diff --git a/patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch b/patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch index 3eafa10d..291992df 100644 --- a/patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch +++ b/patches/advapi32-Token_Integrity_Level/0010-server-Implement-support-for-creating-processes-usin.patch @@ -1,4 +1,4 @@ -From 51830c6683b199e79cb9e782ee51555054a4da7c Mon Sep 17 00:00:00 2001 +From 35487aacbfe53d2584e83d4f59e119577901d4ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sun, 6 Aug 2017 02:08:05 +0200 Subject: [PATCH] server: Implement support for creating processes using a @@ -6,20 +6,20 @@ Subject: [PATCH] server: Implement support for creating processes using a --- dlls/kernelbase/process.c | 24 +++++++++++++----------- - dlls/ntdll/process.c | 3 ++- + dlls/ntdll/process.c | 1 + server/process.c | 39 +++++++++++++++++++++++++++++++++++---- server/process.h | 2 +- server/protocol.def | 1 + server/request.c | 2 +- server/security.h | 2 ++ server/token.c | 11 +++++++++++ - 8 files changed, 66 insertions(+), 18 deletions(-) + 8 files changed, 65 insertions(+), 17 deletions(-) diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c -index a07dddb1f..99985ab89 100644 +index a3b168543fc..b5c8b47239d 100644 --- a/dlls/kernelbase/process.c +++ b/dlls/kernelbase/process.c -@@ -242,7 +242,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename +@@ -244,7 +244,7 @@ static RTL_USER_PROCESS_PARAMETERS *create_process_params( const WCHAR *filename /*********************************************************************** * create_nt_process */ @@ -28,7 +28,7 @@ index a07dddb1f..99985ab89 100644 BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params, RTL_USER_PROCESS_INFORMATION *info, HANDLE parent ) { -@@ -257,7 +257,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES +@@ -259,7 +259,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES status = RtlCreateUserProcess( &nameW, OBJ_CASE_INSENSITIVE, params, psa ? psa->lpSecurityDescriptor : NULL, tsa ? tsa->lpSecurityDescriptor : NULL, @@ -37,7 +37,7 @@ index a07dddb1f..99985ab89 100644 RtlFreeUnicodeString( &nameW ); } return status; -@@ -267,7 +267,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES +@@ -269,7 +269,7 @@ static NTSTATUS create_nt_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTES /*********************************************************************** * create_vdm_process */ @@ -46,7 +46,7 @@ index a07dddb1f..99985ab89 100644 BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params, RTL_USER_PROCESS_INFORMATION *info ) { -@@ -288,7 +288,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE +@@ -290,7 +290,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE winevdm, params->ImagePathName.Buffer, params->CommandLine.Buffer ); RtlInitUnicodeString( ¶ms->ImagePathName, winevdm ); RtlInitUnicodeString( ¶ms->CommandLine, newcmdline ); @@ -55,7 +55,7 @@ index a07dddb1f..99985ab89 100644 HeapFree( GetProcessHeap(), 0, newcmdline ); return status; } -@@ -297,7 +297,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE +@@ -299,7 +299,7 @@ static NTSTATUS create_vdm_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE /*********************************************************************** * create_cmd_process */ @@ -64,7 +64,7 @@ index a07dddb1f..99985ab89 100644 BOOL inherit, DWORD flags, RTL_USER_PROCESS_PARAMETERS *params, RTL_USER_PROCESS_INFORMATION *info ) { -@@ -316,7 +316,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE +@@ -318,7 +318,7 @@ static NTSTATUS create_cmd_process( SECURITY_ATTRIBUTES *psa, SECURITY_ATTRIBUTE swprintf( newcmdline, len, L"%s /s/c \"%s\"", comspec, params->CommandLine.Buffer ); RtlInitUnicodeString( ¶ms->ImagePathName, comspec ); RtlInitUnicodeString( ¶ms->CommandLine, newcmdline ); @@ -73,7 +73,7 @@ index a07dddb1f..99985ab89 100644 RtlFreeHeap( GetProcessHeap(), 0, newcmdline ); return status; } -@@ -448,7 +448,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR +@@ -450,7 +450,9 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR TRACE( "app %s cmdline %s\n", debugstr_w(app_name), debugstr_w(cmd_line) ); @@ -84,7 +84,7 @@ index a07dddb1f..99985ab89 100644 if (new_token) FIXME( "No support for returning created process token\n" ); if (app_name) -@@ -521,7 +523,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR +@@ -523,7 +525,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR } } @@ -93,7 +93,7 @@ index a07dddb1f..99985ab89 100644 switch (status) { case STATUS_SUCCESS: -@@ -530,7 +532,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR +@@ -532,7 +534,7 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR case STATUS_INVALID_IMAGE_NE_FORMAT: case STATUS_INVALID_IMAGE_PROTECT: TRACE( "starting %s as Win16/DOS binary\n", debugstr_w(app_name) ); @@ -102,7 +102,7 @@ index a07dddb1f..99985ab89 100644 break; case STATUS_INVALID_IMAGE_NOT_MZ: /* check for .com or .bat extension */ -@@ -538,12 +540,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR +@@ -540,12 +542,12 @@ BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessInternalW( HANDLE token, const WCHAR if (!wcsicmp( p, L".com" ) || !wcsicmp( p, L".pif" )) { TRACE( "starting %s as DOS binary\n", debugstr_w(app_name) ); @@ -118,20 +118,11 @@ index a07dddb1f..99985ab89 100644 break; } diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c -index f3d9079f8..2fa553091 100644 +index f7f1b7c68fd..66961530de1 100644 --- a/dlls/ntdll/process.c +++ b/dlls/ntdll/process.c -@@ -1667,7 +1667,7 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, - RTL_USER_PROCESS_PARAMETERS *params, - SECURITY_DESCRIPTOR *process_descr, - SECURITY_DESCRIPTOR *thread_descr, -- HANDLE parent, BOOLEAN inherit, HANDLE debug, HANDLE exception, -+ HANDLE parent, BOOLEAN inherit, HANDLE debug, HANDLE token, - RTL_USER_PROCESS_INFORMATION *info ) - { - NTSTATUS status; -@@ -1735,6 +1735,7 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, - req->access = PROCESS_ALL_ACCESS; +@@ -1712,6 +1712,7 @@ NTSTATUS WINAPI NtCreateUserProcess( HANDLE *process_handle_ptr, HANDLE *thread_ + req->access = process_access; req->cpu = pe_info.cpu; req->info_size = startup_info_size; + req->token = wine_server_obj_handle( token ); @@ -139,10 +130,10 @@ index f3d9079f8..2fa553091 100644 wine_server_add_data( req, startup_info, startup_info_size ); wine_server_add_data( req, params->Environment, env_size ); diff --git a/server/process.c b/server/process.c -index d6f71a774..aa66814d8 100644 +index 52604ec4d61..047916ffd09 100644 --- a/server/process.c +++ b/server/process.c -@@ -491,7 +491,7 @@ static void start_sigkill_timer( struct process *process ) +@@ -499,7 +499,7 @@ static void start_sigkill_timer( struct process *process ) /* create a new process */ /* if the function fails the fd is closed */ struct process *create_process( int fd, struct process *parent, int inherit_all, @@ -151,7 +142,7 @@ index d6f71a774..aa66814d8 100644 { struct process *process; -@@ -568,7 +568,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all, +@@ -576,7 +576,7 @@ struct process *create_process( int fd, struct process *parent, int inherit_all, : alloc_handle_table( process, 0 ); /* Note: for security reasons, starting a new process does not attempt * to use the current impersonation token for the new process */ @@ -160,7 +151,7 @@ index d6f71a774..aa66814d8 100644 process->affinity = parent->affinity; } if (!process->handles || !process->token) goto error; -@@ -1124,6 +1124,7 @@ DECL_HANDLER(new_process) +@@ -1132,6 +1132,7 @@ DECL_HANDLER(new_process) const struct security_descriptor *sd; const struct object_attributes *objattr = get_req_object_attributes( &sd, &name, NULL ); struct process *process = NULL; @@ -168,7 +159,7 @@ index d6f71a774..aa66814d8 100644 struct process *parent; struct thread *parent_thread = current; int socket_fd = thread_get_inflight_fd( current, req->socket_fd ); -@@ -1177,10 +1178,39 @@ DECL_HANDLER(new_process) +@@ -1185,10 +1186,39 @@ DECL_HANDLER(new_process) return; } @@ -208,7 +199,7 @@ index d6f71a774..aa66814d8 100644 release_object( parent ); return; } -@@ -1228,7 +1258,7 @@ DECL_HANDLER(new_process) +@@ -1236,7 +1266,7 @@ DECL_HANDLER(new_process) #undef FIXUP_LEN } @@ -217,7 +208,7 @@ index d6f71a774..aa66814d8 100644 process->startup_info = (struct startup_info *)grab_object( info ); -@@ -1289,6 +1319,7 @@ DECL_HANDLER(new_process) +@@ -1297,6 +1327,7 @@ DECL_HANDLER(new_process) reply->handle = alloc_handle_no_access_check( current->process, process, req->access, objattr->attributes ); done: @@ -225,7 +216,7 @@ index d6f71a774..aa66814d8 100644 if (process) release_object( process ); release_object( parent ); release_object( info ); -@@ -1322,7 +1353,7 @@ DECL_HANDLER(exec_process) +@@ -1330,7 +1361,7 @@ DECL_HANDLER(exec_process) close( socket_fd ); return; } @@ -235,7 +226,7 @@ index d6f71a774..aa66814d8 100644 release_object( process ); } diff --git a/server/process.h b/server/process.h -index dfe5c4e52..61b83abf6 100644 +index dfe5c4e52d8..61b83abf693 100644 --- a/server/process.h +++ b/server/process.h @@ -118,7 +118,7 @@ extern unsigned int alloc_ptid( void *ptr ); @@ -248,10 +239,10 @@ index dfe5c4e52..61b83abf6 100644 extern struct thread *get_process_first_thread( struct process *process ); extern struct process *get_process_from_id( process_id_t id ); diff --git a/server/protocol.def b/server/protocol.def -index 45ab670ea..c763da4ca 100644 +index 901c380b721..8c86967609f 100644 --- a/server/protocol.def +++ b/server/protocol.def -@@ -791,6 +791,7 @@ struct rawinput_device +@@ -801,6 +801,7 @@ struct rawinput_device unsigned int access; /* access rights for process object */ client_cpu_t cpu; /* CPU that the new process will use */ data_size_t info_size; /* size of startup info */ @@ -260,7 +251,7 @@ index 45ab670ea..c763da4ca 100644 VARARG(info,startup_info,info_size); /* startup information */ VARARG(env,unicode_str); /* environment for new process */ diff --git a/server/request.c b/server/request.c -index 200c2697d..f743b720a 100644 +index 4c1f30a5fe7..321bb6cfa81 100644 --- a/server/request.c +++ b/server/request.c @@ -582,7 +582,7 @@ static void master_socket_poll_event( struct fd *fd, int event ) @@ -273,7 +264,7 @@ index 200c2697d..f743b720a 100644 create_thread( -1, process, NULL ); release_object( process ); diff --git a/server/security.h b/server/security.h -index 21e90ccf2..32dfe5f8d 100644 +index 21e90ccf23f..32dfe5f8db9 100644 --- a/server/security.h +++ b/server/security.h @@ -67,6 +67,8 @@ extern const ACL *token_get_default_dacl( struct