DEVHIDE
Login Or Sign up

Allow non-admin process to read from admin process

435 Views Asked by At

Let me try to explain my situation as detailed as possible. I have 2 processes, process A and process B. Process A runs as administrator and process B does not. Now I want to allow process B to open process A with PROCESS_VM_READ so it can read from process A using ReadProcessMemory.

So I have tried a few things, I decided to look up the token group and token privileges of process B from process A and then call AdjustTokenGroup and AdjustTokenPrivileges on itself so it copies the privileges and groups from process B. Unfortunately I was unable to do this ERROR_CANT_ENABLE_DENY_ONLY. I also tried to give process B the same groups and privileges of process A, this however resulted in ERROR_NOT_ALL_ASSIGNED. When I just copy the token privileges it is still unable to read.

Here is an example of what I tried (in process A):

BOOL MatchPrivilege( HANDLE hProcess )
{
    HANDLE ProcessToken = NULL;
    HANDLE OurProcessToken = NULL;

    if( OpenProcessToken( hProcess, TOKEN_QUERY, &ProcessToken ) && OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS, &OurProcessToken ) )
    {
        DWORD RequiredSizePrivileges = 0;
        GetTokenInformation( ProcessToken, TokenPrivileges, NULL, 0, &RequiredSizePrivileges );

        DWORD RequiredSizeGroups = 0;
        GetTokenInformation( ProcessToken, TokenGroups, NULL, 0, &RequiredSizeGroups );

        if( RequiredSizePrivileges > 0 && RequiredSizeGroups > 0 )
        {
            VOID* ProcessPrivileges = malloc( RequiredSizePrivileges );
            VOID* ProcessGroups = malloc( RequiredSizeGroups );

            DWORD SizePrivileges = 0;
            DWORD SizeGroups = 0;

            if( GetTokenInformation( ProcessToken, TokenPrivileges, ProcessPrivileges, RequiredSizePrivileges, &SizePrivileges ) 
                && GetTokenInformation( ProcessToken, TokenGroups, ProcessGroups, RequiredSizeGroups, &SizeGroups ) )
            {
                if( AdjustTokenPrivileges( OurProcessToken, FALSE, ( TOKEN_PRIVILEGES* )ProcessPrivileges, SizePrivileges, NULL, NULL ) 
                    && AdjustTokenGroups( OurProcessToken, FALSE, ( TOKEN_GROUPS* )ProcessGroups, SizeGroups, NULL, NULL ) )
                {
                    free( ProcessPrivileges );
                    free( ProcessGroups );
                    return TRUE;
                }
            }

            free( ProcessPrivileges );
            free( ProcessGroups );
        }
    }

    return FALSE;
}

All process B does is call OpenProcess with PROCESS_VM_READ and then calls ReadProcessMemory on a valid address of process A. Any help, suggestions and comments are welcome.

c++ process admin token privileges
Original Q&A
0

There are 0 best solutions below

Related Questions in C++

Related Questions in PROCESS

Related Questions in ADMIN

Related Questions in TOKEN

Related Questions in PRIVILEGES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.