求助内核导出函数ObCheckObjectAccess 这个函数的定义和结构-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (3)
Ditans 雪币： 357 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 77 粉丝 0 关注私信	Ditans 2 楼 WRK里没有？ REACTOS上也有它接近的伪代码可以参考： BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus ) { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; BOOLEAN SdAllocated; NTSTATUS Status; BOOLEAN Result; ACCESS_MASK GrantedAccess; PPRIVILEGE_SET Privileges = NULL; PAGED_CODE(); /* Get the object header and type / ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object); ObjectType = ObjectHeader->Type; / Get security information / Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated); if (!NT_SUCCESS(Status)) { / Return failure / ReturnedStatus = Status; return FALSE; } else if (!SecurityDescriptor) { /* Otherwise, if we don't actually have an SD, return success / ReturnedStatus = Status; return TRUE; } /* Lock the security context / SeLockSubjectContext(&AccessState->SubjectSecurityContext); / Now do the entire access check / Result = SeAccessCheck(SecurityDescriptor, &AccessState->SubjectSecurityContext, TRUE, AccessState->RemainingDesiredAccess, AccessState->PreviouslyGrantedAccess, &Privileges, &ObjectType->TypeInfo.GenericMapping, AccessMode, &GrantedAccess, ReturnedStatus); if (Privileges) { / We got privileges, append them to the access state and free them / Status = SeAppendPrivileges(AccessState, Privileges); SeFreePrivileges(Privileges); } / Check if access was granted / if (Result) { / Update the access state / AccessState->RemainingDesiredAccess &= ~(GrantedAccess \| MAXIMUM_ALLOWED); AccessState->PreviouslyGrantedAccess \|= GrantedAccess; } / Do audit alarm / SeOpenObjectAuditAlarm(&ObjectType->Name, Object, NULL, SecurityDescriptor, AccessState, FALSE, Result, AccessMode, &AccessState->GenerateOnClose); / We're done, unlock the context and release security */ SeUnlockSubjectContext(&AccessState->SubjectSecurityContext); ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated); return Result; } 2010-12-7 17:33 0
君君寒雪币： 6092 活跃值： (654) 能力值： ( LV4，RANK：45 ) 在线值：发帖 72 回帖 1064 粉丝 0 关注私信	君君寒 3 楼谢谢了虽然没有最终的r0 inline hook这个但是你的资料很有用 REACTOS是哪个网站的？ 2010-12-8 10:53 0
jacksona 雪币： 53 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 70 粉丝 0 关注私信	jacksona 4 楼很有用。不错，加油。 2011-1-17 15:32 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (3)
Ditans 雪币： 357 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 77 粉丝 0 关注私信	Ditans 2 楼 WRK里没有？ REACTOS上也有它接近的伪代码可以参考： BOOLEAN NTAPI ObCheckObjectAccess ( IN PVOID Object, IN OUT PACCESS_STATE AccessState, IN BOOLEAN LockHeld, IN KPROCESSOR_MODE AccessMode, OUT PNTSTATUS ReturnedStatus ) { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; BOOLEAN SdAllocated; NTSTATUS Status; BOOLEAN Result; ACCESS_MASK GrantedAccess; PPRIVILEGE_SET Privileges = NULL; PAGED_CODE(); /* Get the object header and type / ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object); ObjectType = ObjectHeader->Type; / Get security information / Status = ObGetObjectSecurity(Object, &SecurityDescriptor, &SdAllocated); if (!NT_SUCCESS(Status)) { / Return failure / ReturnedStatus = Status; return FALSE; } else if (!SecurityDescriptor) { /* Otherwise, if we don't actually have an SD, return success / ReturnedStatus = Status; return TRUE; } /* Lock the security context / SeLockSubjectContext(&AccessState->SubjectSecurityContext); / Now do the entire access check / Result = SeAccessCheck(SecurityDescriptor, &AccessState->SubjectSecurityContext, TRUE, AccessState->RemainingDesiredAccess, AccessState->PreviouslyGrantedAccess, &Privileges, &ObjectType->TypeInfo.GenericMapping, AccessMode, &GrantedAccess, ReturnedStatus); if (Privileges) { / We got privileges, append them to the access state and free them / Status = SeAppendPrivileges(AccessState, Privileges); SeFreePrivileges(Privileges); } / Check if access was granted / if (Result) { / Update the access state / AccessState->RemainingDesiredAccess &= ~(GrantedAccess \| MAXIMUM_ALLOWED); AccessState->PreviouslyGrantedAccess \|= GrantedAccess; } / Do audit alarm / SeOpenObjectAuditAlarm(&ObjectType->Name, Object, NULL, SecurityDescriptor, AccessState, FALSE, Result, AccessMode, &AccessState->GenerateOnClose); / We're done, unlock the context and release security */ SeUnlockSubjectContext(&AccessState->SubjectSecurityContext); ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated); return Result; } 2010-12-7 17:33 0
君君寒雪币： 6092 活跃值： (654) 能力值： ( LV4，RANK：45 ) 在线值：发帖 72 回帖 1064 粉丝 0 关注私信	君君寒 3 楼谢谢了虽然没有最终的r0 inline hook这个但是你的资料很有用 REACTOS是哪个网站的？ 2010-12-8 10:53 0
jacksona 雪币： 53 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 70 粉丝 0 关注私信	jacksona 4 楼很有用。不错，加油。 2011-1-17 15:32 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

[旧帖] 求助内核导出函数ObCheckObjectAccess 这个函数的定义 和结构 0.00雪花

[旧帖] 求助内核导出函数ObCheckObjectAccess 这个函数的定义和结构 0.00雪花