static CheckResult CheckDevice(string name, bool writable, EaBuffer ea_buffer)
{
CheckResult result = new CheckResult(name, NtStatus.STATUS_INVALID_PARAMETER, FileDeviceType.UNKNOWN);
try
{
using (var imp = NtToken.Impersonate(_pid,
_identify_only ? SecurityImpersonationLevel.Identification : SecurityImpersonationLevel.Impersonation))
{
FileAccessRights access_mask = FileAccessRights.GenericRead;
if (writable)
{
access_mask |= FileAccessRights.GenericWrite;
}
FileOpenOptions opts = _open_as_dir ? FileOpenOptions.DirectoryFile : FileOpenOptions.NonDirectoryFile;
using (NtFile file = NtFile.Create(name, null, access_mask, NtApiDotNet.FileAttributes.Normal,
FileShareMode.All, opts, FileDisposition.Open, ea_buffer))
{
result = new CheckResult(name, NtStatus.STATUS_SUCCESS, file.DeviceType);
}
}
}
catch (NtException ex)
{
result = new CheckResult(name, ex.Status, FileDeviceType.UNKNOWN);
}
return(result);
}
public static extern int NtOpenFile(
out IntPtr FileHandle,
FileAccessRights DesiredAccess,
ObjectAttributes ObjAttr,
[In][Out] IoStatus IoStatusBlock,
ShareMode ShareAccess,
FileOpenOptions OpenOptions);
static bool CheckDevice(string name, bool writable)
{
bool success = false;
try
{
using (var imp = NtToken.Impersonate(_pid,
_identify_only ? SecurityImpersonationLevel.Identification : SecurityImpersonationLevel.Impersonation))
{
FileAccessRights access_mask = FileAccessRights.GenericRead;
if (writable)
{
access_mask |= FileAccessRights.GenericWrite;
}
FileOpenOptions opts = _open_as_dir ? FileOpenOptions.DirectoryFile : FileOpenOptions.NonDirectoryFile;
using (NtFile file = NtFile.Open(name, null, access_mask, FileShareMode.All, opts))
{
success = true;
}
}
}
catch (Win32Exception ex)
{
// Ignore access denied and invalid function (indicates there's no IRP_MJ_CREATE handler)
PrintError(name, ex);
}
catch (NtException ex)
{
PrintError(name, ex.AsWin32Exception());
}
return(success);
}
public static extern NtStatus NtOpenFile(
out SafeKernelObjectHandle FileHandle,
FileAccessRights DesiredAccess,
ObjectAttributes ObjAttr,
[Out] IoStatus IoStatusBlock,
FileShareMode ShareAccess,
FileOpenOptions OpenOptions);
/// <summary>
/// Open a file with the Win32 CreateFile API.
/// </summary>
/// <param name="filename">The filename to open.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="share_mode">The share mode.</param>
/// <param name="security_descriptor">Optional security descriptor.</param>
/// <param name="inherit_handle">True to set the handle as inheritable.</param>
/// <param name="creation_disposition">Creation disposition.</param>
/// <param name="flags_and_attributes">Flags and attributes.</param>
/// <param name="template_file">Optional template file.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The opened file handle.</returns>
public static NtResult <NtFile> CreateFile(string filename,
FileAccessRights desired_access,
FileShareMode share_mode,
SecurityDescriptor security_descriptor,
bool inherit_handle,
CreateFileDisposition creation_disposition,
CreateFileFlagsAndAttributes flags_and_attributes,
NtFile template_file,
bool throw_on_error)
{
using (var resources = new DisposableList()) {
SECURITY_ATTRIBUTES sec_attr = null;
if (security_descriptor != null || inherit_handle)
{
sec_attr = new SECURITY_ATTRIBUTES();
sec_attr.bInheritHandle = inherit_handle;
sec_attr.lpSecurityDescriptor = security_descriptor == null ? SafeHGlobalBuffer.Null :
resources.AddResource(security_descriptor.ToSafeBuffer());
}
var handle = Win32NativeMethods.CreateFile(filename, desired_access,
share_mode, sec_attr, creation_disposition, flags_and_attributes,
template_file.GetHandle());
if (handle.IsInvalid)
{
return(GetLastWin32Error().CreateResultFromDosError <NtFile>(throw_on_error));
}
return(new NtFile(handle).CreateResult());
}
}
public static extern SafeFileHandle CreateFile(
[MarshalAs(UnmanagedType.LPTStr)] string filename,
[MarshalAs(UnmanagedType.U4)] FileAccessRights access,
[MarshalAs(UnmanagedType.U4)] FileShare share,
IntPtr securityAttributes, // optional SECURITY_ATTRIBUTES struct or IntPtr.Zero
[MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
[MarshalAs(UnmanagedType.U4)] CreateFileOptions flagsAndAttributes,
IntPtr templateFile);
/// <summary>
/// Open a file with the Win32 CreateFile API.
