You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to write a mod that sets security permission to a memory area. Currently for testing purposes it injects msaint.exe (this is not intended in final version). It seems, NtOpenSection returns error for unknown reson (regardless if to start it as admin or not).
Here is the code:
// ==WindhawkMod==
// @id classic-theme-enable
// @name Enable Classic Theme
// @description Disables theming by closing the handle
// @version 0.1
// @author Anixx
// @github https://github.com/nat
// @twitter https://twitter.com/jack
// @homepage https://your-personal-homepage.example.com/
// @include mspaint.exe
// @compilerOptions -lntdll
// ==/WindhawkMod==
#include <windows.h>
#include <iostream>
#include <sddl.h>
#include <winternl.h>
#include <aclapi.h>
// Define the prototype for the NtOpenSection function.
extern "C" NTSTATUS NTAPI NtOpenSection(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);
BOOL Wh_ModInit() {
Wh_Log(L"Init");
// Retrieve the current session ID for the process.
DWORD sessionId;
if (!ProcessIdToSessionId(GetCurrentProcessId(), &sessionId)) {
std::wcerr << L"Error getting session ID: " << GetLastError() << std::endl;
return 1;
}
wchar_t sectionName[256];
swprintf_s(sectionName, _countof(sectionName), L"\\Sessions\\%lu\\BaseNamedObjects\\Windows\\ThemeSection", sessionId);
// Define the name of the section object.
UNICODE_STRING sectionObjectName;
RtlInitUnicodeString(§ionObjectName, sectionName);
// Define the attributes for the section object.
OBJECT_ATTRIBUTES objectAttributes;
InitializeObjectAttributes(&objectAttributes, §ionObjectName, OBJ_CASE_INSENSITIVE, NULL, NULL);
HANDLE hSection;
NTSTATUS status = NtOpenSection(&hSection, SECTION_ALL_ACCESS, &objectAttributes);
// Define your SDDL string.
LPCWSTR sddl = L"O:BAG:SYD:(A;;RC;;;IU)(A;;DCSWRPSDRCWDWO;;;SY)";
PSECURITY_DESCRIPTOR psd = NULL;
// Convert the SDDL string to a security descriptor.
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &psd, NULL)) {
std::wcerr << L"Error converting SDDL to security descriptor: " << GetLastError() << std::endl;
CloseHandle(hSection);
return 1;
}
// Set the security descriptor for the object.
DWORD result = SetSecurityInfo(
hSection,
SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
((SECURITY_DESCRIPTOR*)psd)->Dacl,
NULL
);
// Cleanup: free allocated security descriptor memory and close the handle.
LocalFree(psd);
CloseHandle(hSection);
return result == ERROR_SUCCESS ? 0 : 1;
}
// The mod is being unloaded, free all allocated resources.
void Wh_ModUninit() {
Wh_Log(L"Uninit");
}
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am trying to write a mod that sets security permission to a memory area. Currently for testing purposes it injects msaint.exe (this is not intended in final version). It seems, NtOpenSection returns error for unknown reson (regardless if to start it as admin or not).
Here is the code:
Please, help!
Beta Was this translation helpful? Give feedback.
All reactions