From 6a1ec9420ec6e94bc6ebc4ababcf33a7bf3bebde Mon Sep 17 00:00:00 2001 From: Quantum Date: Mon, 26 Apr 2021 03:11:23 -0400 Subject: [PATCH] [host] service: compare SIDs directly without string conversion Instead of converting every SID to string with ConvertSidToStringSidA and compare it with the magical SID string for local system with strcmp, we could instead create the local system SID and compare directly with EqualSid. --- host/platform/Windows/src/service.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/host/platform/Windows/src/service.c b/host/platform/Windows/src/service.c index e668a0b3..bf3c6800 100644 --- a/host/platform/Windows/src/service.c +++ b/host/platform/Windows/src/service.c @@ -171,6 +171,16 @@ HANDLE dupeSystemProcessToken(void) EnumProcesses(pids, count * sizeof(DWORD), &returned); returned /= sizeof(DWORD); + char systemSidBuf[SECURITY_MAX_SID_SIZE]; + PSID systemSid = (PSID) systemSidBuf; + DWORD cbSystemSid = sizeof systemSidBuf; + + if (!CreateWellKnownSid(WinLocalSystemSid, NULL, systemSid, &cbSystemSid)) + { + doLog("failed to create local system SID"); + return NULL; + } + for(DWORD i = 0; i < returned; ++i) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pids[i]); @@ -189,13 +199,8 @@ HANDLE dupeSystemProcessToken(void) if (!GetTokenInformation(hToken, TokenUser, user, sizeof(userBuf), &tmp)) goto err_token; - CHAR * sid = NULL; - if (!ConvertSidToStringSidA(user->User.Sid, &sid)) - goto err_token; - - if (strcmp(sid, "S-1-5-18") == 0) + if (EqualSid(user->User.Sid, systemSid)) { - LocalFree(sid); CloseHandle(hProcess); // duplicate the token so we can use it @@ -208,7 +213,6 @@ HANDLE dupeSystemProcessToken(void) return hDupe; } - LocalFree(sid); err_token: CloseHandle(hToken); err_proc: