From 498710d4c9fe6f3b432ac7a7acd69b70d6a32bd3 Mon Sep 17 00:00:00 2001
From: Jose Fonseca <jfonseca@vmware.com>
Date: Wed, 15 Jul 2015 16:07:05 +0100
Subject: inject: Only specific security attributes when creating the file
 mapping.

To avoid depending on advapi32.dll from inject.dll.
---
 inject/inject.h     | 22 +++++++---------------
 inject/injectee.cpp |  2 +-
 inject/injector.cpp | 12 +++++++++++-
 3 files changed, 19 insertions(+), 17 deletions(-)

(limited to 'inject')

diff --git a/inject/inject.h b/inject/inject.h
index 3c823d92..7185c83e 100644
--- a/inject/inject.h
+++ b/inject/inject.h
@@ -143,29 +143,21 @@ static HANDLE hFileMapping = NULL;
 
 
 static SharedMem *
-OpenSharedMemory(void) {
+OpenSharedMemory(SECURITY_DESCRIPTOR *lpSecurityDescriptor)
+{
     if (pSharedMem) {
         return pSharedMem;
     }
 
-    // Create a NULL DACL to enable the shared memory being accessed by any
-    // process we attach to.
     SECURITY_ATTRIBUTES sa;
-    SECURITY_DESCRIPTOR sd;
-    LPSECURITY_ATTRIBUTES lpSA;
-    if (InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION) &&
-        SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE))
-    {
-        ZeroMemory(&sa, sizeof sa);
-        sa.nLength = sizeof sa;
-        sa.bInheritHandle = TRUE;
-        sa.lpSecurityDescriptor = &sd;
-        lpSA = &sa;
-    }
+    ZeroMemory(&sa, sizeof sa);
+    sa.nLength = sizeof sa;
+    sa.bInheritHandle = TRUE;
+    sa.lpSecurityDescriptor = lpSecurityDescriptor;
 
     hFileMapping = CreateFileMapping(
         INVALID_HANDLE_VALUE,   // system paging file
-        lpSA,                   // lpAttributes
+        &sa,                    // lpAttributes
         PAGE_READWRITE,         // read/write access
         0,                      // dwMaximumSizeHigh
         sizeof(SharedMem),      // dwMaximumSizeLow
diff --git a/inject/injectee.cpp b/inject/injectee.cpp
index bd91f0ad..60d2b4e0 100644
--- a/inject/injectee.cpp
+++ b/inject/injectee.cpp
@@ -1041,7 +1041,7 @@ DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
                 return FALSE;
             }
         } else {
-            SharedMem *pSharedMem = OpenSharedMemory();
+            SharedMem *pSharedMem = OpenSharedMemory(NULL);
             if (!pSharedMem) {
                 debugPrintf("inject: error: failed to open shared memory\n");
                 return FALSE;
diff --git a/inject/injector.cpp b/inject/injector.cpp
index 43d7dad3..ecdfc1f8 100644
--- a/inject/injector.cpp
+++ b/inject/injector.cpp
@@ -561,7 +561,17 @@ main(int argc, char *argv[])
             return 1;
         }
 
-        SharedMem *pSharedMem = OpenSharedMemory();
+        // Create a NULL DACL to enable the shared memory being accessed by any
+        // process we attach to.
+        SECURITY_DESCRIPTOR sd;
+        SECURITY_DESCRIPTOR *lpSD = NULL;
+        if (InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION) &&
+            SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE))
+        {
+            lpSD = &sd;
+        }
+
+        SharedMem *pSharedMem = OpenSharedMemory(lpSD);
         if (!pSharedMem) {
             debugPrintf("error: failed to open shared memory\n");
             return 1;
-- 
cgit v1.2.3