@@ -90,6 +90,10 @@ BOOLEAN PhInitializeMitigationSignaturePolicy(
90
90
VOID
91
91
);
92
92
93
+ BOOLEAN PhInitializeComPolicy (
94
+ VOID
95
+ );
96
+
93
97
BOOLEAN PhPluginsEnabled = FALSE;
94
98
PPH_STRING PhSettingsFileName = NULL ;
95
99
PH_STARTUP_PARAMETERS PhStartupParameters ;
@@ -123,15 +127,12 @@ INT WINAPI wWinMain(
123
127
return 1 ;
124
128
if (!PhInitializeMitigationPolicy ())
125
129
return 1 ;
126
- // if (!PhInitializeRestartPolicy ())
127
- // return 1;
130
+ if (!PhInitializeComPolicy ())
131
+ return 1 ;
128
132
129
133
PhpProcessStartupParameters ();
130
134
PhpEnablePrivileges ();
131
135
132
- if (!SUCCEEDED (CoInitializeEx (NULL , COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE )))
133
- return 1 ;
134
-
135
136
if (PhStartupParameters .RunAsServiceMode )
136
137
{
137
138
PhExitApplication (PhRunAsServiceStart (PhStartupParameters .RunAsServiceMode ));
@@ -491,9 +492,9 @@ static BOOLEAN NTAPI PhpPreviousInstancesCallback(
491
492
for (ULONG i = 0 ; i < context .WindowList -> Count ; i ++ )
492
493
{
493
494
HWND windowHandle = context .WindowList -> Items [i ];
494
- ULONG_PTR result ;
495
+ ULONG_PTR result = 0 ;
495
496
496
- SendMessageTimeout (windowHandle , WM_PH_ACTIVATE , PhStartupParameters .SelectPid , 0 , SMTO_BLOCK , 5000 , & result );
497
+ SendMessageTimeout (windowHandle , WM_PH_ACTIVATE , PhStartupParameters .SelectPid , 0 , SMTO_ABORTIFHUNG | SMTO_BLOCK , 5000 , & result );
497
498
498
499
if (result == PH_ACTIVATE_REPLY )
499
500
{
@@ -592,40 +593,6 @@ BOOLEAN PhInitializeDirectoryPolicy(
592
593
return TRUE;
593
594
}
594
595
595
- BOOLEAN PhInitializeRestartPolicy (
596
- VOID
597
- )
598
- {
599
- #ifndef DEBUG
600
- PH_STRINGREF commandLineSr ;
601
- PH_STRINGREF fileNameSr ;
602
- PH_STRINGREF argumentsSr ;
603
- PPH_STRING argumentsString = NULL ;
604
-
605
- PhUnicodeStringToStringRef (& NtCurrentPeb ()-> ProcessParameters -> CommandLine , & commandLineSr );
606
-
607
- if (!PhParseCommandLineFuzzy (& commandLineSr , & fileNameSr , & argumentsSr , NULL ))
608
- return FALSE;
609
-
610
- if (argumentsSr .Length )
611
- {
612
- static PH_STRINGREF commandlinePart = PH_STRINGREF_INIT (L"-nomp" );
613
-
614
- if (PhEndsWithStringRef (& argumentsSr , & commandlinePart , FALSE))
615
- PhTrimStringRef (& argumentsSr , & commandlinePart , PH_TRIM_END_ONLY );
616
-
617
- argumentsString = PhCreateString2 (& argumentsSr );
618
- }
619
-
620
- // MSDN: Do not include the file name in the command line.
621
- RegisterApplicationRestart (PhGetString (argumentsString ), 0 );
622
-
623
- if (argumentsString )
624
- PhDereferenceObject (argumentsString );
625
- #endif
626
- return TRUE;
627
- }
628
-
629
596
#ifndef DEBUG
630
597
#include <symprv.h>
631
598
#include <minidumpapiset.h>
@@ -782,7 +749,6 @@ BOOLEAN PhInitializeExceptionPolicy(
782
749
VOID
783
750
)
784
751
{
785
- #if (PHNT_VERSION >= PHNT_WIN7 )
786
752
#ifndef DEBUG
787
753
ULONG errorMode ;
788
754
@@ -794,8 +760,6 @@ BOOLEAN PhInitializeExceptionPolicy(
794
760
795
761
RtlSetUnhandledExceptionFilter (PhpUnhandledExceptionCallback );
796
762
#endif
797
- #endif
798
-
799
763
return TRUE;
800
764
}
801
765
@@ -1010,6 +974,83 @@ BOOLEAN PhInitializeMitigationSignaturePolicy(
1010
974
return TRUE;
1011
975
}
1012
976
977
+ BOOLEAN PhInitializeComPolicy (
978
+ VOID
979
+ )
980
+ {
981
+ #ifdef PH_COM_SVC
982
+ static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY ;
983
+ static SID_IDENTIFIER_AUTHORITY packageAuthority = SECURITY_APP_PACKAGE_AUTHORITY ;
