Add 3 vulnerabilities details and fix documents:egg:

Author: Ascotbe

CVE-2020-1066/CVE-2020-1066.exe

@@ -0,0 +1,176 @@
+//  Copyright 2015 Google Inc. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http ://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+#include "stdafx.h"
+#include "CommonUtils.h"
+#include <strsafe.h>
+#include "ntimports.h"
+
+void __stdcall my_puts(const char* str)
+{
+	fwrite(str, 1, strlen(str), stdout);
+}
+
+static console_output _pout = my_puts;
+
+void DebugSetOutput(console_output pout)
+{
+	_pout = pout;
+}
+
+void DebugPrintf(const char* lpFormat, ...)
+{
+	CHAR buf[1024];
+	va_list va;
+
+	va_start(va, lpFormat);
+
+	StringCbVPrintfA(buf, sizeof(buf), lpFormat, va);	
+
+	_pout(buf);
+}
+
+std::wstring GetErrorMessage(DWORD dwError)
+{
+	LPWSTR pBuffer = NULL;
+
+	DWORD dwSize = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS |
+		FORMAT_MESSAGE_ALLOCATE_BUFFER, 0, dwError, 0, (LPWSTR)&pBuffer, 32 * 1024, nullptr);
+
+	if (dwSize > 0)
+	{
+		std::wstring ret = pBuffer;
+
+		LocalFree(pBuffer);
+
+		return ret;
+	}
+	else
+	{
+		printf("Error getting message %d\n", GetLastError());
+		WCHAR buf[64];
+		StringCchPrintf(buf, _countof(buf), L"%d", dwError);
+		return buf;
+	}
+}
+
+std::wstring GetErrorMessage()
+{
+	return GetErrorMessage(GetLastError());
+}
+
+
+BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
+{
+	TOKEN_PRIVILEGES tp;
+	LUID luid;
+
+	if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid))
+	{
+		return FALSE;
+	}
+
+	tp.PrivilegeCount = 1;
+	tp.Privileges[0].Luid = luid;
+	if (bEnablePrivilege)
+	{
+		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+	}
+	else
+	{
+		tp.Privileges[0].Attributes = 0;
+	}
+
+	if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL))
+	{
+		return FALSE;
+	}
+
+	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
+	{
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+DWORD NtStatusToDosError(NTSTATUS status)
+{
+	DEFINE_NTDLL(RtlNtStatusToDosError);
+	return fRtlNtStatusToDosError(status);
+}
+
+void SetNtLastError(NTSTATUS status)
+{
+	SetLastError(NtStatusToDosError(status));
+}
+
+FARPROC GetProcAddressNT(LPCSTR lpName)
+{
+	return GetProcAddress(GetModuleHandleW(L"ntdll"), lpName);
+}
+
+HANDLE OpenFileNative(LPCWSTR path, HANDLE root, ACCESS_MASK desired_access, ULONG share_access, ULONG open_options)
+{
+	UNICODE_STRING name = { 0 };
+	OBJECT_ATTRIBUTES obj_attr = { 0 };
+
+	DEFINE_NTDLL(RtlInitUnicodeString);
+	DEFINE_NTDLL(NtOpenFile);
+
+	if (path)
+	{
+		fRtlInitUnicodeString(&name, path);
+		InitializeObjectAttributes(&obj_attr, &name, OBJ_CASE_INSENSITIVE, root, nullptr);
+	}
+	else
+	{
+		InitializeObjectAttributes(&obj_attr, nullptr, OBJ_CASE_INSENSITIVE, root, nullptr);
+	}
+
+	HANDLE h = nullptr;
+	IO_STATUS_BLOCK io_status = { 0 };
+	NTSTATUS status = fNtOpenFile(&h, desired_access, &obj_attr, &io_status, share_access, open_options);
+	if (NT_SUCCESS(status))
+	{
+		return h;
+	}
+	else
+	{
+		SetNtLastError(status);
+		return nullptr;
+	}
+}
+
+std::wstring BuildFullPath(const std::wstring& path, bool native)
+{
+	std::wstring ret;
+	WCHAR buf[MAX_PATH];
+
+	if (native)
+	{
+		ret = L"\\??\\";
+	}
+
+	if (GetFullPathName(path.c_str(), MAX_PATH, buf, nullptr) > 0)
+	{
+		ret += buf;
+	}
+	else
+	{
+		ret += path;
+	}
+
+	return ret;
+}

CVE-2020-1066/CommonUtils/CommonUtils.cpp

@@ -0,0 +1,22 @@
+#pragma once
+
+#include <Windows.h>
+#include <string>
+
+typedef void(__stdcall *console_output)(const char*);
+
+void DebugSetOutput(console_output pout);
+void DebugPrintf(const char* lpFormat, ...);
+HANDLE CreateSymlink(HANDLE root, LPCWSTR linkname, LPCWSTR targetname);
+HANDLE OpenSymlink(HANDLE root, LPCWSTR linkname);
+HANDLE CreateObjectDirectory(HANDLE hRoot, LPCWSTR dirname, HANDLE hShadow);
+HANDLE OpenObjectDirectory(HANDLE hRoot, LPCWSTR dirname);
+std::wstring GetErrorMessage(DWORD dwError);
+std::wstring GetErrorMessage();
+BOOL SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege);
+bool CreateRegSymlink(LPCWSTR lpSymlink, LPCWSTR lpTarget, bool bVolatile);
+bool DeleteRegSymlink(LPCWSTR lpSymlink);
+DWORD NtStatusToDosError(NTSTATUS status);
+bool CreateNativeHardlink(LPCWSTR linkname, LPCWSTR targetname);
+HANDLE OpenFileNative(LPCWSTR path, HANDLE root, ACCESS_MASK desired_access, ULONG share_access, ULONG open_options);
+std::wstring BuildFullPath(const std::wstring& path, bool native);

CVE-2020-1066/CommonUtils/CommonUtils.h

@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{2AA6AB5E-18A8-49F4-B25D-587E8C3E4432}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>CommonUtils</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v140</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)Build\</OutDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="CommonUtils.h" />
+    <ClInclude Include="FileOpLock.h" />
+    <ClInclude Include="FileSymlink.h" />
+    <ClInclude Include="ntimports.h" />
+    <ClInclude Include="ReparsePoint.h" />
+    <ClInclude Include="ScopedHandle.h" />
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+    <ClInclude Include="typed_buffer.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="CommonUtils.cpp" />
+    <ClCompile Include="DirectoryObject.cpp" />
+    <ClCompile Include="FileOpLock.cpp" />
+    <ClCompile Include="FileSymlink.cpp" />
+    <ClCompile Include="Hardlink.cpp" />
+    <ClCompile Include="NativeSymlink.cpp" />
+    <ClCompile Include="RegistrySymlink.cpp" />
+    <ClCompile Include="ReparsePoint.cpp" />
+    <ClCompile Include="ScopedHandle.cpp" />
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

CVE-2020-1066/CommonUtils/CommonUtils.vcxproj

@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="FileOpLock.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="CommonUtils.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="FileSymlink.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="ScopedHandle.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="ReparsePoint.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="typed_buffer.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="ntimports.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="FileOpLock.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="NativeSymlink.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="CommonUtils.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="FileSymlink.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="ScopedHandle.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="ReparsePoint.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="DirectoryObject.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="RegistrySymlink.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="Hardlink.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>