Author Topic: Security  (Read 3055 times)

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Security
« on: January 04, 2021, 08:04:57 PM »
Hello,
Security is a complex subject with windows 10.
There is two ways:
* use a manifest in a rc file adding a trustinfo with a requestedExecutionLevel
* add a SECURITY_DESCRIPTOR in a source file.
 Here is a translated sample from microsoft lightly modified and commented.
« Last Edit: February 09, 2021, 07:05:45 PM by TouEnMasm »
Fa is a musical note to play with CL

LiaoMi

  • Member
  • ****
  • Posts: 922
Re: Security
« Reply #1 on: February 03, 2021, 04:45:16 PM »
Hi TouEnMasm,

the program does not work for me, the code stops at this stage:
RegCreateKeyEx result 0


and in the debugger it is displayed like this
---------------------------
0H  RegCreateKeyEx Failed
---------------------------
The operation completed successfully.


---------------------------
OK   
---------------------------

RegCreateKeyEx result 5

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Security
« Reply #2 on: February 03, 2021, 07:55:01 PM »

This mean that the key must already exist.
The sample had not added an instruction to delet the key at end.
Use regedit to delet HKEY_CURRENT_USER\mykey
Fa is a musical note to play with CL

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Security
« Reply #3 on: February 04, 2021, 02:02:14 AM »
to avoid this problem,a little modify is needed,delet the key created with regedit first.
Quote
main proc c         ;c or not c test uasm or jwasm
   Local error:XMASM
      invoke InitSecurity_Descriptor      
      invoke _getch
      ;----------------------- to RegDeleteKey work, change right KEY_READ to KEY_ALL_ACCESS in EVERYONE
      ;mov explicit_access[sizeof EXPLICIT_ACCESS * 0].grfAccessPermissions,KEY_ALL_ACCESS     ;accès clé registre         
      invoke RegDeleteKey,HKEY_CURRENT_USER,TXT("Mykey")
      .if eax !=  ERROR_SUCCESS
         invoke RetrouveMessageErreur,TXT("RegDeleteKey Failed")
         ;jmp cleanup            
      .endif
      
   mov eax,0
   ret
main endp

If the right to Everyone isn't change,RegDeleteKey failed
« Last Edit: February 04, 2021, 04:22:05 AM by TouEnMasm »
Fa is a musical note to play with CL

jj2007

  • Member
  • *****
  • Posts: 11550
  • Assembler is fun ;-)
    • MasmBasic
Re: Security
« Reply #4 on: February 04, 2021, 02:38:29 AM »
Ups....
Code: [Select]
Tmp_File.asm(2) : Error A2106: Cannot open file: "sdk32.inc" [ENOENT]
Tmp_File.asm(3) : Error A2106: Cannot open file: "stdio.sdk" [ENOENT]
Tmp_File.asm(4) : Error A2106: Cannot open file: "conio.sdk" [ENOENT]
Tmp_File.asm(6) : Error A2106: Cannot open file: "accCtrl.sdk" [ENOENT]
Tmp_File.asm(7) : Error A2106: Cannot open file: "aclapi.sdk" [ENOENT]
Tmp_File.asm(43) : Error A2082: Must be in segment block

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Security
« Reply #5 on: February 04, 2021, 04:17:25 AM »
Eh JJ,
use the translated sdk here http://luce.yves.pagesperso-orange.fr/header.htm
with uasm or Jwasm


Fa is a musical note to play with CL

jj2007

  • Member
  • *****
  • Posts: 11550
  • Assembler is fun ;-)
    • MasmBasic
Re: Security
« Reply #6 on: February 04, 2021, 07:50:10 AM »
Wow, a whopping 83MB! But I get the same errors with C:\sdkrc100\projects\security.asm :sad:

So I tried to edit the PATH, and had to add 3 (three!!) of your SDK folders to make it assemble; only to discover that now the linker complains bitterly: oldnames.lib not found.

And that file isn't present in the whole sdkrc folder. Kind of messy, my friend :sad:

P.S.: I found some in various C:\Program Files folders. Always the same errors... has anybody been able to build a project with Yves' SDK?

Code: [Select]
copied from C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\lib\oldnames.lib

Searching .\OldNames.lib
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vfscanf'.
POLINK: error: Unresolved external symbol '__imp____acrt_iob_func'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_p'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsnprintf_s'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsscanf'.
POLINK: error: Unresolved external symbol '__imp____stdio_common_vsprintf_s'.
POLINK: fatal error: 10 unresolved external(s).


Same with

oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib              80 kB  9.6.16 21:07  9.6.16 21:07  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64        79 kB  9.6.16 21:10  9.6.16 21:10  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\arm          79 kB  9.6.16 21:11  9.6.16 21:11  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store        80 kB  9.6.16 21:07  9.6.16 21:07  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\amd64  79 kB  9.6.16 21:10  9.6.16 21:10  Object File Library   
oldnames.lib  C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\store\arm    79 kB  9.6.16 21:11  9.6.16 21:11  Object File Library   
« Last Edit: February 04, 2021, 10:15:11 AM by jj2007 »

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Security
« Reply #7 on: February 04, 2021, 07:14:15 PM »

****** vsfprintf is part of the msvcrt.lib or ucrt.lib  ,You have an old version of VS and perhaps this one need that you add manually
"includelib msvcrt.lib"
And/or "includelib ucrt.lib"
******** take care also to get the good libraries for X86 or X64
VS 2019 use path in X86 for 32 bits and in X64 for 64 bits.