984
+ ULONG securityDescriptorAllocationLength ;
985
+ PSECURITY_DESCRIPTOR securityDescriptor ;
986
+ UCHAR administratorsSidBuffer [FIELD_OFFSET (SID , SubAuthority ) + sizeof (ULONG ) * 2 ];
987
+ UCHAR packagesSidSidBuffer [FIELD_OFFSET (SID , SubAuthority ) + sizeof (ULONG ) * 2 ];
988
+ PSID administratorsSid ;
989
+ PSID packagesSid ;
990
+ PACL dacl ;
991
+
992
+ if (!SUCCEEDED (CoInitializeEx (NULL , COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE )))
993
+ return TRUE; // Continue without COM support. (dmex)
994
+
995
+ administratorsSid = (PSID )administratorsSidBuffer ;
996
+ RtlInitializeSid (administratorsSid , & ntAuthority , 2 );
997
+ * RtlSubAuthoritySid (administratorsSid , 0 ) = SECURITY_BUILTIN_DOMAIN_RID ;
998
+ * RtlSubAuthoritySid (administratorsSid , 1 ) = DOMAIN_ALIAS_RID_ADMINS ;
999
+
1000
+ packagesSid = (PSID )packagesSidSidBuffer ;
1001
+ RtlInitializeSid (packagesSid , & packageAuthority , SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT );
1002
+ * RtlSubAuthoritySid (packagesSid , 0 ) = SECURITY_APP_PACKAGE_BASE_RID ;
1003
+ * RtlSubAuthoritySid (packagesSid , 1 ) = SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE ;
1004
+
1005
+ securityDescriptorAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
1006
+ (ULONG )sizeof (ACL ) +
1007
+ (ULONG )sizeof (ACCESS_ALLOWED_ACE ) +
1008
+ RtlLengthSid (& PhSeAuthenticatedUserSid ) +
1009
+ (ULONG )sizeof (ACCESS_ALLOWED_ACE ) +
1010
+ RtlLengthSid (& packagesSid ) +
1011
+ (ULONG )sizeof (ACCESS_ALLOWED_ACE ) +
1012
+ RtlLengthSid (& PhSeLocalSystemSid ) +
1013
+ (ULONG )sizeof (ACCESS_ALLOWED_ACE ) +
1014
+ RtlLengthSid (& administratorsSid );
1015
+
1016
+ securityDescriptor = PhAllocate (securityDescriptorAllocationLength );
1017
+ dacl = PTR_ADD_OFFSET (securityDescriptor , SECURITY_DESCRIPTOR_MIN_LENGTH );
1018
+ // "O:BAG:BAD:(A;;0x3;;;AU)(A;;0x3;;;AC)(A;;0x3;;;SY)(A;;0x3;;;BA)"
1019
+ RtlCreateSecurityDescriptor (securityDescriptor , SECURITY_DESCRIPTOR_REVISION );
1020
+ RtlCreateAcl (dacl , securityDescriptorAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH , ACL_REVISION );
1021
+ RtlAddAccessAllowedAce (dacl , ACL_REVISION , FILE_READ_DATA | FILE_WRITE_DATA , & PhSeAuthenticatedUserSid );
1022
+ RtlAddAccessAllowedAce (dacl , ACL_REVISION , FILE_READ_DATA | FILE_WRITE_DATA , packagesSid );
1023
+ RtlAddAccessAllowedAce (dacl , ACL_REVISION , FILE_READ_DATA | FILE_WRITE_DATA , & PhSeLocalSystemSid );
1024
+ RtlAddAccessAllowedAce (dacl , ACL_REVISION , FILE_READ_DATA | FILE_WRITE_DATA , administratorsSid );
1025
+ RtlSetDaclSecurityDescriptor (securityDescriptor , TRUE, dacl , FALSE);
1026
+ RtlSetGroupSecurityDescriptor (securityDescriptor , administratorsSid , FALSE);
1027
+ RtlSetOwnerSecurityDescriptor (securityDescriptor , administratorsSid , FALSE);
1028
+
1029
+ if (!SUCCEEDED (CoInitializeSecurity (
1030
+ securityDescriptor ,
1031
+ UINT_MAX ,
1032
+ NULL ,
1033
+ NULL ,
1034
+ RPC_C_AUTHN_LEVEL_PKT_PRIVACY ,
1035
+ RPC_C_IMP_LEVEL_IDENTIFY ,
1036
+ NULL ,
1037
+ EOAC_NONE ,
1038
+ NULL
1039
+ )))
1040
+ {
1041
+ NOTHING ;
1042
+ }
1043
+
1044
+ PhFree (securityDescriptor );
1045
+ return TRUE;
1046
+ #else
1047
+ if (!SUCCEEDED (CoInitializeEx (NULL , COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE )))
1048
+ NOTHING ;
1049
+
1050
+ return TRUE;
1051
+ #endif
1052
+ }
1053
+
1013
1054
NTSTATUS PhpReadSignature (
1014
1055
_In_ PWSTR FileName ,
1015
1056
_Out_ PUCHAR * Signature ,
0 commit comments