windows-nt/Source/XPSP1/NT/ds/security/winsafer/test/guesslev/guesslev.cpp

114 lines
3.6 KiB
C++
Raw Normal View History

2020-09-26 03:20:57 -05:00
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <winsafer.h>
int _cdecl dwcompare(const void* pv1, const void* pv2)
{
DWORD dw1 = *(DWORD*)pv1;
DWORD dw2 = *(DWORD*)pv2;
if (dw1 < dw2) return -1;
if (dw1 > dw2) return 1;
return 0;
}
void _cdecl main()
{
BOOL bStatus;
DWORD dwInert;
DWORD dwOutBufSize;
DWORD dwNumLevels;
DWORD i;
HANDLE hProcessToken;
bStatus = OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY,
&hProcessToken);
if (!bStatus) goto done;
bStatus = GetTokenInformation(hProcessToken,
TokenSandBoxInert,
&dwInert,
sizeof(DWORD),
&dwOutBufSize);
if (!bStatus) goto done;
printf("Process Token: INERT = %d\n", dwInert);
printf("Enumerating available SAFER levels\n");
bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
CodeAuthzPol_LevelList,
0,
NULL,
&dwOutBufSize,
NULL);
if (!bStatus)
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto done;
DWORD* pdwLevels = new DWORD[dwOutBufSize];
if (!pdwLevels)
{
printf("Out of memory\n");
goto done;
}
bStatus = GetInformationCodeAuthzPolicyW(AUTHZSCOPEID_MACHINE,
CodeAuthzPol_LevelList,
dwOutBufSize * sizeof(DWORD),
pdwLevels,
&dwOutBufSize,
NULL);
if (!bStatus) goto done;
dwNumLevels = dwOutBufSize / sizeof(DWORD);
// I need to compare these in sorted order, so I do that myself rather
// than rely on the api to do so
qsort(pdwLevels, dwNumLevels, sizeof(DWORD), dwcompare);
for (i = 0; i < dwNumLevels; i++)
{
HAUTHZLEVEL hCodeAuthLevel;
HANDLE hOutToken;
DWORD dwResult;
bStatus = CreateCodeAuthzLevel(AUTHZSCOPEID_MACHINE,
pdwLevels[i],
AUTHZCRLEV_OPEN,
&hCodeAuthLevel,
NULL);
if (!bStatus) goto done;
bStatus = ComputeAccessTokenFromCodeAuthzLevel(hCodeAuthLevel,
hProcessToken,
NULL,
AUTHZTOKEN_COMPARE_ONLY,
(LPVOID)&dwResult);
if (!bStatus) printf("ComputeAccessTokenFromCodeAuthzLevel failed with GLE=%d\n", GetLastError());
if (dwResult != -1)
printf("Level %d: Authorization comparison equal or greater privileged\n", pdwLevels[i]);
else
printf("Level %d: Authorization comparison less privileged.\n", pdwLevels[i]);
bStatus = CloseCodeAuthzLevel(hCodeAuthLevel);
if (!bStatus) goto done;
}
}
done:
if (!bStatus)
{
printf("operation failed with GLE=%d\n", GetLastError());
}
// Sleep(3000);
return;
}