Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing access rights leads CreateProcess returns access denied #2

Open
EddieIvan01 opened this issue Sep 5, 2022 · 3 comments
Open

Removing access rights leads CreateProcess returns access denied #2

EddieIvan01 opened this issue Sep 5, 2022 · 3 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@EddieIvan01
Copy link

Running a non-signed program which call CreateProcess returns error

PROCESS_INFORMATION pi = { 0 };
STARTUPINFOW si = { 0 };
WCHAR cmd[] = L"cmd.exe";

if (!CreateProcessW(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi))
	wprintf(L"error %d\n", GetLastError());


// error 5
@Nikj-Fr
Copy link
Contributor

Nikj-Fr commented Sep 11, 2022

Hi @EddieIvan01,

Thank you for the submitted issue.

We are currently working on it.

@Nikj-Fr Nikj-Fr added help wanted Extra attention is needed bug Something isn't working labels Sep 11, 2022
@Nikj-Fr
Copy link
Contributor

Nikj-Fr commented Sep 12, 2022

NT functions used to create processes work as expected (same for Zw)

  • NtCreateProcessEx
  • NtCreateProcess

Unfortunately, as you mentionned earlier, this does not yet work for CreateProcess.
In the Microsoft documentation, we know that by default the handle returned from this function got PROCESS_ALL_ACCESS.

The handle returned by the CreateProcess function has PROCESS_ALL_ACCESS access to the process object"

Maybe, CreateProcess has an undocumented internal verification checking the full rights of the returned handle ?
If someone has a proposal or hint to solve the problem it is welcome.

@je5442804
Copy link

NT functions used to create processes work as expected (same for Zw)

  • NtCreateProcessEx
  • NtCreateProcess

Unfortunately, as you mentionned earlier, this does not yet work for CreateProcess. In the Microsoft documentation, we know that by default the handle returned from this function got PROCESS_ALL_ACCESS.

The handle returned by the CreateProcess function has PROCESS_ALL_ACCESS access to the process object"

Maybe, CreateProcess has an undocumented internal verification checking the full rights of the returned handle ? If someone has a proposal or hint to solve the problem it is welcome.

Just test with my repo CreateProcessInternalW-Full

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EddieIvan01 @je5442804 @Nikj-Fr