mirror of
https://github.com/netero1010/EDRSilencer.git
synced 2026-06-08 17:07:11 +00:00
Merge pull request #23 from danikdanik/patch-2
checking the SID structure for TokenIntegrityLevel
This commit is contained in:
Chris Au
@@ -41,6 +41,13 @@ BOOL CheckProcessIntegrityLevel() {
|
|||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (pTIL->Label.Sid == NULL || *GetSidSubAuthorityCount(pTIL->Label.Sid) < 1) {
|
||||||
|
printf("[-] SID structure is invalid.\n");
|
||||||
|
LocalFree(pTIL);
|
||||||
|
CloseHandle(hToken);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid, (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid) - 1));
|
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid, (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid) - 1));
|
||||||
|
|
||||||
if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID) {
|
if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID) {
|
||||||
|
|||||||
Reference in New Issue
Block a user