[NTOSKRNL] Implement ObIsLUIDDeviceMapsEnabled and call it in NtQueryInformationProcess

2025-04-04 20:50:41 +00:00 · 2019-06-01 14:56:28 +02:00 · 2019-06-01 14:56:28 +02:00 · b16a07fa69
commit b16a07fa69
parent 7898b2eaa3
5 changed files with 21 additions and 7 deletions
--- a/ntoskrnl/include/internal/ob.h
+++ b/ntoskrnl/include/internal/ob.h
@ -429,6 +429,12 @@ ObpCreateDosDevicesDirectory(
    VOID
 );

+ULONG
+NTAPI
+ObIsLUIDDeviceMapsEnabled(
+    VOID
+);
+
 //
 // Security descriptor cache functions
 //
@ -621,6 +627,7 @@ extern ULONG ObpUnsecureGlobalNamesLength;
 extern ULONG ObpObjectSecurityMode;
 extern ULONG ObpProtectionMode;
 extern ULONG ObpLUIDDeviceMapsDisabled;
+extern ULONG ObpLUIDDeviceMapsEnabled;

 //
 // Inlined Functions
--- a/ntoskrnl/ob/devicemap.c
+++ b/ntoskrnl/ob/devicemap.c
@ -13,6 +13,9 @@
 #define NDEBUG
 #include <debug.h>

+ULONG ObpLUIDDeviceMapsDisabled;
+ULONG ObpLUIDDeviceMapsEnabled;
+
 /* PRIVATE FUNCTIONS ******************************************************/

 NTSTATUS
@ -249,6 +252,14 @@ ObQueryDeviceMapInformation(IN PEPROCESS Process,
 }


+ULONG
+NTAPI
+ObIsLUIDDeviceMapsEnabled(VOID)
+{
+    return ObpLUIDDeviceMapsEnabled;
+}
+
+
 #if 0
 NTSTATUS
 NTAPI
--- a/ntoskrnl/ob/obdir.c
+++ b/ntoskrnl/ob/obdir.c
@ -17,7 +17,6 @@
 #define NDEBUG
 #include <debug.h>

-BOOLEAN ObpLUIDDeviceMapsEnabled;
 POBJECT_TYPE ObpDirectoryObjectType = NULL;

 /* PRIVATE FUNCTIONS ******************************************************/
@ -141,7 +140,7 @@ ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory,
    PAGED_CODE();

    /* Check if we should search the shadow directory */
-    if (!ObpLUIDDeviceMapsEnabled) SearchShadow = FALSE;
+    if (ObpLUIDDeviceMapsEnabled == 0) SearchShadow = FALSE;

    /* Fail if we don't have a directory or name */
    if (!(Directory) || !(Name)) goto Quickie;
--- a/ntoskrnl/ob/obname.c
+++ b/ntoskrnl/ob/obname.c
@ -32,9 +32,6 @@ UNICODE_STRING ObpDosDevicesShortName =
 WCHAR ObpUnsecureGlobalNamesBuffer[128] = {0};
 ULONG ObpUnsecureGlobalNamesLength = sizeof(ObpUnsecureGlobalNamesBuffer);

-ULONG ObpLUIDDeviceMapsDisabled;
-ULONG ObpLUIDDeviceMapsEnabled;
-
 /* PRIVATE FUNCTIONS *********************************************************/

 INIT_FUNCTION
--- a/ntoskrnl/ps/query.c
+++ b/ntoskrnl/ps/query.c
@ -911,8 +911,8 @@ NtQueryInformationProcess(IN HANDLE ProcessHandle,
            /* Protect write in SEH */
            _SEH2_TRY
            {
-                /* Return FALSE -- we don't support this */
-                *(PULONG)ProcessInformation = FALSE;
+                /* Query Ob */
+                *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {