mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-14 22:05:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: fortcout: Minor refactor

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2024-10-23 13:13:38 +05:00
parent 523885987d
commit ee4a369257
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/driver/fortcout.c
View File

@ -395,14 +395,21 @@ inline static BOOL fort_callout_ale_check_svchost_sid(const SID *sid)
return FALSE; // not "Service SID"'s prefix
const BYTE *idAuth = &sid->IdentifierAuthority.Value[0];
if (idAuth[5] != 5 || idAuth[4] != 0 || *((PUINT32) &idAuth[0]) != 0)
if (idAuth[5] != 5)
return FALSE; // not "NT Authority"
if (idAuth[4] != 0 || *((PUINT32) &idAuth[0]) != 0)
return FALSE; // not "NT Authority"
return TRUE;
}
inline static BOOL fort_callout_ale_fill_path_sid(PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx)
inline static BOOL fort_callout_ale_fill_path_sid(
PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, BOOL isSvcHost)
{
if (!isSvcHost)
return FALSE;
const PSID_AND_ATTRIBUTES_HASH sidHash = fort_callout_ale_get_sid(ca);
if (sidHash == NULL)
return FALSE;
@ -440,8 +447,7 @@ inline static void fort_callout_ale_fill_path(PCFORT_CALLOUT_ARG ca, PFORT_CALLO
if (fort_pstree_get_proc_name(
&fort_device()->ps_tree, cx->process_id, path, &isSvcHost, &inherited)
// Check Service SID
|| (isSvcHost && fort_callout_ale_fill_path_sid(ca, cx))) {
|| fort_callout_ale_fill_path_sid(ca, cx, isSvcHost)) {
if (!inherited) {
*real_path = *path;