def setup_sacl(user_group_sid):
""" Without this setup, the single user server will likely fail with either Error 0x0000142 or
ExitCode -1073741502. This sets up access for the given user to the WinSta (Window Station)
and Desktop objects.
"""
# Set access rights to window station
h_win_sta = win32service.OpenWindowStation(
"winsta0", False, win32con.READ_CONTROL | win32con.WRITE_DAC)
# Get security descriptor by winsta0-handle
sec_desc_win_sta = win32security.GetUserObjectSecurity(
h_win_sta, win32security.OWNER_SECURITY_INFORMATION
| win32security.DACL_SECURITY_INFORMATION
| win32con.GROUP_SECURITY_INFORMATION)
# Get DACL from security descriptor
dacl_win_sta = sec_desc_win_sta.GetSecurityDescriptorDacl()
if dacl_win_sta is None:
# Create DACL if not exisiting
dacl_win_sta = win32security.ACL()
# Add ACEs to DACL for specific user group
dacl_win_sta.AddAccessAllowedAce(win32security.ACL_REVISION_DS,
GENERIC_ACCESS, user_group_sid)
dacl_win_sta.AddAccessAllowedAce(win32security.ACL_REVISION_DS, WINSTA_ALL,
user_group_sid)
# Set modified DACL for winsta0
win32security.SetSecurityInfo(h_win_sta, win32security.SE_WINDOW_OBJECT,
win32security.DACL_SECURITY_INFORMATION,
None, None, dacl_win_sta, None)
# Set access rights to desktop
h_desktop = win32service.OpenDesktop(
"default", 0, False, win32con.READ_CONTROL
| win32con.WRITE_DAC
| win32con.DESKTOP_WRITEOBJECTS
| win32con.DESKTOP_READOBJECTS)
# Get security descriptor by desktop-handle
sec_desc_desktop = win32security.GetUserObjectSecurity(
h_desktop, win32security.OWNER_SECURITY_INFORMATION
| win32security.DACL_SECURITY_INFORMATION
| win32con.GROUP_SECURITY_INFORMATION)
# Get DACL from security descriptor
dacl_desktop = sec_desc_desktop.GetSecurityDescriptorDacl()
if dacl_desktop is None:
#create DACL if not exisiting
dacl_desktop = win32security.ACL()
# Add ACEs to DACL for specific user group
dacl_desktop.AddAccessAllowedAce(win32security.ACL_REVISION_DS,
GENERIC_ACCESS, user_group_sid)
dacl_desktop.AddAccessAllowedAce(win32security.ACL_REVISION_DS,
DESKTOP_ALL, user_group_sid)
# Set modified DACL for desktop
win32security.SetSecurityInfo(h_desktop, win32security.SE_WINDOW_OBJECT,
win32security.DACL_SECURITY_INFORMATION,
None, None, dacl_desktop, None)
def restore_access(path=r"software\winsys"):
hKey = win32api.RegOpenKeyEx(win32con.HKEY_CURRENT_USER, path, 0,
win32con.READ_CONTROL | win32con.WRITE_DAC)
win32security.SetSecurityInfo(
hKey, win32security.SE_REGISTRY_KEY,
win32security.DACL_SECURITY_INFORMATION
| win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None,
None, None)
def _deny_access(fh):
import win32security
import ntsecuritycon as con
user, _, _ = win32security.LookupAccountName("", win32api.GetUserName())
dacl = win32security.ACL()
dacl.AddAccessDeniedAce(win32security.ACL_REVISION, con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE, user)
win32security.SetSecurityInfo(fh, win32security.SE_FILE_OBJECT, win32security.DACL_SECURITY_INFORMATION,
None, None, dacl, None)
def open_debug(self, dwProcessId):
process = OpenProcess(262144, 0, dwProcessId)
info = win32security.GetSecurityInfo(win32api.GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup())
CloseHandle(process)
self.h_process = OpenProcess(2035711, 0, dwProcessId)
if self.h_process:
self.isProcessOpen = True
self.process32 = self.process32_from_id(dwProcessId)
return True
return False
def tearDown (self):
hKey = win32api.RegOpenKeyEx (win32con.HKEY_CURRENT_USER, r"Software\winsys", 0, win32con.READ_CONTROL|win32con.WRITE_DAC)
dacl = win32security.ACL ()
sid, _, _ = win32security.LookupAccountName (None, win32api.GetUserName ())
dacl.AddAccessAllowedAce (win32security.ACL_REVISION_DS, win32con.KEY_ALL_ACCESS, sid)
win32security.SetSecurityInfo (
hKey, win32security.SE_REGISTRY_KEY,
win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION,
