Add check for lsass.exe process protection (PPL)

[ebfe90]

Hello,

I've added a check to verify by PID if a process is protected or not and returns a dict with all related infos like level,signer,audit and type. In order for pypykatz to get a handle the protection needs to be removed ;)

[skelsec]

I have accepted your previous PR but now there is a conflict with this PR because of this :) Can you please resubmit this PR that doesn't conflict? It seems like this PR was a modification of the original version of pypykatz so your non-admin-lsass-finder version is missing from this PR EDIT: I tried this PR on my test system that has PPL + the virtualization based protection enabled both, and your code doesn't hit because the get_lsass_pid() throws an exception before hitting your detections. Not sure is this because of the enabled virtualization tho. Will check later.

[ebfe90]

I have just rebased the pull. I will check also from my side. Thank you.

[skelsec]

Okay, it's good now but your last PR broke compatibility on all 32 bit OSes. (I'm at fault for not testing on 32 bits) Issue: NtQueryInformationProcess returns ACCESS_DENIED ntstatus code on 32 bits (even when run as administrator with SE_DEBUG). I'll merge this PR and immediately fix the previous PR to use the original code. The artifacts will stay but the function you added will raise a NotImplementedException until a fix sent.