keyauth-cpp-library-1.3API/Security.hpp at fdb4ed8ed828fd3f984207a52dcf5eebe4154aab · KeyAuth/keyauth-cpp-library-1.3API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#pragma once
#include <Windows.h>
#include <string>
#include <accctrl.h>
#include <aclapi.h>
#include <bcrypt.h>


auto is_hooked = [](void* fn) -> bool {
    if (!fn) return true;


    BYTE bytes[5];
    memcpy(bytes, fn, 5);


    if (bytes[0] == 0xE9 || bytes[0] == 0xE8)
        return true;

    if (bytes[0] == 0xFF && bytes[1] == 0x25)
        return true;

    return false;
    };


// code submitted in pull request from https://github.com/sbtoonz, authored by KeePassXC https://github.com/keepassxreboot/keepassxc/blob/dab7047113c4ad4ffead944d5c4ebfb648c1d0b0/src/core/Bootstrap.cpp#L121
inline bool LockMemAccess()
{
    bool bSuccess = false;
    // Process token and user
    HANDLE hToken = nullptr;
    PTOKEN_USER pTokenUser = nullptr;
    DWORD cbBufferSize = 0;

    // Access control list
    PACL pACL = nullptr;
    DWORD cbACL = 0;

    // Open the access token associated with the calling process
    if (!OpenProcessToken(
        GetCurrentProcess(),
        TOKEN_QUERY,
        &hToken
    )) {
        goto Cleanup;
    }

    // Retrieve the token information in a TOKEN_USER structure
    GetTokenInformation(
        hToken,
        TokenUser,  // request for a TOKEN_USER structure
        nullptr,
        0,
        &cbBufferSize
    );

    pTokenUser = static_cast<PTOKEN_USER>(malloc(cbBufferSize));
    if (pTokenUser == nullptr) {
        goto Cleanup;
    }

    if (!GetTokenInformation(
        hToken,
        TokenUser,
        pTokenUser,
        cbBufferSize,
        &cbBufferSize
    )) {
        goto Cleanup;
    }

    if (!IsValidSid(pTokenUser->User.Sid)) {
        goto Cleanup;
    }

    // Calculate the amount of memory that must be allocated for the DACL
    cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid);

    // Create and initialize an ACL
    pACL = static_cast<PACL>(malloc(cbACL));
    if (pACL == nullptr) {
        goto Cleanup;
    }

    if (!InitializeAcl(pACL, cbACL, ACL_REVISION)) {
        goto Cleanup;
    }

    // Add allowed access control entries, everything else is denied
    if (!AddAccessAllowedAce(
        pACL,
        ACL_REVISION,
        SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE,    // same as protected process
        pTokenUser->User.Sid                                                    // pointer to the trustee's SID
    )) {
        goto Cleanup;
    }

    // Set discretionary access control list
    bSuccess = ERROR_SUCCESS == SetSecurityInfo(
        GetCurrentProcess(),        // object handle
        SE_KERNEL_OBJECT,           // type of object
        DACL_SECURITY_INFORMATION,  // change only the objects DACL
        nullptr, nullptr,           // do not change owner or group
        pACL,                       // DACL specified
        nullptr                     // do not change SACL
    );

Cleanup:

    if (pACL != nullptr) {
        free(pACL);

    }
    if (pTokenUser != nullptr) {
        free(pTokenUser);

    }
    if (hToken != nullptr) {
        CloseHandle(hToken);

    }
    return bSuccess;
}