None, None, dacl, None
)
remove_key (win32con.HKEY_CURRENT_USER, r"Software\winsys")
def _open(self, dwProcessId, debug=False):
if debug:
process = kernel32.OpenProcess(262144, 0, dwProcessId)
info = win32security.GetSecurityInfo(kernel32.GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(process, 6, win32security.DACL_SECURITY_INFORMATION | win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None, info.GetSecurityDescriptorDacl(), info.GetSecurityDescriptorGroup())
kernel32.CloseHandle(process)
self.h_process = kernel32.OpenProcess(2035711, 0, dwProcessId)
if self.h_process is not None:
self.isProcessOpen = True
self.pid = dwProcessId
return True
return False
def fixRegistryPermissions(handle):
if DEBUG:
return
# Fix permissions so users can't read this key
v = win32security.GetSecurityInfo(handle, win32security.SE_REGISTRY_KEY, win32security.DACL_SECURITY_INFORMATION)
dacl = v.GetSecurityDescriptorDacl()
n = 0
# Remove all normal users access permissions to the registry key
while n < dacl.GetAceCount():
if unicode(dacl.GetAce(n)[2]) == u'PySID:S-1-5-32-545': # Whell known Users SID
dacl.DeleteAce(n)
else:
n += 1
win32security.SetSecurityInfo(handle, win32security.SE_REGISTRY_KEY,
win32security.DACL_SECURITY_INFORMATION | win32security.PROTECTED_DACL_SECURITY_INFORMATION,
None, None, dacl, None)
def _AllowObjectAccess(sid, handle, object_type: int,
access_permissions: int) -> None:
"""Allows access to an object by handle.
Args:
sid: A `PySID` representing the SID to grant access to.
handle: A handle to an object.
object_type: A `SE_OBJECT_TYPE` enum value.
access_permissions: The permissions as a set of biflags using the
`ACCESS_MASK` format.
"""
info = win32security.GetSecurityInfo(
handle, object_type, win32security.DACL_SECURITY_INFORMATION)
dacl = info.GetSecurityDescriptorDacl()
_AddPermissionToDacl(dacl, sid, access_permissions)
win32security.SetSecurityInfo(handle, object_type,
win32security.DACL_SECURITY_INFORMATION,
None, None, dacl, None)
def open(self):
if self.process is None:
raise ProcessException("The selected process does not exist")
"""Debug this proccess 3:)"""
process = OpenProcess(262144, 0, self.process.pid)
info = win32security.GetSecurityInfo(GetCurrentProcess(), 6, 0)
win32security.SetSecurityInfo(
process, 6, win32security.DACL_SECURITY_INFORMATION
| win32security.UNPROTECTED_DACL_SECURITY_INFORMATION, None, None,
info.GetSecurityDescriptorDacl(),
info.GetSecurityDescriptorGroup())
CloseHandle(process)
self.h_process = OpenProcess(PAA, False, self.process.pid)
if self.h_process is None:
raise ProcessException("Cannot open this process. (%08x)",
GetLastError())
return True
if dacl is None:
dacl = win32security.ACL()
sacl = sd.GetSecurityDescriptorSacl()
if sacl is None:
sacl = win32security.ACL()
dacl_ace_cnt = dacl.GetAceCount()
sacl_ace_cnt = sacl.GetAceCount()
dacl.AddAccessAllowedAce(dacl.GetAclRevision(),
win32con.ACCESS_SYSTEM_SECURITY | win32con.WRITE_DAC,
my_sid)
sacl.AddAuditAccessAce(sacl.GetAclRevision(), win32con.GENERIC_ALL, my_sid, 1,
1)
win32security.SetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT, all_info,
pwr_sid, pwr_sid, dacl, sacl)
new_sd = win32security.GetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT,
all_info)
if new_sd.GetSecurityDescriptorDacl().GetAceCount() != dacl_ace_cnt + 1:
print('New dacl doesn' 't contain extra ace ????')
if new_sd.GetSecurityDescriptorSacl().GetAceCount() != sacl_ace_cnt + 1:
print('New Sacl doesn' 't contain extra ace ????')
if win32security.LookupAccountSid(
'', new_sd.GetSecurityDescriptorOwner())[0] != 'Power Users':
print('Owner not successfully set to Power Users !!!!!')
if win32security.LookupAccountSid(
'', new_sd.GetSecurityDescriptorGroup())[0] != 'Power Users':
print('Group not successfully set to Power Users !!!!!')
win32security.SetSecurityInfo(ph, win32security.SE_KERNEL_OBJECT,
