The MASM Forum

Members Gallery => Showcase => Topic started by: TouEnMasm on January 04, 2021, 08:04:57 PM

Title: Security
Post by: TouEnMasm on January 04, 2021, 08:04:57 PM
Hello,
Security is a complex subject with windows 10.
There is two ways:
* use a manifest in a rc file adding a trustinfo with a requestedExecutionLevel
* add a SECURITY_DESCRIPTOR in a source file.
 Here is a translated sample from microsoft lightly modified and commented.
Title: Re: Security
Post by: LiaoMi on February 03, 2021, 04:45:16 PM
Hi TouEnMasm,

the program does not work for me, the code stops at this stage:
RegCreateKeyEx result 0


and in the debugger it is displayed like this
---------------------------
0H  RegCreateKeyEx Failed
---------------------------
The operation completed successfully.


---------------------------
OK   
---------------------------

RegCreateKeyEx result 5
Title: Re: Security
Post by: TouEnMasm on February 03, 2021, 07:55:01 PM

This mean that the key must already exist.
The sample had not added an instruction to delet the key at end.
Use regedit to delet HKEY_CURRENT_USER\mykey
Title: Re: Security
Post by: TouEnMasm on February 04, 2021, 02:02:14 AM
to avoid this problem,a little modify is needed,delet the key created with regedit first.
Quote
main proc c         ;c or not c test uasm or jwasm
   Local error:XMASM
      invoke InitSecurity_Descriptor      
      invoke _getch
      ;----------------------- to RegDeleteKey work, change right KEY_READ to KEY_ALL_ACCESS in EVERYONE
      ;mov explicit_access[sizeof EXPLICIT_ACCESS * 0].grfAccessPermissions,KEY_ALL_ACCESS     ;accès clé registre         
      invoke RegDeleteKey,HKEY_CURRENT_USER,TXT("Mykey")
      .if eax !=  ERROR_SUCCESS
         invoke RetrouveMessageErreur,TXT("RegDeleteKey Failed")
         ;jmp cleanup            
      .endif
      
   mov eax,0
   ret
main endp

If the right to Everyone isn't change,RegDeleteKey failed
Title: Re: Security
Post by: jj2007 on February 04, 2021, 02:38:29 AM
Ups....
Code: [Select]
Tmp_File.asm(2) : Error A2106: Cannot open file: "sdk32.inc" [ENOENT]
Tmp_File.asm(3) : Error A2106: Cannot open file: "stdio.sdk" [ENOENT]
Tmp_File.asm(4) : Error A2106: Cannot open file: "conio.sdk" [ENOENT]
Tmp_File.asm(6) : Error A2106: Cannot open file: "accCtrl.sdk" [ENOENT]
Tmp_File.asm(7) : Error A2106: Cannot open file: "aclapi.sdk" [ENOENT]
Tmp_File.asm(43) : Error A2082: Must be in segment block
Title: Re: Security
Post by: TouEnMasm on February 04, 2021, 04:17:25 AM
Eh JJ,
use the translated sdk here http://luce.yves.pagesperso-orange.fr/header.htm (http://luce.yves.pagesperso-orange.fr/header.htm)
with uasm or Jwasm


Title: Re: Security
Post by: jj2007 on February 04, 2021, 07:50:10 AM
Wow, a whopping 83MB! But I get the same errors with C:\sdkrc100\projects\security.asm :sad:

So I tried to edit the PATH, and had to add 3 (three!!) of your SDK folders to make it assemble; only to discover that now the linker complains bitterly: oldnames.lib not found.

And that file isn't present in the whole sdkrc folder. Kind of messy, my friend :sad:

P.S.: I found some in various C:\Program Files folders. Always the same errors... has anybody been able to build a project with Yves' SDK?

Code: [Select]
copied from C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\lib\oldnames.lib

Searching .\OldNames.lib
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfscanf'.
POLINK: error: Unresolved external symbol '__imp____acrt_iob_func'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsnprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsscanf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_s'.
POLINK: fatal error: 10 unresolved external(s).


