Updated fltmgr.sys-FltBuildDefaultSecurityDescriptor patchset

patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0001-fltmgr.sys-Implement-FltBuildDefaultSecurityDescript.patch

@@ -1,15 +1,15 @@
-From f9da0ca4c7012918b5c8660ebe8a9ea0c74f05b0 Mon Sep 17 00:00:00 2001
+From 93d33e5934d8d71db35025f5046d8d44ac1182cc Mon Sep 17 00:00:00 2001
 From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
 Date: Sun, 29 Aug 2021 13:26:53 +1000
-Subject: [PATCH] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor
+Subject: [PATCH 1/3] fltmgr.sys: Implement FltBuildDefaultSecurityDescriptor
 
 Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
 ---
  dlls/fltmgr.sys/Makefile.in     |  1 +
  dlls/fltmgr.sys/fltmgr.sys.spec |  4 +-
- dlls/fltmgr.sys/main.c          | 71 +++++++++++++++++++++++++++++++++
+ dlls/fltmgr.sys/main.c          | 75 ++++++++++++++++++++++++++++++++-
  include/ddk/fltkernel.h         |  3 +-
- 4 files changed, 76 insertions(+), 3 deletions(-)
+ 4 files changed, 79 insertions(+), 4 deletions(-)
 
 diff --git a/dlls/fltmgr.sys/Makefile.in b/dlls/fltmgr.sys/Makefile.in
 index ba106a43831..bb1f34b4896 100644
@@ -45,10 +45,18 @@ index 39ce6798178..8943b9f85cf 100644
  @ stub FltGetBottomInstance
  @ stub FltGetContexts
 diff --git a/dlls/fltmgr.sys/main.c b/dlls/fltmgr.sys/main.c
-index e1016a4989c..ea9685b4308 100644
+index e1016a4989c..79f810570da 100644
 --- a/dlls/fltmgr.sys/main.c
 +++ b/dlls/fltmgr.sys/main.c
-@@ -93,3 +93,74 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name)
+@@ -23,7 +23,6 @@
+ #include "ntstatus.h"
+ #define WIN32_NO_STATUS
+ #include "windef.h"
+-#include "winbase.h"
+ #include "winternl.h"
+ #include "ddk/fltkernel.h"
+ 
+@@ -93,3 +92,77 @@ void* WINAPI FltGetRoutineAddress(LPCSTR name)
  
      return func;
  }
@@ -57,28 +65,34 @@ index e1016a4989c..ea9685b4308 100644
 +{
 +    PACL dacl;
 +    NTSTATUS ret = STATUS_INSUFFICIENT_RESOURCES;
-+    ULONG sid_len;
-+    PSID sid;
-+    PSID sid_system;
++    DWORD sid_len;
++    SID *sid;
++    SID *sid_system = NULL;
 +    PSECURITY_DESCRIPTOR sec_desc = NULL;
 +    SID_IDENTIFIER_AUTHORITY auth = { SECURITY_NULL_SID_AUTHORITY };
 +
 +    *descriptor = NULL;
 +
-+    ret = RtlAllocateAndInitializeSid(&auth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_GROUP_RID_ADMINS,
-+                                         0, 0, 0, 0, 0, 0, &sid);
-+    if (ret != STATUS_SUCCESS)
++    sid_len = RtlLengthRequiredSid(2);
++    sid = ExAllocatePool(PagedPool, sid_len);
++    if (!sid)
 +        goto done;
++    RtlInitializeSid(sid, &auth, 2);
++    sid->SubAuthority[1] = DOMAIN_GROUP_RID_ADMINS;
++    sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID;
 +
-+    ret = RtlAllocateAndInitializeSid(&auth, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &sid_system);
-+    if (ret != STATUS_SUCCESS)
++    sid_len = RtlLengthRequiredSid(1);
++    sid_system = ExAllocatePool(PagedPool, sid_len);
++    if (!sid_system)
 +        goto done;
++    RtlInitializeSid(sid_system, &auth, 1);
++    sid_system->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
 +
 +    sid_len = SECURITY_DESCRIPTOR_MIN_LENGTH + sizeof(ACL) +
 +            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid) +
 +            sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(sid_system);
 +
-+    sec_desc = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, sid_len);
++    sec_desc = ExAllocatePool(PagedPool, sid_len);
 +    if (!sec_desc)
 +    {
 +        ret = STATUS_NO_MEMORY;
@@ -107,14 +121,11 @@ index e1016a4989c..ea9685b4308 100644
 +        *descriptor = sec_desc;
 +
 +done:
-+    if (ret != STATUS_SUCCESS && sec_desc != NULL)
-+        RtlFreeHeap(GetProcessHeap(), 0, sec_desc);
++    if (ret != STATUS_SUCCESS)
++        ExFreePool(sec_desc);
 +
-+    if (sid != NULL)
-+        RtlFreeHeap(GetProcessHeap(), 0, sid);
-+
-+    if (sid_system != NULL)
-+        RtlFreeHeap(GetProcessHeap(), 0, sid_system);
++    ExFreePool(sid);
++    ExFreePool(sid_system);
 +
 +    return ret;
 +}
@@ -139,5 +150,5 @@ index 8ebebfa2e81..9ece0990810 100644
  NTSTATUS WINAPI FltRegisterFilter(PDRIVER_OBJECT, const FLT_REGISTRATION *, PFLT_FILTER *);
  NTSTATUS WINAPI FltStartFiltering(PFLT_FILTER);
 -- 
-2.33.0
+2.40.1
 

patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0002-fltmgr.sys-Create-import-library.patch

