
	nt_access_allowed_ace * ace,
	uint32_t		mask,
	const nt_sid *		sid)
{
	ace->mask             = mask;
	ace->header.ace_type  = NT_ACE_TYPE_ACCESS_ALLOWED;
	ace->header.ace_flags = 0;
	ace->header.ace_size  = sizeof(uint32_t) * sid->sub_authority_count
	                        + __offsetof(nt_access_allowed_ace,sid_start)
	                        + __offsetof(nt_sid,sub_authority);

	__ntapi->tt_sid_copy(
		(nt_sid *)&ace->sid_start,
		sid);

	return (nt_access_allowed_ace *)((size_t)ace + ace->header.ace_size);
}

static void __dbg_sd_init(nt_sd_common_buffer * sd)
{
	nt_access_allowed_ace * ace;
	uint32_t		mask_system;
	uint32_t		mask_owner;
	uint32_t		mask_other;

	/* access mask */
	mask_system = NT_DEBUG_ALL_ACCESS;
	mask_owner  = NT_DEBUG_ALL_ACCESS;
	mask_other  = NT_SEC_READ_CONTROL | NT_SEC_SYNCHRONIZE;

	/* sd header */
	sd->sd.revision         = 1;
	sd->sd.sbz_1st          = 0;
	sd->sd.control          = NT_SE_SELF_RELATIVE | NT_SE_DACL_PRESENT;
	sd->sd.offset_owner     = __offsetof(nt_sd_common_buffer,owner);
	sd->sd.offset_group     = 0;
	sd->sd.offset_dacl      = __offsetof(nt_sd_common_buffer,dacl);
	sd->sd.offset_sacl      = 0;

	/* owner sid */
	__ntapi->tt_sid_copy(
		(nt_sid *)&sd->owner,
		__ntapi_internals()->user);


	/* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
	ace = (nt_access_allowed_ace *)&sd->buffer;
	ace = __dbg_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
	ace = __dbg_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
	ace = __dbg_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);

	sd->dacl.acl_revision   = 0x02;
	sd->dacl.sbz_1st        = 0;
	sd->dacl.acl_size       = (uint16_t)((char *)ace - (char *)&sd->dacl);
	sd->dacl.ace_count      = 3;
	sd->dacl.sbz_2nd        = 0;

}

int32_t __stdcall __ntapi_tt_create_debug_object(
	__out	void **		hdbgobj,
	__in	uint32_t	flags)
{
	nt_oa			oa;
	nt_sd_common_buffer	sd;
	nt_sqos			sqos = {
					sizeof(sqos),
					NT_SECURITY_IMPERSONATION,
					NT_SECURITY_TRACKING_DYNAMIC,
					1};

	__dbg_sd_init(&sd);

	oa.len       = sizeof(oa);
	oa.root_dir  = 0;
	oa.obj_name  = 0;
	oa.obj_attr  = 0;
	oa.sec_desc  = &sd.sd;
	oa.sec_qos   = &sqos;

	return __ntapi->zw_create_debug_object(
		hdbgobj,
		NT_DEBUG_ALL_ACCESS,
		&oa,flags);
}

int32_t __stdcall __ntapi_tt_create_attach_debug_object(
	__out	void **		hdbgobj,
	__in	void *		hprocess,
	__in	uint32_t	flags)
{
	int32_t	status;
	void *	hdebug;

	if ((status = __ntapi_tt_create_debug_object(&hdebug,flags)))
		return status;

	if ((status = __ntapi->zw_debug_active_process(hprocess,hdebug))) {
		__ntapi->zw_close(hdebug);
		return status;
	}

	*hdbgobj = hdebug;

	return NT_STATUS_SUCCESS;
}