Same with

oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib              80 kB  9.6.16 21:07  9.6.16 21:07  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64        79 kB  9.6.16 21:10  9.6.16 21:10  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\arm          79 kB  9.6.16 21:11  9.6.16 21:11  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store        80 kB  9.6.16 21:07  9.6.16 21:07  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\amd64  79 kB  9.6.16 21:10  9.6.16 21:10  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\arm    79 kB  9.6.16 21:11  9.6.16 21:11  Object File Library   
Title: Re: Security
Post by: TouEnMasm on February 04, 2021, 07:14:15 PM

****** vsfprintf is part of the msvcrt.lib or ucrt.lib  ,You have an old version of VS and perhaps this one need that you add manually
"includelib msvcrt.lib"
And/or "includelib ucrt.lib"
******** take care also to get the good libraries for X86 or X64
VS 2019 use path in X86 for 32 bits and in X64 for 64 bits.

Your second test use "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64" ,it is 64 bits libraries,not good for 32.

Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink







Title: Re: Security
Post by: TimoVJL on February 04, 2021, 08:44:46 PM
ucrt is part of Windows Kit
Windows 10 Universal C Runtime (https://www.microsoft.com/en-us/download/details.aspx?id=48234)

https://docs.microsoft.com/en-us/cpp/windows/universal-crt-deployment?view=msvc-160

https://support.microsoft.com/en-us/topic/update-for-universal-c-runtime-in-windows-c0514201-7fe6-95a3-b0a5-287930f3560c

Title: Re: Security
Post by: TouEnMasm on February 05, 2021, 01:27:16 AM
Playing a little with the sample

When adding RegDeleteKey,the function failed with not enough right .
further soluces exist to solve this.For example,force a change of user beginnig an administrator.
For this : detect if the prog is running as admin or not.
If not , run a new instance of the prog as admin and quit
if admin,run the normal proc .
Quote
.data
sModuleFileName db MAX_PATH dup (0)
runas db "runas",0
asAdminMsg db "Running as Administrator!",10,0
.code
manager proc      ;
   Local hconsole:DWORD,hservice:DWORD,retour:DWORD
   mov retour,0
   invoke OpenSCManager,0,0,GENERIC_READ OR  GENERIC_WRITE OR GENERIC_EXECUTE ;need to be admin to work
   mov hservice,eax
   .if eax == 0   ;not admin,do it
      
      ;invoke GetConsoleWindow
      ;mov hconsole, eax
      ;invoke ShowWindow,hconsole,SW_SHOWNORMAL
      invoke GetModuleFileName,NULL,addr sModuleFileName,MAX_PATH
      invoke ShellExecute,NULL,TXT("runas"),addr sModuleFileName,NULL,NULL,SW_SHOWNORMAL
      .if eax <= 32
         invoke RetrouveMessageErreur,addr sModuleFileName
      .endif   
      mov retour,1
   .else
      ; Is Administrator
      invoke CloseServiceHandle,hservice      
      invoke printf,addr asAdminMsg   
   .endif
   mov eax,retour
   ret
manager endp
Title: Re: Security
Post by: jj2007 on February 05, 2021, 04:05:06 AM
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?
Title: Re: Security
Post by: LiaoMi on February 05, 2021, 11:00:23 AM
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

Hi jj2007,

the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:

(https://i.ibb.co/JcZBfqV/Image-Security.jpg)

@TouEnMasm
Do you take the old 10.0.10240.0 MS-SDK as a basis for conversion?! Why do you have such a large file ?! What options did you use while assembling the program?

P.S.
I always had difficulties with drivers, it seems to me that something is missing in the SDK for drivers, of course I can copy the necessary structures, but with nested headers, compilation does not work.
Title: Re: Security
Post by: jj2007 on February 05, 2021, 12:07:12 PM
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

Hi jj2007,

the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:

Lucky you... it seems that it requires a pretty special setup including that behemoth of M$ C compiler. Too complicated for my taste :cool:
Title: Re: Sécurité
Post by: TouEnMasm on February 05, 2021, 08:44:57 PM
For those who don't find the official msvcrt functions who are in msvcrt.lib and ucrt.lib ,I can do nothing.
Take care also if you don't use the sdk32.inc that there is need of the inlines functions (printf..) with numerous sub proc in
\sdkrc100\crt_lib\IX86\release\crt10_32.lib
With those three lib in 32 bits,link is happy.

The complete build envirronnement is here.

