From: Derek Lesho Subject: [PATCH 2/5] ntoskrnl.exe: Make sure thread handle has rights to retrieve the TID. Message-Id: <20190424142509.528-2-dereklesho52@Gmail.com> Date: Wed, 24 Apr 2019 10:25:06 -0400 In-Reply-To: <20190424142509.528-1-dereklesho52@Gmail.com> References: <20190424142509.528-1-dereklesho52@Gmail.com> Jacek says that duplicating and closing the sent handle in kernel_object_from_handle every time would add unecessary overhead. Signed-off-by: Derek Lesho --- dlls/ntoskrnl.exe/ntoskrnl.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 76046c8d90..533ac662d1 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -2504,6 +2504,7 @@ NTSTATUS WINAPI PsLookupProcessByProcessId( HANDLE processid, PEPROCESS *process static void *create_thread_object( HANDLE handle ) { + NTSTATUS status; THREAD_BASIC_INFORMATION info; struct _KTHREAD *thread; @@ -2512,8 +2513,20 @@ static void *create_thread_object( HANDLE handle ) thread->header.Type = 6; thread->header.WaitListHead.Blink = INVALID_HANDLE_VALUE; /* mark as kernel object */ - if (!NtQueryInformationThread( handle, ThreadBasicInformation, &info, sizeof(info), NULL )) + if (!(status = NtQueryInformationThread( handle, ThreadBasicInformation, &info, sizeof(info), NULL ))) thread->id = info.ClientId; + else if (status == STATUS_ACCESS_DENIED) + { + HANDLE info_handle; + + DuplicateHandle( GetCurrentProcess(), handle, GetCurrentProcess(), + &info_handle, THREAD_QUERY_LIMITED_INFORMATION, FALSE, 0); + + if (!NtQueryInformationThread( handle, ThreadBasicInformation, &info, sizeof(info), NULL )) + thread->id = info.ClientId; + + NtClose( info_handle ); + } thread->critical_region_count = 0; -- 2.20.1