From 20e95575948faec1eca2e88967e985539a512cd5 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Sun, 18 Apr 2021 17:46:44 -0500 Subject: [PATCH] ntdll: Elevate processes if requested in RtlCreateUserProcess(). Signed-off-by: Zebediah Figura --- dlls/ntdll/process.c | 79 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 5 deletions(-) diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c index 160b1f549c9..fd437ea07d4 100644 --- a/dlls/ntdll/process.c +++ b/dlls/ntdll/process.c @@ -39,6 +39,9 @@ WINE_DEFAULT_DEBUG_CHANNEL(process); +/* we don't want to include winuser.h */ +#define CREATEPROCESS_MANIFEST_RESOURCE_ID ((ULONG_PTR)1) + /****************************************************************************** * RtlGetCurrentPeb [NTDLL.@] * @@ -82,6 +85,63 @@ NTSTATUS WINAPI RtlWow64EnableFsRedirectionEx( ULONG disable, ULONG *old_value ) } +static BOOL image_needs_elevation( const UNICODE_STRING *path ) +{ + ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level; + UNICODE_STRING path0; + BOOL ret = FALSE; + HANDLE handle; + ACTCTXW ctx; + + if (RtlDuplicateUnicodeString( 1, path, &path0 )) + return FALSE; + + ctx.cbSize = sizeof(ctx); + ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID; + ctx.lpSource = path0.Buffer; + ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID; + + if (RtlCreateActivationContext( &handle, &ctx )) + { + RtlFreeUnicodeString( &path0 ); + return FALSE; + } + + if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext, + &run_level, sizeof(run_level), NULL )) + { + TRACE( "image requested run level %#x\n", run_level.RunLevel ); + if (run_level.RunLevel == ACTCTX_RUN_LEVEL_HIGHEST_AVAILABLE + || run_level.RunLevel == ACTCTX_RUN_LEVEL_REQUIRE_ADMIN) + ret = TRUE; + } + RtlReleaseActivationContext( handle ); + RtlFreeUnicodeString( &path0 ); + return ret; +} + + +static HANDLE get_elevated_token(void) +{ + TOKEN_ELEVATION_TYPE type; + TOKEN_LINKED_TOKEN linked; + NTSTATUS status; + + if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), + TokenElevationType, &type, sizeof(type), NULL ))) + return NULL; + + if (type == TokenElevationTypeFull) return NULL; + + + if ((status = NtQueryInformationToken( GetCurrentThreadEffectiveToken(), + TokenLinkedToken, &linked, sizeof(linked), NULL ))) + return NULL; + + return linked.LinkedToken; +} + + /********************************************************************** * RtlWow64GetCurrentMachine (NTDLL.@) */ @@ -294,8 +354,15 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, PS_CREATE_INFO create_info; ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[6] ) / sizeof(ULONG_PTR)]; PS_ATTRIBUTE_LIST *attr = (PS_ATTRIBUTE_LIST *)buffer; + HANDLE elevated_token = NULL; + NTSTATUS status; UINT pos = 0; + /* It's not clear whether we should use path or ¶ms->ImagePathName here, + * but Roblox Player tries to pass an empty string for the latter. */ + if (!token && image_needs_elevation( path )) + token = elevated_token = get_elevated_token(); + RtlNormalizeProcessParams( params ); attr->Attributes[pos].Attribute = PS_ATTRIBUTE_IMAGE_NAME; @@ -342,11 +409,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, InitializeObjectAttributes( &process_attr, NULL, 0, NULL, process_descr ); InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, thread_descr ); - return NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, - &process_attr, &thread_attr, - inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0, - THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params, - &create_info, attr ); + status = NtCreateUserProcess( &info->Process, &info->Thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS, + &process_attr, &thread_attr, + inherit ? PROCESS_CREATE_FLAGS_INHERIT_HANDLES : 0, + THREAD_CREATE_FLAGS_CREATE_SUSPENDED, params, &create_info, attr ); + + if (elevated_token) NtClose( elevated_token ); + return status; } /*********************************************************************** -- 2.32.0