Jump to content
Sign in to follow this  
E1M1

Need some C++ to autoit converting help

Recommended Posts

E1M1

I want to convert that C++ to autoit.

#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <AccCtrl.h>
#include <Aclapi.h>

/**
 * Opens a process. Overwrite the DACL of target process
 * as a fallback if the process has dropped rights. Doesn't
 * require the user to be logged in with system or admin
 * rights.
 *
 * @author asp
 * @param wndclass Name of windowclass.
 * @param rights The process access rights you want.
 * @return 0 on failure. Otherwise handle to process.
 */
HANDLE
   openSecureProcess(LPCSTR wndclass,
                     DWORD rights)
   {
      DWORD pid;
      HWND window;
      HANDLE process;
      PACL dacl;
      PSECURITY_DESCRIPTOR secdesc;

      // Find a window which uses the window class.
      window = FindWindow(wndclass, 0);
      if(window == 0)
      {
        return 0;
      }

      // Get the process id of the process which created it.
      GetWindowThreadProcessId(window, &pid);
     
      // Try to open the process with the requested rights.
      process = OpenProcess(rights, 0, pid);
      if(process != 0)
      {
         return process;
      }

      // Get the DACL of this process since we know we have
      // all rights in it. This really can't fail.
      if(GetSecurityInfo(GetCurrentProcess(),
                         SE_KERNEL_OBJECT,
                         DACL_SECURITY_INFORMATION,
                         0,
                         0,
                         &dacl,
                         0,
                         &secdesc) != ERROR_SUCCESS)
      {
         return 0;
      }
     
      // Open it with WRITE_DAC access so that we can write to the DACL.
      process = OpenProcess(WRITE_DAC, 0, pid);
      if(process == 0)
      {
         LocalFree(secdesc);
         return 0;
      }
     
      if(SetSecurityInfo(process,
                         SE_KERNEL_OBJECT,
                         DACL_SECURITY_INFORMATION |
                         UNPROTECTED_DACL_SECURITY_INFORMATION,
                         0,
                         0,
                         dacl,
                         0) != ERROR_SUCCESS)
      {
         LocalFree(secdesc);
         return 0;
      }
         
      // The DACL is overwritten with our own DACL. We
      // should be able to open it with the requested
      // privileges now.
      CloseHandle(process);
      LocalFree(secdesc);
      process = OpenProcess(rights, 0, pid);
      if(process == 0)
      {
         return 0;
      }

      return process;
   }

Code I have

Func   openSecureProcess($Class,$Rights)
      Local $pid;
      Local $window;
      Local $process;
      Local $dacl;
      Local $secdesc;

      ;// Find a window which uses the window class.
      $window =  _WinAPI_FindWindow($Class, 0);
      if($window == 0) Then return 0;

      ;// Get the process id of the process which created it.
      _WinAPI_GetWindowThreadProcessId($window, $pid);

      ;// Try to open the process with the requested rights.
      $process = _WinAPI_OpenProcess($rights, 0, $pid);
      if($process <> 0) Then return $process;

      ;// Get the DACL of this process since we know we have
      ;// all rights in it. This really can't fail.
      if(GetSecurityInfo(_WinAPI_GetCurrentProcess(),SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,$dacl,0,$secdesc) <> ERROR_SUCCESS) Then return 0;

      ;// Open it with WRITE_DAC access so that we can write to the DACL.
      $process = _WinAPI_OpenProcess(WRITE_DAC, 0, $pid);
      if($process == 0) Then
         _WinAPI_LocalFree($secdesc);
         return 0;
      EndIf

      if(SetSecurityInfo($process,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION,0,0,$dacl,0) <> ERROR_SUCCESS) Then
         _WinAPI_LocalFree($secdesc);
         return 0;
      EndIf

      ;// The DACL is overwritten with our own DACL. We
      ;// should be able to open it with the requested
      ;// privileges now.
      _WinAPI_CloseHandle($process);
      _WinAPI_LocalFree($secdesc);
      $process = _WinAPI_OpenProcess($rights, 0, $pid);
      if($process == 0) return 0;

      return $process;
EndFunc

Questions:

1)How to convert GetSecurityInfo and SetSecurityInfo to autoit.

2)_WinAPI_OpenProcess(WRITE_DAC, 0, $pid); what's WRITE_DAC? MS says it's 0x00040000L. but what does that L mean at then can I just use 0x00040000?