@@ -1,7 +1,7 @@
-From 36bb7032734a97c5b9d01ef96d595973ea16eb95 Mon Sep 17 00:00:00 2001
+From 9cb5114cbf5af7c360ffb653fc286b8bf9e21db3 Mon Sep 17 00:00:00 2001
 From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
 Date: Mon, 30 Aug 2021 15:15:35 +1000
-Subject: [PATCH] fltmgr.sys: Create import library
+Subject: [PATCH 2/3] fltmgr.sys: Create import library
 
 Signed-off-by: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
 ---
@@ -19,5 +19,5 @@ index bb1f34b4896..5540df35d6a 100644
  IMPORTS = ntoskrnl
  
 -- 
-2.33.0
+2.40.1
 

patches/fltmgr.sys-FltBuildDefaultSecurityDescriptor/0003-ntoskrnl.exe-Add-FltBuildDefaultSecurityDescriptor-t.patch

@@ -1,4 +1,4 @@
-From bc1d0962b58a45949c91367e84e6f71beb9f698b Mon Sep 17 00:00:00 2001
+From 8d12d4dac0cbc7194d11e398b4d3371bef8a1952 Mon Sep 17 00:00:00 2001
 From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
 Date: Mon, 30 Aug 2021 15:16:06 +1000
 Subject: [PATCH] ntoskrnl.exe: Add FltBuildDefaultSecurityDescriptor test
@@ -23,7 +23,7 @@ index ab1db85adbb..9c89e44e70a 100644
  driver2_IMPORTS = winecrt0 ntoskrnl hal
  driver2_EXTRADLLFLAGS = -nodefaultlibs -nostartfiles -Wl,--subsystem,native
 diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c
-index 18f2920759d..569007d435e 100644
+index c8797e8d8e0..168b47941e8 100644
 --- a/dlls/ntoskrnl.exe/tests/driver.c
 +++ b/dlls/ntoskrnl.exe/tests/driver.c
 @@ -32,6 +32,7 @@
@@ -34,7 +34,7 @@ index 18f2920759d..569007d435e 100644
  
  #include "driver.h"
  
-@@ -2374,6 +2375,69 @@ static void test_default_modules(void)
+@@ -2372,6 +2373,69 @@ static void test_default_modules(void)
      ok(dxgmms1, "Failed to find dxgmms1.sys\n");
  }
  
@@ -66,12 +66,12 @@ index 18f2920759d..569007d435e 100644
 +    ok(acl != NULL, "acl is NULL\n");
 +    ok(acl->AceCount == 2, "got %d\n", acl->AceCount);
 +
-+    sid1 = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RtlLengthRequiredSid(2));
++    sid1 = ExAllocatePool(NonPagedPool, RtlLengthRequiredSid(2));
 +    RtlInitializeSid(sid1, &auth, 2);
 +    *RtlSubAuthoritySid(sid1, 0)  = SECURITY_BUILTIN_DOMAIN_RID;
 +    *RtlSubAuthoritySid(sid1, 1) = DOMAIN_GROUP_RID_ADMINS;
 +
-+    sid2 = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RtlLengthRequiredSid(1));
++    sid2 = ExAllocatePool(NonPagedPool, RtlLengthRequiredSid(1));
 +    RtlInitializeSid(sid2, &auth, 1);
 +    *RtlSubAuthoritySid(sid2, 0)  = SECURITY_LOCAL_SYSTEM_RID;
 +
@@ -95,8 +95,8 @@ index 18f2920759d..569007d435e 100644
 +
 +    ok(RtlEqualSid(sid2, (PSID)&ace->SidStart), "SID not equal\n");
 +
-+    RtlFreeHeap(GetProcessHeap(), 0, sid1);
-+    RtlFreeHeap(GetProcessHeap(), 0, sid2);
++    ExFreePool(sid1);
++    ExFreePool(sid2);
 +
 +    FltFreeSecurityDescriptor(sd);
 +}
@@ -104,7 +104,7 @@ index 18f2920759d..569007d435e 100644
  static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack)
  {
      void *buffer = irp->AssociatedIrp.SystemBuffer;
-@@ -2419,6 +2483,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st
+@@ -2417,6 +2481,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st
      test_process_memory(test_input);
      test_permanence();
      test_driver_object_extension();
@@ -113,5 +113,5 @@ index 18f2920759d..569007d435e 100644
      IoMarkIrpPending(irp);
      IoQueueWorkItem(work_item, main_test_task, DelayedWorkQueue, irp);
 -- 
-2.39.2
+2.40.1