Your second test use "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\lib\amd64" ,it is 64 bits libraries,not good for 32.

Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink







Fa is a musical note to play with CL


TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Security
« Reply #9 on: February 05, 2021, 01:27:16 AM »
Playing a little with the sample

When adding RegDeleteKey,the function failed with not enough right .
further soluces exist to solve this.For example,force a change of user beginnig an administrator.
For this : detect if the prog is running as admin or not.
If not , run a new instance of the prog as admin and quit
if admin,run the normal proc .
Quote
.data
sModuleFileName db MAX_PATH dup (0)
runas db "runas",0
asAdminMsg db "Running as Administrator!",10,0
.code
manager proc      ;
   Local hconsole:DWORD,hservice:DWORD,retour:DWORD
   mov retour,0
   invoke OpenSCManager,0,0,GENERIC_READ OR  GENERIC_WRITE OR GENERIC_EXECUTE ;need to be admin to work
   mov hservice,eax
   .if eax == 0   ;not admin,do it
      
      ;invoke GetConsoleWindow
      ;mov hconsole, eax
      ;invoke ShowWindow,hconsole,SW_SHOWNORMAL
      invoke GetModuleFileName,NULL,addr sModuleFileName,MAX_PATH
      invoke ShellExecute,NULL,TXT("runas"),addr sModuleFileName,NULL,NULL,SW_SHOWNORMAL
      .if eax <= 32
         invoke RetrouveMessageErreur,addr sModuleFileName
      .endif   
      mov retour,1
   .else
      ; Is Administrator
      invoke CloseServiceHandle,hservice      
      invoke printf,addr asAdminMsg   
   .endif
   mov eax,retour
   ret
manager endp
Fa is a musical note to play with CL

jj2007

  • Member
  • *****
  • Posts: 11550
  • Assembler is fun ;-)
    • MasmBasic
Re: Security
« Reply #10 on: February 05, 2021, 04:05:06 AM »
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

LiaoMi

  • Member
  • ****
  • Posts: 922
Re: Security
« Reply #11 on: February 05, 2021, 11:00:23 AM »
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

Hi jj2007,

the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:



@TouEnMasm
Do you take the old 10.0.10240.0 MS-SDK as a basis for conversion?! Why do you have such a large file ?! What options did you use while assembling the program?

P.S.
I always had difficulties with drivers, it seems to me that something is missing in the SDK for drivers, of course I can copy the necessary structures, but with nested headers, compilation does not work.

jj2007

  • Member
  • *****
  • Posts: 11550
  • Assembler is fun ;-)
    • MasmBasic
Re: Security
« Reply #12 on: February 05, 2021, 12:07:12 PM »
You have an old version of VS

It's not that old, actually :tongue:

Quote
Stay with the paths of your first test and add the includelib (original lib not those of the forum package lib).
You can also try to use LINK instead of polink

Doesn't help. Did anybody else succeed in building something with Yves' SDK?

Hi jj2007,

the SDK from TouEnMasm is my favorite over the years, I've compiled the example with no problem:

Lucky you... it seems that it requires a pretty special setup including that behemoth of M$ C compiler. Too complicated for my taste :cool:

TouEnMasm

  • Member
  • *****
  • Posts: 1805
    • EditMasm
Re: Sécurité
« Reply #13 on: February 05, 2021, 08:44:57 PM »
For those who don't find the official msvcrt functions who are in msvcrt.lib and ucrt.lib ,I can do nothing.
Take care also if you don't use the sdk32.inc that there is need of the inlines functions (printf..) with numerous sub proc in
\sdkrc100\crt_lib\IX86\release\crt10_32.lib
With those three lib in 32 bits,link is happy.

The complete build envirronnement is here.

Quote
EditMasmIni
Pour les variables d'environnements:
-* l'ancienne variable,si elle existe,est remplacé entièrement
-* chaque chemin s'ajoute,le ; est ajouté
Par défaut,le mot suivant EditMasmIni (en début de ligne) est considéré comme une variable
d'environnement,à moins qu'il ne fasse partie de la liste de mots réservés


EditMasmIni RESERVELISTE
;rien pour l'instant , éventuel futur


EditMasmIni PATH
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\bin\Hostx64\x64
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64
H:\uasm64
EditMasmIni PROCESSEUR
IX86

EditMasmIni LIB
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29333\lib\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\um\x86
C:\Program Files (x86)\Windows Kits\10\Lib\10.0.19041.0\ucrt\x86
H:\sdkrc100\crt_lib\IX86\release




EditMasmIni INCLUDE
H:\sdkrc100\shared
H:\sdkrc100\um
H:\sdkrc100\VC
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\shared
C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt


EditMasmIni UASM
/c /coff /nologo /Zp4
EditMasmIni LINK
/NOLOGO  /SUBSYSTEM:WINDOWS

EditMasmIni FindeEditMasmIni



For the version of the sdk,It is difficult to answer because I have added some new files that was not on the original and update some others.
With translation,the translated sdk is easy to update partially without problem.
I have keep the originals .h files but there is no version of sdk in them.

Wich file is so large ?
The sample, exe file with added is 12k.
And if it is the include files you find too big,here the size of the include files in the windows sdk 10.0.19041.0 : 323 Mo









Fa is a musical note to play with CL

TimoVJL

  • Member
  • ****
  • Posts: 723
Re: Security
« Reply #14 on: February 05, 2021, 08:58:30 PM »
But luckily some of us knows what functions are in msvcrt.dll and ucrtbase.dll and can make import libraries for them :thumbsup:
May the source be with you