New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RTL][NTDLL_APITEST] Implement RtlRemovePrivileges #4614
Conversation
Ah, and since this is also a new function, please write an apitest for it in order to document and test its functioning, following the existing examples of |
IN ULONG PrivilegeCount) | ||
{ | ||
DPRINT("RtlRemovePrivileges(%p, %p, %u)\n", TokenHandle, PrivilegesToKeep, PrivilegeCount); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You wouldn't want your RtlRemovePrivileges
to explode in your face if the current IRQL is inappropriate for the function to do its work. Use PAGED_CODE_RTL()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This RTL function exported from ntdll.dll in user-mode, in this case, PAGED_CODE_RTL() is not necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There can be NTDLL functions that can be used in kernel mode on-demand. Is this RtlRemovePrivileges
strictly used for user mode system components or can it have its usage in kernel mode too? If the former then you might not need PAGED_CODE_RTL()
, otherwise you have to use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, RtlRemovePrivileges
is exported in user-mode only (in Windows), not in kernel-mode, like RtlAdjustPrivilege
but new for NT 6.0+
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@GeoB99 : Normally the RTL should be compiled twice: once for the kernel (making it use possible kernel-specific defines), and once for user-mode (for ntdll). We don't do that yet, and as a result we may end up (in non-optimized builds) with user-mode-only functions (like this one) being added in the kernel but being never used.
d159a1f
to
f085c62
Compare
IN ULONG PrivilegeCount) | ||
{ | ||
DPRINT("RtlRemovePrivileges(%p, %p, %u)\n", TokenHandle, PrivilegesToKeep, PrivilegeCount); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@GeoB99 : Normally the RTL should be compiled twice: once for the kernel (making it use possible kernel-specific defines), and once for user-mode (for ntdll). We don't do that yet, and as a result we may end up (in non-optimized builds) with user-mode-only functions (like this one) being added in the kernel but being never used.
Does this test pass OK on Windows 7+ ? |
f085c62
to
c96e746
Compare
|
Implement RtlRemovePrivileges