Skip to content

Commit a5eb05a

Browse files
markgalvan-intelmarkgalvan-intel
committed
Updated security attributes for named shared control pipes and introspection named shared memory.
1 parent 03274cb commit a5eb05a

File tree

3 files changed

+67
-34
lines changed

3 files changed

+67
-34
lines changed

IntelPresentMon/Interprocess/source/Interprocess.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ namespace pmon::ipc
7878
Permissions_()
7979
{
8080
if (!ConvertStringSecurityDescriptorToSecurityDescriptorA(
81-
"D:PNO_ACCESS_CONTROLS:(ML;;NW;;;LW)",
81+
"D:(A;OICI;GA;;;WD)",
8282
SDDL_REVISION_1, &secAttr_.lpSecurityDescriptor, NULL)) {
8383
throw std::runtime_error{ "Failed to create security descriptor for shared memory" };
8484
}

IntelPresentMon/PresentMonService/NamedPipeServer.cpp

Lines changed: 57 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -388,8 +388,22 @@ DWORD NamedPipeServer::Pipe::CreatePipeInstance(LPCTSTR pipe_name, int max_pipes
388388
LOG(INFO) << "Creating control pipe with name: [" << util::str::ToNarrow(pipe_name) << "]" << std::endl;
389389

390390
auto& opt = clio::Options::Get();
391-
if (opt.etwSessionName.AsOptional().has_value()) {
392-
LOG(INFO) << "Using Default Security" << std::endl;
391+
if (opt.controlPipe.AsOptional().has_value()) {
392+
393+
PSECURITY_DESCRIPTOR pSD = NULL;
394+
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(
395+
L"D:(A;OICI;GA;;;WD)", SDDL_REVISION_1,
396+
&pSD, NULL)) {
397+
auto error = GetLastError();
398+
LOG(INFO) << "Failed to create security descriptor: [" <<
399+
util::str::ToNarrow(pipe_name) <<
400+
"] Error: " <<
401+
error << std::endl;
402+
return error;
403+
}
404+
SECURITY_ATTRIBUTES sa = { .nLength = sizeof(sa),
405+
.lpSecurityDescriptor = pSD,
406+
.bInheritHandle = FALSE};
393407
HANDLE tempPipeInstance =
394408
CreateNamedPipe(pipe_name, // pipe name
395409
PIPE_ACCESS_DUPLEX | // read/write access
@@ -401,49 +415,60 @@ DWORD NamedPipeServer::Pipe::CreatePipeInstance(LPCTSTR pipe_name, int max_pipes
401415
MaxBufferSize, // output buffer size
402416
MaxBufferSize, // input buffer size
403417
pipe_timeout, // client time-out
404-
NULL); // default security attributes
418+
&sa); // security attributes
419+
// Free the allocated security descriptor regardless if the
420+
// named pipe was successfully created
421+
LocalFree(sa.lpSecurityDescriptor);
405422
if (tempPipeInstance == INVALID_HANDLE_VALUE) {
406423
auto error = GetLastError();
407424
LOG(INFO) << "Failed to create pipe: [" <<
408425
util::str::ToNarrow(pipe_name) <<
409426
"] Error: " <<
410427
error << std::endl;
411-
return error;
428+
return error;
412429
}
413430
mPipeInstance.reset(tempPipeInstance);
414431
return ERROR_SUCCESS;
415432
}
416433
else {
417-
SECURITY_ATTRIBUTES sa = { sizeof(sa) };
418-
if (ConvertStringSecurityDescriptorToSecurityDescriptorW(
434+
PSECURITY_DESCRIPTOR pSD = NULL;
435+
if (!ConvertStringSecurityDescriptorToSecurityDescriptorW(
419436
L"D:PNO_ACCESS_CONTROLS:(ML;;NW;;;LW)", SDDL_REVISION_1,
420-
&sa.lpSecurityDescriptor, NULL)) {
421-
HANDLE tempPipeInstance =
422-
CreateNamedPipe(pipe_name, // pipe name
423-
PIPE_ACCESS_DUPLEX | // read/write access
424-
FILE_FLAG_OVERLAPPED, // overlapped mode
425-
PIPE_TYPE_MESSAGE | // message-type pipe
426-
PIPE_READMODE_MESSAGE | // message-read mode
427-
PIPE_WAIT, // blocking mode
428-
max_pipes, // number of instances
429-
MaxBufferSize, // output buffer size
430-
MaxBufferSize, // input buffer size
431-
pipe_timeout, // client time-out
432-
&sa); // use specified security attributes
433-
if (tempPipeInstance == INVALID_HANDLE_VALUE) {
434-
auto error = GetLastError();
435-
LOG(INFO) << "Failed to create pipe: [" <<
436-
util::str::ToNarrow(pipe_name) <<
437-
"] Error: " <<
438-
error << std::endl;
439-
return error;
440-
}
441-
mPipeInstance.reset(tempPipeInstance);
442-
LocalFree(sa.lpSecurityDescriptor);
443-
return ERROR_SUCCESS;
437+
&pSD, NULL)) {
438+
auto error = GetLastError();
439+
LOG(INFO) << "Failed to create security descriptor: [" <<
440+
util::str::ToNarrow(pipe_name) <<
441+
"] Error: " <<
442+
error << std::endl;
443+
return error;
444444
}
445-
else {
446-
return GetLastError();
445+
SECURITY_ATTRIBUTES sa = { .nLength = sizeof(sa),
446+
.lpSecurityDescriptor = pSD,
447+
.bInheritHandle = FALSE };
448+
HANDLE tempPipeInstance =
449+
CreateNamedPipe(pipe_name, // pipe name
450+
PIPE_ACCESS_DUPLEX | // read/write access
451+
FILE_FLAG_OVERLAPPED, // overlapped mode
452+
PIPE_TYPE_MESSAGE | // message-type pipe
453+
PIPE_READMODE_MESSAGE | // message-read mode
454+
PIPE_WAIT, // blocking mode
455+
max_pipes, // number of instances
456+
MaxBufferSize, // output buffer size
457+
MaxBufferSize, // input buffer size
458+
pipe_timeout, // client time-out
459+
&sa); // use specified security attributes
460+
// Free the allocated security descriptor regardless if the
461+
// named pipe was successfully created
462+
LocalFree(sa.lpSecurityDescriptor);
463+
if (tempPipeInstance == INVALID_HANDLE_VALUE) {
464+
auto error = GetLastError();
465+
LOG(INFO) << "Failed to create pipe: [" <<
466+
util::str::ToNarrow(pipe_name) <<
467+
"] Error: " <<
468+
error << std::endl;
469+
return error;
447470
}
471+
mPipeInstance.reset(tempPipeInstance);
472+
return ERROR_SUCCESS;
448473
}
449474
}

IntelPresentMon/SampleClient/SampleClient.args.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,15 @@
8484
},
8585
{
8686
"Id": "4d012d46-c606-4e44-91a4-8bfa0865cfbc",
87-
"Command": "--process-name Balatro.exe"
87+
"Command": "--process-name Valley.exe"
88+
},
89+
{
90+
"Id": "90f7b819-b9e5-4f19-a315-186c1affaa5d",
91+
"Command": "--control-pipe \\\\.\\pipe\\igs"
92+
},
93+
{
94+
"Id": "b37ef2ea-3c9c-4929-8f5b-29ba539674e2",
95+
"Command": "--intro-nsm Global\\pm2_bip_shm_igs"
8896
},
8997
{
9098
"Id": "7f6ffa38-2a9a-480c-a811-a10c76820b74",

0 commit comments

Comments
 (0)