-
-
Save tingtho/ac9eda009a071bf532236cad90c44b02 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct RTL_PROTECTED_ACCESS { | |
| DWORD DominateMask; | |
| DWORD DeniedProcessAccess; | |
| DWORD DeniedThreadAccess; | |
| }; | |
| bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target) | |
| { | |
| if ( Target.Type == 0 ) | |
| return true; | |
| if ( Requester.Type < Target.Type ) | |
| return false; | |
| return _bittest(&RtlProtectedAccess[Requester.Signer].DominateMask, Requester.Signer); | |
| } | |
| bool PspCheckForInvalidAccessByProtection(KPROCESSOR_MODE Mode, _PS_PROTECTION RequesterProt, _PS_PROTECTION TargetProt) | |
| { | |
| return Mode == UserMode && !RtlTestProtectedAccess(RequesterProt, TargetProt); | |
| } | |
| bool PsTestProtectedProcessIncompatibility(KPROCESSOR_MODE Mode, _EPROCESS *Requester, _EPROCESS *Target) | |
| { | |
| // 2 checks against unknown global variables omitted | |
| return Requester != Target | |
| && PspCheckForInvalidAccessByProtection(Mode, Requester->Protection, Target->Protection); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment