PPL

The demo of RtlTestProtectedAccess() and RtlProtectedAccess involved in creation Protected Process.

bool RtlTestProtectedAccessFull(PS_PROTECTION CallerProt, PS_PROTECTION TargetProt)
{
    // Allow access to the non-protected processes - the mimikatz case
    if (TargetProt.Type == 0)
        return true;

    // Restrict access to the Caller with lower protection Type than the Target
    if (CallerProt.Type < TargetProt.Type)
        return false;

    // Check whether the Target Signer value can be accessed from the Caller Signer value
    auto CallerDominateMask = RtlProtectedAccess[CallerProt.Signer].DominateMask;
    auto TargetMask = (1 << TargetProt.Signer);
    if (CallerDominateMask & TargetMask)
    {
        return true;
    }
    return false;
	//return bittest(&RtlProtectedAccess[CallerProt.Signer].DominateMask, TargetProt.Signer);
}

The output is below:

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
output.png		output.png
ppl_dominate_mask.cpp		ppl_dominate_mask.cpp
ppl_dominate_mask.vcxproj		ppl_dominate_mask.vcxproj

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

PPL

About

Releases

Packages

Languages

IgorKorkin/PPL

Folders and files

Latest commit

History

Repository files navigation

PPL

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages