summaryrefslogtreecommitdiff
path: root/semaphore.c
diff options
context:
space:
mode:
Diffstat (limited to 'semaphore.c')
-rw-r--r--semaphore.c161
1 files changed, 161 insertions, 0 deletions
diff --git a/semaphore.c b/semaphore.c
new file mode 100644
index 0000000..fe12258
--- /dev/null
+++ b/semaphore.c
@@ -0,0 +1,161 @@
1/*
2 * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
3 *
4 * Module Name:
5 *
6 * semaphore.c
7 *
8 * Abstract:
9 *
10 * This module implements various semaphore hooking routines.
11 *
12 * Author:
13 *
14 * Eugene Tsyrklevich 09-Mar-2004
15 *
16 * Revision History:
17 *
18 * None.
19 */
20
21
22#include <NTDDK.h>
23#include "semaphore.h"
24#include "policy.h"
25#include "pathproc.h"
26#include "hookproc.h"
27#include "accessmask.h"
28#include "learn.h"
29#include "log.h"
30
31
32#ifdef ALLOC_PRAGMA
33#pragma alloc_text (INIT, InitSemaphoreHooks)
34#endif
35
36
37fpZwCreateSemaphore OriginalNtCreateSemaphore = NULL;
38fpZwOpenSemaphore OriginalNtOpenSemaphore = NULL;
39
40
41
42/*
43 * HookedNtCreateSemaphore()
44 *
45 * Description:
46 * This function mediates the NtCreateSemaphore() system service and checks the
47 * provided semaphore name against the global and current process security policies.
48 *
49 * NOTE: ZwOpenSemaphore opens a semaphore object. [NAR]
50 *
51 * Parameters:
52 * Those of NtCreateSemaphore().
53 *
54 * Returns:
55 * STATUS_ACCESS_DENIED if the call does not pass the security policy check.
56 * Otherwise, NTSTATUS returned by NtCreateSemaphore().
57 */
58
59NTSTATUS
60NTAPI
61HookedNtCreateSemaphore
62(
63 OUT PHANDLE SemaphoreHandle,
64 IN ACCESS_MASK DesiredAccess,
65 IN POBJECT_ATTRIBUTES ObjectAttributes,
66 IN LONG InitialCount,
67 IN LONG MaximumCount
68)
69{
70 PCHAR FunctionName = "HookedNtCreateSemaphore";
71
72
73 HOOK_ROUTINE_START(SEMAPHORE);
74
75
76 ASSERT(OriginalNtCreateSemaphore);
77
78 rc = OriginalNtCreateSemaphore(SemaphoreHandle, DesiredAccess, ObjectAttributes, InitialCount, MaximumCount);
79
80
81 HOOK_ROUTINE_FINISH(SEMAPHORE);
82}
83
84
85
86
87/*
88 * HookedNtOpenSemaphore()
89 *
90 * Description:
91 * This function mediates the NtOpenSemaphore() system service and checks the
92 * provided semaphore name against the global and current process security policies.
93 *
94 * NOTE: ZwOpenSemaphore opens a semaphore object. [NAR]
95 *
96 * Parameters:
97 * Those of NtOpenSemaphore().
98 *
99 * Returns:
100 * STATUS_ACCESS_DENIED if the call does not pass the security policy check.
101 * Otherwise, NTSTATUS returned by NtOpenSemaphore().
102 */
103
104NTSTATUS
105NTAPI
106HookedNtOpenSemaphore
107(
108 OUT PHANDLE SemaphoreHandle,
109 IN ACCESS_MASK DesiredAccess,
110 IN POBJECT_ATTRIBUTES ObjectAttributes
111)
112{
113 PCHAR FunctionName = "HookedNtOpenSemaphore";
114
115
116 HOOK_ROUTINE_START(SEMAPHORE);
117
118
119 ASSERT(OriginalNtOpenSemaphore);
120
121 rc = OriginalNtOpenSemaphore(SemaphoreHandle, DesiredAccess, ObjectAttributes);
122
123
124 HOOK_ROUTINE_FINISH(SEMAPHORE);
125}
126
127
128
129/*
130 * InitSemaphoreHooks()
131 *
132 * Description:
133 * Initializes all the mediated semaphore operation pointers. The "OriginalFunction" pointers
134 * are initialized by InstallSyscallsHooks() that must be called prior to this function.
135 *
136 * NOTE: Called once during driver initialization (DriverEntry()).
137 *
138 * Parameters:
139 * None.
140 *
141 * Returns:
142 * TRUE to indicate success, FALSE if failed.
143 */
144
145BOOLEAN
146InitSemaphoreHooks()
147{
148 if ( (OriginalNtCreateSemaphore = (fpZwCreateSemaphore) ZwCalls[ZW_CREATE_SEMAPHORE_INDEX].OriginalFunction) == NULL)
149 {
150 LOG(LOG_SS_SEMAPHORE, LOG_PRIORITY_DEBUG, ("InstallSemaphoreHooks: OriginalNtCreateSemaphore is NULL\n"));
151 return FALSE;
152 }
153
154 if ( (OriginalNtOpenSemaphore = (fpZwOpenSemaphore) ZwCalls[ZW_OPEN_SEMAPHORE_INDEX].OriginalFunction) == NULL)
155 {
156 LOG(LOG_SS_SEMAPHORE, LOG_PRIORITY_DEBUG, ("InstallSemaphoreHooks: OriginalNtOpenSemaphore is NULL\n"));
157 return FALSE;
158 }
159
160 return TRUE;
161}