Skip to content

Commit d7b3f38

Browse files
fcharliefcharlie
committed
try fix when lsass not running
1 parent ce9f43d commit d7b3f38

File tree

2 files changed

+12
-4
lines changed

2 files changed

+12
-4
lines changed

CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ endif()
7171
#
7272
set(PRIVEXEC_VERSION_MAJOR 5)
7373
set(PRIVEXEC_VERSION_MINOR 0)
74-
set(PRIVEXEC_VERSION_PATCH 3)
74+
set(PRIVEXEC_VERSION_PATCH 4)
7575
set(PACKAGE_VERSION "${PRIVEXEC_VERSION_MAJOR}.${PRIVEXEC_VERSION_MINOR}.${PRIVEXEC_VERSION_PATCH}")
7676

7777
string(TOLOWER "${CMAKE_C_COMPILER_ARCHITECTURE_ID}" COMPILER_ARCH_ID)

lib/exec/elevator.cc

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,12 @@ bool InitializeAsSystem(bela::error_code &ec) {
9393

9494
// bela::EqualsIgnoreCase
9595
[[maybe_unused]] constexpr std::wstring_view LsassName = L"lsass.exe";
96+
[[maybe_unused]] constexpr std::wstring_view WinLogonName = L"winlogon.exe";
97+
98+
inline auto IsSystemProcessName(std::wstring_view name) {
99+
return bela::EqualsIgnoreCase(name, LsassName) || bela::EqualsIgnoreCase(name, WinLogonName);
100+
}
101+
96102
constexpr DWORD INVALID_PROCESS_ID = 0xFFFFFFFF;
97103
DWORD LookupSystemProcess() {
98104
PWTS_PROCESS_INFOW pi{nullptr};
@@ -107,7 +113,7 @@ DWORD LookupSystemProcess() {
107113
});
108114
auto end = pi + count;
109115
for (auto it = pi; it != end; it++) {
110-
if (it->SessionId == 0 && bela::EqualsIgnoreCase(LsassName, it->pProcessName) &&
116+
if (it->SessionId == 0 && IsSystemProcessName(it->pProcessName) &&
111117
IsWellKnownSid(it->pUserSid, WinLocalSystemSid) == TRUE) {
112118
return it->ProcessId;
113119
}
@@ -212,12 +218,14 @@ bool Elavator::impersonation_system_token(bela::error_code &ec) {
212218
HANDLE hExistingToken = INVALID_HANDLE_VALUE;
213219
auto hProcess = ::OpenProcess(MAXIMUM_ALLOWED, FALSE, systemProcessId);
214220
if (hProcess == INVALID_HANDLE_VALUE) {
215-
ec = bela::make_system_error_code(L"Elavator::impersonation_system_token<OpenProcess> ");
221+
ec = bela::make_system_error_code(
222+
bela::StringCat(L"Elavator::impersonation_system_token<OpenProcess> ", systemProcessId, L" "));
216223
return false;
217224
}
218225
auto hpdeleter = bela::finally([&] { CloseHandle(hProcess); });
219226
if (OpenProcessToken(hProcess, MAXIMUM_ALLOWED, &hExistingToken) != TRUE) {
220-
ec = bela::make_system_error_code(L"Elavator::impersonation_system_token<OpenProcessToken> ");
227+
ec = bela::make_system_error_code(
228+
bela::StringCat(L"Elavator::impersonation_system_token<OpenProcessToken> ", systemProcessId, L" "));
221229
return false;
222230
}
223231
auto htdeleter = bela::finally([&] { CloseHandle(hExistingToken); });

0 commit comments

Comments
 (0)