Added OpenProcessToken and AdjustTokenPrivilege

MachineHunter / SafeExecute

自分で設定したセキュリティのルールの下、実行ファイルを安全に実行できるツールです。

3 stars 0 forks source link

Added OpenProcessToken and AdjustTokenPrivilege #77

Closed shhu6844 closed 2 years ago

shhu6844 commented 2 years ago

Added OpenProcessToken and AdjustTokenPrivilege. Added TestExecutables/ProcessToken.exe

MachineHunter commented 2 years ago

Thanks for the change! Can you explain why malware detecting if SYSTEM or not is dangerous? Also, is OpenProcessToken and AdjustTokenPrivilege both dangerous? I don't know the detail of those apis but it seems to me that AdjustTokenPrivilege is only dangerous if called with specific arguments

shhu6844 commented 2 years ago

Thank you for the feedback! I also added more information in the issue and also wiki pages. About why I choose to detect and hook these two APIs is because I don't think it is a common used method, and also the usage. I'd like to be skeptical when I find some program using these APIs, but it's just my opinion I don't know if it's actually a common used API for normal usage.

MachineHunter commented 2 years ago

Thank you～ I'll merge this afterwards