@@ -280,9 +280,32 @@ private void WriteAccessCheckResult(ProcessDetails process, ThreadDetails thread
280280 }
281281 }
282282
283+ private static AccessMask AdjustProcessAccess ( AccessMask granted_access )
284+ {
285+ if ( granted_access . IsAccessGranted ( ProcessAccessRights . QueryInformation ) )
286+ granted_access |= ProcessAccessRights . QueryLimitedInformation ;
287+ if ( granted_access . IsAllAccessGranted ( ProcessAccessRights . VmWrite | ProcessAccessRights . VmOperation ) )
288+ granted_access |= ProcessAccessRights . QueryLimitedInformation ;
289+ if ( granted_access . IsAccessGranted ( ProcessAccessRights . SetInformation ) )
290+ granted_access |= ProcessAccessRights . SetLimitedInformation ;
291+ return granted_access ;
292+ }
293+
294+ private static AccessMask AdjustThreadAccess ( AccessMask granted_access )
295+ {
296+ if ( granted_access . IsAccessGranted ( ThreadAccessRights . QueryInformation ) )
297+ granted_access |= ThreadAccessRights . QueryLimitedInformation ;
298+ if ( granted_access . IsAccessGranted ( ThreadAccessRights . SetInformation ) )
299+ granted_access |= ThreadAccessRights . SetLimitedInformation ;
300+ if ( granted_access . IsAccessGranted ( ThreadAccessRights . SuspendResume ) )
301+ granted_access |= ThreadAccessRights . Resume ;
302+ return granted_access ;
303+ }
304+
283305 private void CheckAccess ( TokenEntry token , ProcessDetails process , ThreadDetails thread , NtType type , AccessMask access_rights , SecurityDescriptor sd )
284306 {
285307 AccessMask granted_access = NtSecurity . GetMaximumAccess ( sd , token . Token , type . GenericMapping ) ;
308+ granted_access = thread == null ? AdjustProcessAccess ( granted_access ) : AdjustThreadAccess ( granted_access ) ;
286309 if ( IsAccessGranted ( granted_access , access_rights ) )
287310 {
288311 WriteAccessCheckResult ( process , thread , granted_access , type . GenericMapping , sd , token . Information ) ;
0 commit comments