system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-09-15 05:09:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

win32u: Create explorer with the thread effective access token.

Browse source 
Chromium creates a suspended sandbox process with a token of limited access. Then it sets a token
with normal access for the main thread of the newly created process. Without this change, explorer
is started with the process token of limited access and fails to create a desktop window.
This commit is contained in:
Zhiyi Zhang 2023-06-20 11:42:52 +08:00 committed by Alexandre Julliard
parent 317d113af7
commit 99e2fad1bf
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
dlls/win32u/winstation.c
View file

@ -446,7 +446,8 @@ HWND get_desktop_window(void)
static const WCHAR system_dir[] = {'C',':','\\','w','i','n','d','o','w','s','\\',
's','y','s','t','e','m','3','2','\\',0};
RTL_USER_PROCESS_PARAMETERS params = { sizeof(params), sizeof(params) };
PS_ATTRIBUTE_LIST ps_attr;
ULONG_PTR buffer[offsetof( PS_ATTRIBUTE_LIST, Attributes[2] ) / sizeof(ULONG_PTR)];
PS_ATTRIBUTE_LIST *ps_attr = (PS_ATTRIBUTE_LIST *)buffer;
PS_CREATE_INFO create_info;
WCHAR desktop[MAX_PATH];
PEB *peb = NtCurrentTeb()->Peb;
@ -479,24 +480,30 @@ HWND get_desktop_window(void)
RtlInitUnicodeString( &params.WindowTitle, appnameW + 4 );
RtlInitUnicodeString( &params.Desktop, desktop );
ps_attr.TotalLength = sizeof(ps_attr);
ps_attr.Attributes[0].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
ps_attr.Attributes[0].Size = sizeof(appnameW) - sizeof(WCHAR);
ps_attr.Attributes[0].ValuePtr = (WCHAR *)appnameW;
ps_attr.Attributes[0].ReturnLength = NULL;
ps_attr->Attributes[0].Attribute = PS_ATTRIBUTE_IMAGE_NAME;
ps_attr->Attributes[0].Size = sizeof(appnameW) - sizeof(WCHAR);
ps_attr->Attributes[0].ValuePtr = (WCHAR *)appnameW;
ps_attr->Attributes[0].ReturnLength = NULL;
ps_attr->Attributes[1].Attribute = PS_ATTRIBUTE_TOKEN;
ps_attr->Attributes[1].Size = sizeof(HANDLE);
ps_attr->Attributes[1].ValuePtr = GetCurrentThreadEffectiveToken();
ps_attr->Attributes[1].ReturnLength = NULL;
ps_attr->TotalLength = offsetof( PS_ATTRIBUTE_LIST, Attributes[2] );
if (NtCurrentTeb64() && !NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR])
{
NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR] = TRUE;
status = NtCreateUserProcess( &process, &thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS,
NULL, NULL, 0, THREAD_CREATE_FLAGS_CREATE_SUSPENDED, &params,
&create_info, &ps_attr );
&create_info, ps_attr );
NtCurrentTeb64()->TlsSlots[WOW64_TLS_FILESYSREDIR] = FALSE;
}
else
status = NtCreateUserProcess( &process, &thread, PROCESS_ALL_ACCESS, THREAD_ALL_ACCESS,
NULL, NULL, 0, THREAD_CREATE_FLAGS_CREATE_SUSPENDED, &params,
&create_info, &ps_attr );
&create_info, ps_attr );
if (!status)
{
NtResumeThread( thread, NULL );