From 803c2e5ffee394e01cfacf7ae0df90c63a25fbd8 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Mon, 1 Jul 2019 18:54:49 +0000 Subject: [PATCH 1/5] The result from GetNamedSecurityInfo is not supposed to be freed --- ContainerCreate.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ContainerCreate.cpp b/ContainerCreate.cpp index e3f6a12..a4e82d7 100644 --- a/ContainerCreate.cpp +++ b/ContainerCreate.cpp @@ -243,11 +243,8 @@ BOOL GrantNamedObjectAccess(PSID appcontainer_sid, CHAR *object_name, SE_OBJECT_ } while (FALSE); - if(original_acl) - LocalFree(original_acl); - if(new_acl) LocalFree(new_acl); return success; -} \ No newline at end of file +} From bf1a158dd17a5653070f703f27246811ffe79247 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Mon, 1 Jul 2019 18:55:31 +0000 Subject: [PATCH 2/5] szExeFile is a char string, not a widechar string --- ContainerTest.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ContainerTest.cpp b/ContainerTest.cpp index 68bbfa2..80c015d 100644 --- a/ContainerTest.cpp +++ b/ContainerTest.cpp @@ -88,7 +88,7 @@ void ProcessListTest() { do { - printf("Found process: %ws\n", process_entry.szExeFile); + printf("Found process: %s\n", process_entry.szExeFile); } while (Process32Next(snapshot, &process_entry)); } CloseHandle(snapshot); @@ -183,4 +183,4 @@ void CreateFileTest(CHAR *file_path) printf("Opening of file %s failed but was not blocked\n", file_path); } } -} \ No newline at end of file +} From 86ccd84e9add3949e0c6c63c7fa4aa598210c6bb Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Sun, 6 Oct 2019 23:14:36 -0500 Subject: [PATCH 3/5] Update a type to please the compiler --- ContainerTest.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ContainerTest.cpp b/ContainerTest.cpp index 80c015d..9ae0005 100644 --- a/ContainerTest.cpp +++ b/ContainerTest.cpp @@ -76,7 +76,7 @@ void FilesystemTest() void ProcessListTest() { printf("[+] Running process list testing...\n"); - tagPROCESSENTRY32W process_entry; + PROCESSENTRY32W process_entry; HANDLE snapshot; process_entry.dwSize = sizeof(process_entry); @@ -84,12 +84,12 @@ void ProcessListTest() snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if(snapshot) { - if(Process32First(snapshot, &process_entry)) + if(Process32First(snapshot, (LPPROCESSENTRY32)&process_entry)) { do { printf("Found process: %s\n", process_entry.szExeFile); - } while (Process32Next(snapshot, &process_entry)); + } while (Process32Next(snapshot, (LPPROCESSENTRY32)&process_entry)); } CloseHandle(snapshot); }else{ From 0da923b639d4f2fdd1a7bc155c121e5ebd28d047 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Sun, 6 Oct 2019 23:20:50 -0500 Subject: [PATCH 4/5] Add an LPAC attribute call --- ContainerCreate.cpp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ContainerCreate.cpp b/ContainerCreate.cpp index a4e82d7..5252f1a 100644 --- a/ContainerCreate.cpp +++ b/ContainerCreate.cpp @@ -98,7 +98,17 @@ BOOL RunExecutableInContainer(CHAR *executable_path) break; } - if(!CreateProcessA(executable_path, NULL, NULL, NULL, FALSE, EXTENDED_STARTUPINFO_PRESENT, NULL, NULL, +#define PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \ + ProcThreadAttributeValue (15, FALSE, TRUE, FALSE) + + DWORD all_applications_package_policy = 0x01; + if (!UpdateProcThreadAttribute(startup_info.lpAttributeList, 0, PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY, &all_applications_package_policy, + sizeof(all_applications_package_policy), NULL, NULL)) { + printf("UpdateProcThreadAttribute() (2) failed, last error: %d", GetLastError()); + break; + } + + if(!CreateProcessA(executable_path, NULL, NULL, NULL, FALSE, EXTENDED_STARTUPINFO_PRESENT, NULL, NULL, (LPSTARTUPINFOA)&startup_info, &process_info)) { printf("Failed to create process %s, last error: %d\n", executable_path, GetLastError()); From 906cbd34246520e80a2acfce053a7273b201b4b3 Mon Sep 17 00:00:00 2001 From: Tom Ritter Date: Fri, 22 Nov 2019 15:56:38 -0600 Subject: [PATCH 5/5] Fix the lpac call --- ContainerCreate.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ContainerCreate.cpp b/ContainerCreate.cpp index 5252f1a..71e99df 100644 --- a/ContainerCreate.cpp +++ b/ContainerCreate.cpp @@ -82,10 +82,10 @@ BOOL RunExecutableInContainer(CHAR *executable_path) break; } - InitializeProcThreadAttributeList(NULL, 1, NULL, &attribute_size); + InitializeProcThreadAttributeList(NULL, 2, NULL, &attribute_size); startup_info.lpAttributeList = (LPPROC_THREAD_ATTRIBUTE_LIST)malloc(attribute_size); - if(!InitializeProcThreadAttributeList(startup_info.lpAttributeList, 1, NULL, &attribute_size)) + if(!InitializeProcThreadAttributeList(startup_info.lpAttributeList, 2, NULL, &attribute_size)) { printf("InitializeProcThreadAttributeList() failed, last error: %d", GetLastError()); break; @@ -99,7 +99,7 @@ BOOL RunExecutableInContainer(CHAR *executable_path) } #define PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY \ - ProcThreadAttributeValue (15, FALSE, TRUE, FALSE) + ProcThreadAttributeValue (ProcThreadAttributeAllApplicationPackagesPolicy, FALSE, TRUE, FALSE) DWORD all_applications_package_policy = 0x01; if (!UpdateProcThreadAttribute(startup_info.lpAttributeList, 0, PROC_THREAD_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY, &all_applications_package_policy,