Jump to content
Sign in to follow this  
sulfurious

dll noob - advapi32 and winsafer

Recommended Posts

sulfurious

I looked all over for this, found a few samples regarding advapi32, but none for safer.

I don't do many dll calls. I have managed to stumble through a few, both in autoit as well as vb. I understand only basic c, but the syntax really throws me. Can anyone help explain a few things.

There is a function

BOOL WINAPI SaferCreateLevel(
  __in      DWORD dwScopeId,
  __in      DWORD dwLevelId,
  __in      DWORD OpenFlags,
  __out    SAFER_LEVEL_HANDLE *pLevelHandle,
  __reserved  LPVOID lpReserved
);

Where I have used this

$SAFER_LEVELID_NORMALUSER = 0x20000
$SAFER_SCOPEID_USER = 2


$bool = DllCall('Advapi32.dll','int', 'SaferCreateLevel', _
    'dword',$SAFER_SCOPEID_USER, _
    'dword',$SAFER_LEVELID_NORMALUSER, _
    'dword',0, _
    'ptr*',

Now I have 2 questions on this. Is the parameter _reserved omitted from the call?

The *pLevelHandle, I have seen is a type ptr*. An example value would be

SAFER_LEVEL_HANDLE hAuthzLevel = NULL;

So that for the 'ptr*' parameter in the call, would be &hAuthzLevel.

But looking up SAFER_LEVEL_HANDLE in winsafer.h shows this

//
// Opaque datatype for representing handles to Safer objects.
//

DECLARE_HANDLE(SAFER_LEVEL_HANDLE);

What is this exactly? Just a blank variable? An address in memory to put the output of the fucntion to? Is using ptr* correct?

Next is another similar function

BOOL WINAPI SaferComputeTokenFromLevel(
      __in       SAFER_LEVEL_HANDLE LevelHandle,
      __in_opt   HANDLE InAccessToken,
      __out     PHANDLE OutAccessToken,
      __in       DWORD dwFlags,
      __inout_opt  LPVOID lpReserved
    );

Where it might be

$bool = DllCall('advapi32.dll','int','SaferComputeTokenFromLevel', _
    "ptr*",$SAFER_LEVEL_HANDLE, _
        "ptr",hAuthzLevel, _
        "ptr*"&hToken, _
        "dword",0, _
        "null","", _
        )

Again, I don't understand. An example would be

HANDLE hToken = NULL;

But what is the output? The function return a boolean, no? Yet the _out parameter is PHANDLE OutAccessToken. Is this _out placing the PHANDLE somewhere, yet the boolean is still returned for the function to declare if this was achieved?

And in this call, the $SAFER_LEVEL_HANDLE is used again.

I know this might be basic, and I have read over many articles at MSDN and other places. It is confusing though when converting to autoit.

Can anyone explain this? I learn best by struggling through things. But, I need help to understand some of this.

Thank you.

Share this post


Link to post
Share on other sites
evilertoaster

Best attempt-

$SAFER_LEVELID_NORMALUSER = 0x20000
$SAFER_SCOPEID_USER = 2

$pLevelHandle=DllStructCreate("int")
$lpReserved=DllStructCreate("int")
$result=DllCall("Advapi32.dll","int","SaferCreateLevel","dword",$SAFER_LEVELID_NORMALUSER,"dword",$SAFER_SCOPEID_USER,"dword",0,"int*",$pLevelHandle,"int*",$lpReserved)

Share this post


Link to post
Share on other sites
sulfurious

Thank you. I will build off of that. I am thinking now I might as well play with things a little more in c, then I can ask for more specific information.

Share this post


Link to post
Share on other sites
trancexx

Like this for example:

$SAFER_LEVELID_NORMALUSER = 0x20000
$SAFER_SCOPEID_USER = 2
$SAFER_LEVEL_OPEN = 1

;Open handle
$a_iCall = DllCall("advapi32.dll", "int", "SaferCreateLevel", _
        "dword", $SAFER_SCOPEID_USER, _
        "dword", $SAFER_LEVELID_NORMALUSER, _
        "dword", $SAFER_LEVEL_OPEN, _
        "hwnd*", 0, _
        "ptr", 0)

If @error Or Not $a_iCall[0] Then
    ConsoleWrite("Failure opening handle occured!" & @CRLF)
    Exit
EndIf

$hHandle = $a_iCall[4]

ConsoleWrite("SAFER_LEVEL_HANDLE = " & $hHandle & @CRLF)



;Close handle
$a_iCall = DllCall("advapi32.dll", "int", "SaferCloseLevel", _
        "hwnd", $hHandle)

If @error Or Not $a_iCall[0] Then
    ConsoleWrite("Failure closing handle occured!" & @CRLF)
    Exit
EndIf

ConsoleWrite("Handle succesfully closed" & @CRLF)

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.