token *token ); @@ -286,10 +277,10 @@ index 21e90ccf2..32dfe5f8d 100644 static inline const ACE_HEADER *ace_next( const ACE_HEADER *ace ) { diff --git a/server/token.c b/server/token.c -index 181219d21..858ec25d7 100644 +index 1c1d49989b3..2f466aa1b25 100644 --- a/server/token.c +++ b/server/token.c -@@ -845,6 +845,12 @@ int token_assign_label( struct token *token, PSID label ) +@@ -843,6 +843,12 @@ int token_assign_label( struct token *token, PSID label ) return ret; } @@ -302,7 +293,7 @@ index 181219d21..858ec25d7 100644 struct token *token_create_admin( void ) { struct token *token = NULL; -@@ -1271,6 +1277,11 @@ const SID *token_get_primary_group( struct token *token ) +@@ -1269,6 +1275,11 @@ const SID *token_get_primary_group( struct token *token ) return token->primary_group; } @@ -315,5 +306,5 @@ index 181219d21..858ec25d7 100644 { GENERIC_MAPPING mapping; -- -2.24.0 +2.26.2 diff --git a/patches/ntdll-SystemModuleInformation/0003-ntdll-Add-stub-for-NtQuerySystemInformation-SystemMo.patch b/patches/ntdll-SystemModuleInformation/0003-ntdll-Add-stub-for-NtQuerySystemInformation-SystemMo.patch index ce26ca0c..fd52fcfa 100644 --- a/patches/ntdll-SystemModuleInformation/0003-ntdll-Add-stub-for-NtQuerySystemInformation-SystemMo.patch +++ b/patches/ntdll-SystemModuleInformation/0003-ntdll-Add-stub-for-NtQuerySystemInformation-SystemMo.patch @@ -1,4 +1,4 @@ -From dbe17b07a502aa2fc29f9e382adccf8bdc211824 Mon Sep 17 00:00:00 2001 +From 120d2e0cf3f75c087be14f65953980f5605f652e Mon Sep 17 00:00:00 2001 From: Andrew Wesie Date: Fri, 12 Apr 2019 20:06:08 -0500 Subject: [PATCH] ntdll: Add stub for @@ -10,10 +10,10 @@ Subject: [PATCH] ntdll: Add stub for 2 files changed, 30 insertions(+) diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c -index ea740ac81..77b64cac0 100644 +index 3ce1b344dbd..935c6abec7f 100644 --- a/dlls/ntdll/nt.c +++ b/dlls/ntdll/nt.c -@@ -2622,6 +2622,27 @@ NTSTATUS WINAPI NtQuerySystemInformation( +@@ -3008,6 +3008,27 @@ NTSTATUS WINAPI NtQuerySystemInformation( ret = STATUS_SUCCESS; } break; @@ -42,12 +42,12 @@ index ea740ac81..77b64cac0 100644 { struct handle_info *info; diff --git a/include/winternl.h b/include/winternl.h -index 2b3fb947b..613f55701 100644 +index d315d68be8f..d2d1001897d 100644 --- a/include/winternl.h +++ b/include/winternl.h -@@ -2272,6 +2272,15 @@ typedef struct _SYSTEM_MODULE_INFORMATION - SYSTEM_MODULE Modules[1]; /* FIXME: should be Modules[0] */ - } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; +@@ -2478,6 +2478,15 @@ typedef struct _SYSTEM_MODULE_INFORMATION + #define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200 + #define PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN 0x00000400 +typedef struct _SYSTEM_MODULE_INFORMATION_EX +{ @@ -62,5 +62,5 @@ index 2b3fb947b..613f55701 100644 #define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002 #define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004 -- -2.21.0 +2.26.2 diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 99f6e5be..6e7df758 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -52,7 +52,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "bf454cc39428fc5299e5c26d9c0ddc6a9277c7ae" + echo "343043153b44fa46a2081fa8a2c171eac7c8dab6" } # Show version information diff --git a/staging/upstream-commit b/staging/upstream-commit index 16e02ffc..1db6d9f7 100644 --- a/staging/upstream-commit +++ b/staging/upstream-commit @@ -1 +1 @@ -bf454cc39428fc5299e5c26d9c0ddc6a9277c7ae +343043153b44fa46a2081fa8a2c171eac7c8dab6