3) if function argument is &secdesc then do I have to use $secdesc or ByRef $secdesc?

4)how to convert DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION to autoit? MSDN gives values for these variables but what I need to do with | ?

5)What is ERROR_SUCCESS in autoit

Edited by E1M1

edited

Share this post


Link to post
Share on other sites
BrettF

1)How to convert GetSecurityInfo and SetSecurityInfo to autoit.

No idea. But I think DLLCall with Advapi32.dll could work if nothing else does...

2)_WinAPI_OpenProcess(WRITE_DAC, 0, $pid); what's WRITE_DAC? MS says it's 0x00040000L. but what does that L mean at then can I just use 0x00040000?

Google says something about the suffix L/l being a long or something...

3) if function argument is &secdesc then do I have to use $secdesc or ByRef $secdesc?

From what I understand ByRef...

4)how to convert DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION to autoit? MSDN gives values for these variables but what I need to do with | ?

Bitwise OR

Interesting how I came up with all of those answers using google. Also your code is missing pretty much everything to even start to attempting to make it work...

Cheers.

Share this post


Link to post
Share on other sites
E1M1

Here's my new code. How many mistakes can you still find from it?

Did I convert variables right?

Does this code have anything else than GetSecurityInfo and SetSecurityInfo missing?

Func   openSecureProcess($Class,$Rights)
      Local $pid;
      Local $window;
      Local $process;
      Local $dacl;
      Local $secdesc;

$ERROR_SUCCESS = 0x0
$SE_KERNEL_OBJECT = 6
$DACL_SECURITY_INFORMATION = 0x00000004
$UNPROTECTED_DACL_SECURITY_INFORMATION = 0x20000000

      ;// Find a window which uses the window class.
      $window =  _WinAPI_FindWindow($Class, 0);
      if($window == 0) Then return 0;

      ;// Get the process id of the process which created it.
      _WinAPI_GetWindowThreadProcessId($window, $pid);

      ;// Try to open the process with the requested rights.
      $process = _WinAPI_OpenProcess($rights, 0, $pid);
      if($process <> 0) Then return $process;

      ;// Get the DACL of this process since we know we have
      ;// all rights in it. This really can't fail.
      if(GetSecurityInfo(_WinAPI_GetCurrentProcess(),$SE_KERNEL_OBJECT,$DACL_SECURITY_INFORMATION,0,0,$dacl,0,$secdesc) <> $ERROR_SUCCESS) Then return 0;

      ;// Open it with WRITE_DAC access so that we can write to the DACL.
      $process = _WinAPI_OpenProcess(0x00040000, 0, $pid);
      if($process == 0) Then
         _WinAPI_LocalFree($secdesc);
         return 0;
      EndIf

      if(SetSecurityInfo($process,$SE_KERNEL_OBJECT,$DACL_SECURITY_INFORMATION + $UNPROTECTED_DACL_SECURITY_INFORMATION,0,0,$dacl,0) <> $ERROR_SUCCESS) Then
         _WinAPI_LocalFree($secdesc);
         return 0;
      EndIf

      ;// The DACL is overwritten with our own DACL. We
      ;// should be able to open it with the requested
      ;// privileges now.
      _WinAPI_CloseHandle($process);
      _WinAPI_LocalFree($secdesc);
      $process = _WinAPI_OpenProcess($rights, 0, $pid);
      if($process == 0) Then return 0;

      return $process;
EndFunc
Edited by E1M1

edited

Share this post


Link to post
Share on other sites
BrettF
E1M1

How do I complete these 2 funcs?

Func GetSecurityInfo($handle, $ObjectType, $SecurityInfo, $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescriptor)
    DllCall("Advapi32.dll", "long", "GetSecurityInfo", "HANDLE", $handle
EndFunc

Func SetSecurityInfo($handle, $ObjectType, $SecurityInfo, $psidOwner, $psidGroup, $pDacl, $pSacl)
    DllCall("Advapi32.dll", "long", "SetSecurityInfo", "HANDLE",$handle
EndFunc

http://msdn.microsoft.com/en-us/library/aa379588%28VS.85%29.aspx sais that 2nd argument is ObjectType. but when I looked at DllCall I didn't find "ObjectType" from valid types list.

I found Optional output arguments can be NULL but what does NULL mean? just ""?

Does [out, optional] mean that I have to put ByRef before variable?

Sorry for so many stupid questions about DLL, I have never done anything like that before.

Edited by E1M1

edited

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.