Changeset 104930 in vbox for trunk/src/VBox/Runtime

Timestamp:

Jun 14, 2024 9:20:58 PM (11 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

163532

Message:

IPRT/process-win.cpp: Resolve GetUserObjectSecurity and SetUserObjectSecurity dynamically to avoid trigger AV heuristics.

File:

• trunk/src/VBox/Runtime/r3/win/process-win.cpp (modified) (10 diffs)

trunk/src/VBox/Runtime/r3/win/process-win.cpp

@@ -152 +152 @@
 /* user32.dll: */
 static decltype(OpenWindowStationW)    *g_pfnOpenWindowStationW         = NULL;
-static decltype(CloseWindowStation)    *g_pfnCloseWindowStation        = NULL;
+static decltype(CloseWindowStation)    *g_pfnCloseWindowStation         = NULL;
+/* user32.dll: (for reasons of bad AV heuristics) */
+static decltype(GetUserObjectSecurity) *g_pfnGetUserObjectSecurity     = NULL;
+static decltype(SetUserObjectSecurity) *g_pfnSetUserObjectSecurity     = NULL;
 /* userenv.dll: */
 static PFNCREATEENVIRONMENTBLOCK        g_pfnCreateEnvironmentBlock     = NULL;
@@ -377 +380 @@
         rc = RTLdrGetSymbol(hMod, "CloseWindowStation", (void **)&g_pfnCloseWindowStation);
         if (RT_FAILURE(rc)) { g_pfnCloseWindowStation = NULL; Assert(g_enmWinVer <= kRTWinOSType_NT310); }
+
+        /* These are only imported to workaround bad AV detection heuristics. */
+        rc = RTLdrGetSymbol(hMod, "GetUserObjectSecurity", (void **)&g_pfnGetUserObjectSecurity);
+        AssertRC(rc);
+
+        rc = RTLdrGetSymbol(hMod, "SetUserObjectSecurity", (void **)&g_pfnSetUserObjectSecurity);
+        AssertRC(rc);
 
         RTLdrClose(hMod);
@@ -995 +1005 @@
     DWORD                cbNeeded;
     AssertReturn(pSecDesc, false);
-    if (!GetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
+    AssertReturn(g_pfnGetUserObjectSecurity, false);
+    if (!g_pfnGetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
     {
         RTMemTmpFree(pSecDesc);
@@ -1002 +1013 @@
         pSecDesc  = (PSECURITY_DESCRIPTOR)RTMemTmpAlloc(cbSecDesc);
         AssertReturn(pSecDesc, false);
-        if (!GetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
+        if (!g_pfnGetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
         {
             RTMemTmpFree(pSecDesc);
@@ -1148 +1159 @@
     DWORD                cbNeeded;
     AssertReturn(pSecDesc, NULL);
-    if (!GetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
+    AssertReturn(g_pfnGetUserObjectSecurity, NULL);
+    if (!g_pfnGetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
     {
         RTMemTmpFree(pSecDesc);
@@ -1155 +1167 @@
         pSecDesc  = (PSECURITY_DESCRIPTOR)RTMemTmpAlloc(cbSecDesc);
         AssertReturn(pSecDesc, NULL);
-        if (!GetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
+        if (!g_pfnGetUserObjectSecurity(hUserObj, &SecInfo, pSecDesc, cbSecDesc, &cbNeeded))
         {
             RTMemTmpFree(pSecDesc);
@@ -1268 +1280 @@
 {
     bool fRet = false;
+    AssertReturn(g_pfnSetUserObjectSecurity, fRet);
 
     /*
@@ -1306 +1319 @@
                     {
                         SECURITY_INFORMATION SecInfo = DACL_SECURITY_INFORMATION;
-                        if (SetUserObjectSecurity(hWinStation, &SecInfo, pNewSecDesc))
+                        if (g_pfnSetUserObjectSecurity(hWinStation, &SecInfo, pNewSecDesc))
                             fRet = true;
                         else
@@ -1340 +1353 @@
 {
     bool fRet = false;
+    AssertReturn(g_pfnSetUserObjectSecurity, fRet);
 
     /*
@@ -1376 +1390 @@
                     {
                         SECURITY_INFORMATION SecInfo = DACL_SECURITY_INFORMATION;
-                        if (SetUserObjectSecurity(hDesktop, &SecInfo, pNewSecDesc))
+                        if (g_pfnSetUserObjectSecurity(hDesktop, &SecInfo, pNewSecDesc))
                             fRet = true;
                         else