From 4812f5bbd08f2778d63e1ef8020d68f815db7ce3 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Wed, 11 Oct 2017 16:25:22 -0700 Subject: [PATCH] sys: Create and Rename requests should include the originating process PID --- src/sys/create.c | 8 ++++---- src/sys/fileinfo.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/sys/create.c b/src/sys/create.c index 07f97022..4f92972a 100644 --- a/src/sys/create.c +++ b/src/sys/create.c @@ -545,7 +545,7 @@ NTSTATUS FspFsvolCreatePrepare( SECURITY_CLIENT_CONTEXT SecurityClientContext; HANDLE UserModeAccessToken; PEPROCESS Process; - HANDLE ProcessId; + ULONG OriginatingProcessId; FSP_FILE_NODE *FileNode; FSP_FILE_DESC *FileDesc; PFILE_OBJECT FileObject; @@ -579,15 +579,15 @@ NTSTATUS FspFsvolCreatePrepare( /* get a pointer to the current process so that we can close the impersonation token later */ Process = PsGetCurrentProcess(); ObReferenceObject(Process); - ProcessId = PsGetProcessId(Process); + OriginatingProcessId = IoGetRequestorProcessId(Irp); /* send the user-mode handle to the user-mode file system */ FspIopRequestContext(Request, RequestAccessToken) = UserModeAccessToken; FspIopRequestContext(Request, RequestProcess) = Process; ASSERT((UINT64)(UINT_PTR)UserModeAccessToken <= 0xffffffffULL); - ASSERT((UINT64)(UINT_PTR)ProcessId <= 0xffffffffULL); + ASSERT((UINT64)(UINT_PTR)OriginatingProcessId <= 0xffffffffULL); Request->Req.Create.AccessToken = - ((UINT64)(UINT_PTR)ProcessId << 32) | (UINT64)(UINT_PTR)UserModeAccessToken; + ((UINT64)(UINT_PTR)OriginatingProcessId << 32) | (UINT64)(UINT_PTR)UserModeAccessToken; return STATUS_SUCCESS; } diff --git a/src/sys/fileinfo.c b/src/sys/fileinfo.c index 999e9a17..8b4724ed 100644 --- a/src/sys/fileinfo.c +++ b/src/sys/fileinfo.c @@ -1573,7 +1573,7 @@ NTSTATUS FspFsvolSetInformationPrepare( SECURITY_CLIENT_CONTEXT SecurityClientContext; HANDLE UserModeAccessToken; PEPROCESS Process; - HANDLE ProcessId; + ULONG OriginatingProcessId; SecuritySubjectContext = FspIopRequestContext(Request, RequestSubjectContextOrAccessToken); @@ -1605,15 +1605,15 @@ NTSTATUS FspFsvolSetInformationPrepare( /* get a pointer to the current process so that we can close the impersonation token later */ Process = PsGetCurrentProcess(); ObReferenceObject(Process); - ProcessId = PsGetProcessId(Process); + OriginatingProcessId = IoGetRequestorProcessId(Irp); /* send the user-mode handle to the user-mode file system */ FspIopRequestContext(Request, RequestSubjectContextOrAccessToken) = UserModeAccessToken; FspIopRequestContext(Request, RequestProcess) = Process; ASSERT((UINT64)(UINT_PTR)UserModeAccessToken <= 0xffffffffULL); - ASSERT((UINT64)(UINT_PTR)ProcessId <= 0xffffffffULL); + ASSERT((UINT64)(UINT_PTR)OriginatingProcessId <= 0xffffffffULL); Request->Req.SetInformation.Info.Rename.AccessToken = - ((UINT64)(UINT_PTR)ProcessId << 32) | (UINT64)(UINT_PTR)UserModeAccessToken; + ((UINT64)(UINT_PTR)OriginatingProcessId << 32) | (UINT64)(UINT_PTR)UserModeAccessToken; return STATUS_SUCCESS; }