Quote
EditMasmIni
Pour les variables d'environnements:
-* l'ancienne variable,si elle existe,est remplacé entièrement
-* chaque chemin s'ajoute,le ; est ajouté
Par défaut,le mot suivant EditMasmIni (en début de ligne) est considéré comme une variable
d'environnement,à moins qu'il ne fasse partie de la liste de mots réservés


EditMasmIni RESERVELISTE
;rien pour l'instant , éventuel futur


EditMasmIni PATH
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\bin\Hostx64\x64
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64
H:\uasm64
EditMasmIni PROCESSEUR
IX86

EditMasmIni LIB
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\lib\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\um\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\ucrt\x86
H:\sdkrc100\crt_lib\IX86\release




EditMasmIni INCLUDE
H:\sdkrc100\shared
H:\sdkrc100\um
H:\sdkrc100\VC
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt


EditMasmIni UASM
/c /coff /nologo /Zp4
EditMasmIni LINK
/NOLOGO  /SUBSYSTEM:WINDOWS

EditMasmIni FindeEditMasmIni



For the version of the sdk,It is difficult to answer because I have added some new files that was not on the original and update some others.
With translation,the translated sdk is easy to update partially without problem.
I have keep the originals .h files but there is no version of sdk in them.

Wich file is so large ?
The sample, exe file with added is 12k.
And if it is the include files you find too big,here the size of the include files in the windows sdk 10.0.19041.0 : 323 Mo









Title: Re: Security
Post by: TimoVJL on February 05, 2021, 08:58:30 PM
But luckily some of us knows what functions are in msvcrt.dll and ucrtbase.dll and can make import libraries for them :thumbsup:
Title: Re: Security
Post by: TouEnMasm on February 05, 2021, 09:46:37 PM

Last chance for those who have an old version of VS.
inline functions are recents (some years),verify that there is none doing this:
put " includelib  \sdkrc100\crt_lib\IX86\release\crt10_32.lib"  in comment (in the sdk32.inc) ,it is the inlines functions in a library.
add "inludelib msvcrt.lib" if necessary

And if it work,you have a version with no inlines functions.
Title: Re: Security
Post by: LiaoMi on February 05, 2021, 10:14:27 PM
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

Hi jj2007,

the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:

Lucky you... it seems that it requires a pretty special setup including that behemoth of M$ C compiler. Too complicated for my taste :cool:

Hi jj2007,

no, this is not necessary, you just need to prepare the environment, as elsewhere, you need to correct the file with your default inclusions - "include sdk32.inc", I excluded this file and added my own set of options, this is my habit.

It was before>
Code: [Select]
include sdk32.inc
include stdio.sdk
include conio.sdk
;include ntifs.sdk
include accCtrl.sdk
include aclapi.sdk
;SdkDdkVer.sdk
;winnt.sdk
;include H:\sdkrc100\um\dbghelp.sdk NTDDI_WIN10_RS5
;include perso32.inc
;includelib perso32.lib
;includelib libucrt.lib
;includelib libcmt.lib

;includelib libcmt.lib

turned into (Add to the header of the source code (Security.asm))

Code: [Select]
    .686P
    .XMM
    .model flat,stdcall
    option casemap:none

option LITERALS:ON

OPTION FIELDALIGN:16; 1|2|4|8|16|32 - The default value is 1 or the value set by cmdline switch -Zp

        include translate32.inc
        include windows.inc
        include WinUser.inc
        include ShlObj.inc
        include WinBase.inc
        include stdio.inc
        include sysinfoapi.inc
        include timezoneapi.inc

include stdio.inc
include conio.inc
include accCtrl.inc
include aclapi.inc

includelib crt10_32.lib
       
        includelib ntdll.lib
        includelib ntdllp.lib
       
        includelib kernel32.Lib
        includelib User32.Lib
        includelib ntoskrnl.lib
        includelib Advapi32.lib
       
        includelib ucrt.lib

.nolist
.nocref


Next, you need a basic set of lib files, I use from visual studio 2017. After that, define the paths to all this data, I do this through the script (Can be downloaded from the attachment.)

Variables are defined in the Bat script.
Code: [Select]
REM ************* The following lines can be customized:
set UASM=C:\masm64\bin
set MASM=C:\masm64\bin\HostX64\x64
set INCLUDE=C:\masm64\sdkrc100\um;C:\masm64\sdkrc100\shared;C:\masm64\sdkrc100\VC;
set LIB=C:\masm64\VS2017\Lib\10.0.18362.0\um\x86\;C:\masm64\sdkrc100\crt_lib\IX86\release;C:\masm64\VS2017\Lib\10.0.18362.0\km\x86\;C:\masm64\VC2015CompSDK\lib;C:\masm64\VS2017\Lib\10.0.18362.0\ucrt\x86
REM **************************** End of customized lines

And, of course, you need linkers from Microsoft  :thumbsup:

I forgot to say that I renamed all *.sdk to *.inc extensions, and then through notepad++ corrected the internal links to *.inc file extension.

P.S> Attachments don't work
Title: Re: Sécurité
Post by: LiaoMi on February 05, 2021, 10:26:32 PM
For those who don't find the official msvcrt functions who are in msvcrt.lib and ucrt.lib ,I can do nothing.
Take care also if you don't use the sdk32.inc that there is need of the inlines functions (printf..) with numerous sub proc in
\sdkrc100\crt_lib\IX86\release\crt10_32.lib
With those three lib in 32 bits,link is happy.

The complete build envirronnement is here.

Quote
EditMasmIni
Pour les variables d'environnements:
-* l'ancienne variable,si elle existe,est remplacé entièrement
-* chaque chemin s'ajoute,le ; est ajouté
Par défaut,le mot suivant EditMasmIni (en début de ligne) est considéré comme une variable
d'environnement,à moins qu'il ne fasse partie de la liste de mots réservés


EditMasmIni RESERVELISTE
;rien pour l'instant , éventuel futur


EditMasmIni PATH
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\bin\Hostx64\x64
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64
H:\uasm64
EditMasmIni PROCESSEUR
IX86

EditMasmIni LIB
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\lib\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\um\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\ucrt\x86
H:\sdkrc100\crt_lib\IX86\release




EditMasmIni INCLUDE
H:\sdkrc100\shared
H:\sdkrc100\um
H:\sdkrc100\VC
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt


EditMasmIni UASM
/c /coff /nologo /Zp4
EditMasmIni LINK
/NOLOGO  /SUBSYSTEM:WINDOWS

EditMasmIni FindeEditMasmIni



For the version of the sdk,It is difficult to answer because I have added some new files that was not on the original and update some others.
With translation,the translated sdk is easy to update partially without problem.
I have keep the originals .h files but there is no version of sdk in them.

Wich file is so large ?
The sample, exe file with added is 12k.
And if it is the include files you find too big,here the size of the include files in the windows sdk 10.0.19041.0 : 323 Mo

security.exe = 38,0 KB (38 912 bytes)
My security_20210205_004650 = 10,0 KB (10 240 bytes)
Title: Re: Security
Post by: jj2007 on February 06, 2021, 12:07:41 AM
you just need to prepare the environment

The SDK is three times the size of the Masm32 SDK, plus it requires some GB of Visual X? With comments in French?

Way too complicated for my taste, folks. Enjoy what you are doing, but I am not eager to run in circles around Visual Studio to program in Assembly :thumbsup:
Title: Re: Security
Post by: LiaoMi on February 06, 2021, 02:03:30 AM
you just need to prepare the environment

The SDK is three times the size of the Masm32 SDK, plus it requires some GB of Visual X? With comments in French?

Way too complicated for my taste, folks. Enjoy what you are doing, but I am not eager to run in circles around Visual Studio to program in Assembly :thumbsup:

 :tongue: This SDK has support for 64 bit systems and unicode encoding out of the box. You can take the old lib files, but they probably won't cover the modern requirements of Windows 10. And here you can see a huge plus that this SDK has full compatibility with the visual studio. Imagine it's like French flirting with a girl  :biggrin: , don't give up, compile with us  :eusa_boohoo:
Title: Re: Security
Post by: TouEnMasm on February 08, 2021, 08:17:21 PM
I have added a 64 bits version,in the first post, who allow a choice beetween admin or everyone group (console mode).
+ detection "key already exist"
Only the admin allow to delet the key.
Good play with rights and group.Failed for not enough rights are all reported.