diff --git a/patches/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch b/patches/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch index f3022ade..a0b94438 100644 --- a/patches/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch +++ b/patches/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch @@ -1,4 +1,4 @@ -From 6439bc264e8d7673ebf783303927bb7a4af54506 Mon Sep 17 00:00:00 2001 +From 20e95575948faec1eca2e88967e985539a512cd5 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Sun, 18 Apr 2021 17:46:44 -0500 Subject: [PATCH] ntdll: Elevate processes if requested in @@ -6,11 +6,11 @@ Subject: [PATCH] ntdll: Elevate processes if requested in Signed-off-by: Zebediah Figura --- - dlls/ntdll/process.c | 69 ++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 64 insertions(+), 5 deletions(-) + dlls/ntdll/process.c | 79 +++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 74 insertions(+), 5 deletions(-) diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c -index 3ed31e22100..86c45d6dfff 100644 +index 160b1f549c9..fd437ea07d4 100644 --- a/dlls/ntdll/process.c +++ b/dlls/ntdll/process.c @@ -39,6 +39,9 @@ @@ -23,23 +23,31 @@ index 3ed31e22100..86c45d6dfff 100644 /****************************************************************************** * RtlGetCurrentPeb [NTDLL.@] * -@@ -49,6 +52,55 @@ PEB * WINAPI RtlGetCurrentPeb(void) +@@ -82,6 +85,63 @@ NTSTATUS WINAPI RtlWow64EnableFsRedirectionEx( ULONG disable, ULONG *old_value ) } -+static BOOL image_needs_elevation( const WCHAR *path ) ++static BOOL image_needs_elevation( const UNICODE_STRING *path ) +{ + ACTIVATION_CONTEXT_RUN_LEVEL_INFORMATION run_level; ++ UNICODE_STRING path0; + BOOL ret = FALSE; + HANDLE handle; + ACTCTXW ctx; + ++ if (RtlDuplicateUnicodeString( 1, path, &path0 )) ++ return FALSE; ++ + ctx.cbSize = sizeof(ctx); + ctx.dwFlags = ACTCTX_FLAG_RESOURCE_NAME_VALID; -+ ctx.lpSource = path; ++ ctx.lpSource = path0.Buffer; + ctx.lpResourceName = (const WCHAR *)CREATEPROCESS_MANIFEST_RESOURCE_ID; + -+ if (RtlCreateActivationContext( &handle, &ctx )) return FALSE; ++ if (RtlCreateActivationContext( &handle, &ctx )) ++ { ++ RtlFreeUnicodeString( &path0 ); ++ return FALSE; ++ } + + if (!RtlQueryInformationActivationContext( 0, handle, NULL, RunlevelInformationInActivationContext, + &run_level, sizeof(run_level), NULL )) @@ -50,7 +58,7 @@ index 3ed31e22100..86c45d6dfff 100644 + ret = TRUE; + } + RtlReleaseActivationContext( handle ); -+ ++ RtlFreeUnicodeString( &path0 ); + return ret; +} + @@ -79,7 +87,7 @@ index 3ed31e22100..86c45d6dfff 100644 /********************************************************************** * RtlWow64GetCurrentMachine (NTDLL.@) */ -@@ -176,8 +228,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, +@@ -294,8 +354,15 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, PS_CREATE_INFO create_info; ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[6] ) / sizeof(ULONG_PTR)]; PS_ATTRIBUTE_LIST *attr = (PS_ATTRIBUTE_LIST *)buffer; @@ -87,13 +95,15 @@ index 3ed31e22100..86c45d6dfff 100644 + NTSTATUS status; UINT pos = 0; -+ if (!token && image_needs_elevation( params->ImagePathName.Buffer )) ++ /* It's not clear whether we should use path or ¶ms->ImagePathName here, ++ * but Roblox Player tries to pass an empty string for the latter. */ ++ if (!token && image_needs_elevation( path )) + token = elevated_token = get_elevated_token(); + RtlNormalizeProcessParams( params ); attr->Attributes[pos].Attribute = PS_ATTRIBUTE_IMAGE_NAME; -@@ -224,11 +281,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, +@@ -342,11 +409,13 @@ NTSTATUS WINAPI RtlCreateUserProcess( UNICODE_STRING *path, ULONG attributes, InitializeObjectAttributes( &process_attr, NULL, 0, NULL, process_descr ); InitializeObjectAttributes( &thread_attr, NULL, 0, NULL, thread_descr ); @@ -113,5 +123,5 @@ index 3ed31e22100..86c45d6dfff 100644 /*********************************************************************** -- -2.30.2 +2.32.0