/// </summary>
/// <param name="filename">The filename to open.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="share_mode">The share mode.</param>
/// <param name="creation_disposition">Creation disposition.</param>
/// <param name="flags_and_attributes">Flags and attributes.</param>
/// <returns>The opened file handle.</returns>
public static NtFile CreateFile(string filename,
FileAccessRights desired_access,
FileShareMode share_mode,
CreateFileDisposition creation_disposition,
CreateFileFlagsAndAttributes flags_and_attributes)
{
return(CreateFile(filename, desired_access, share_mode,
creation_disposition, flags_and_attributes, true).Result);
}
public static SafeFileHandle DuplicateHandle(this SafeFileHandle sourceHandle, ProcessHandle sourceAndTargetProcess, FileAccessRights desiredAccess, bool inheritHandle, DuplicateHandleOptions options)
{
SafeFileHandle targetHandle;
if (!NativeMethods.DuplicateHandle(sourceAndTargetProcess, sourceHandle, sourceAndTargetProcess, out targetHandle, desiredAccess, inheritHandle, options))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return targetHandle;
}
internal static extern SafeKernelObjectHandle CreateFile(
string lpFileName,
FileAccessRights dwDesiredAccess,
FileShareMode dwShareMode,
SECURITY_ATTRIBUTES lpSecurityAttributes,
CreateFileDisposition dwCreationDisposition,
CreateFileFlagsAndAttributes dwFlagsAndAttributes,
SafeKernelObjectHandle hTemplateFile
);
public static extern NtStatus NtCreateMailslotFile(
out SafeKernelObjectHandle FileHandle,
FileAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
[Out] IoStatus IoStatusBlock,
FileOpenOptions CreateOptions,
int MailslotQuota,
int MaximumMessageSize,
LargeInteger ReadTimeout
);
/// <summary>
/// Open a file with the Win32 CreateFile API.
/// </summary>
/// <param name="filename">The filename to open.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="share_mode">The share mode.</param>
/// <param name="creation_disposition">Creation disposition.</param>
/// <param name="flags_and_attributes">Flags and attributes.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The opened file handle.</returns>
public static NtResult <NtFile> CreateFile(string filename,
FileAccessRights desired_access,
FileShareMode share_mode,
CreateFileDisposition creation_disposition,
CreateFileFlagsAndAttributes flags_and_attributes,
bool throw_on_error)
{
return(CreateFile(filename, desired_access, share_mode, null, false,
creation_disposition, flags_and_attributes, null, throw_on_error));
}
public static extern NtStatus NtCreateFile(
out SafeKernelObjectHandle FileHandle,
FileAccessRights DesiredAccess,
ObjectAttributes ObjAttr,
[Out] IoStatus IoStatusBlock,
LargeInteger AllocationSize,
FileAttributes FileAttributes,
FileShareMode ShareAccess,
FileDisposition CreateDisposition,
FileOpenOptions CreateOptions,
byte[] EaBuffer,
int EaLength);
/// <summary>
/// Open a file with the Win32 CreateFile API.
/// </summary>
/// <param name="filename">The filename to open.</param>
/// <param name="desired_access">The desired access.</param>
/// <param name="share_mode">The share mode.</param>
/// <param name="security_descriptor">Optional security descriptor.</param>
/// <param name="inherit_handle">True to set the handle as inheritable.</param>
/// <param name="creation_disposition">Creation disposition.</param>
/// <param name="flags_and_attributes">Flags and attributes.</param>
/// <param name="template_file">Optional template file.</param>
/// <returns>The opened file handle.</returns>
public static NtFile CreateFile(string filename,
FileAccessRights desired_access,
FileShareMode share_mode,
SecurityDescriptor security_descriptor,
bool inherit_handle,
CreateFileDisposition creation_disposition,
CreateFileFlagsAndAttributes flags_and_attributes,
NtFile template_file)
{
return(CreateFile(filename, desired_access, share_mode, security_descriptor, inherit_handle,
creation_disposition, flags_and_attributes, template_file, true).Result);
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
FileAccessRights access = Access;
if (Link)
{
if (access == FileAccessRights.None)
{
access = FileAccessRights.ReadAttributes;
}
}
else
{
access |= FileAccessRights.Delete;
}
string target = ResolveNewName ? PSUtils.ResolveWin32Path(SessionState, NewName) : NewName;
using (var file = NtFile.Open(obj_attributes, access, ShareMode, Options))
{
if (RenameFlags != 0)
{
if (ReplaceIfExists)
{
RenameFlags |= FileRenameInformationExFlags.ReplaceIfExists;
}
if (Link)
{
file.CreateHardlinkEx(target, NewNameRoot, RenameFlags);
}
else
{
file.RenameEx(target, NewNameRoot, RenameFlags);
}
}
else
{
if (Link)
{
file.CreateHardlink(target, NewNameRoot, ReplaceIfExists);
}
else
{
file.Rename(target, NewNameRoot, ReplaceIfExists);
}
}
}
return(null);
}
public static SafeFileHandle OpenFile(string name, FileAccessRights DesiredAccess, ShareMode ShareAccess, FileOpenOptions OpenOptions, bool inherit)
{
AttributeFlags flags = AttributeFlags.CaseInsensitive;
if (inherit)
{
flags |= AttributeFlags.Inherit;
}
using (ObjectAttributes obja = new ObjectAttributes(name, flags))
{
IntPtr handle;
IoStatusBlock iostatus = new IoStatusBlock();
StatusToNtException(NtOpenFile(out handle, DesiredAccess, obja, iostatus, ShareAccess, OpenOptions));
return(new SafeFileHandle(handle, true));
}
}
public static extern NtStatus NtCreateNamedPipeFile(
out SafeKernelObjectHandle FileHandle,
FileAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
[Out] IoStatus IoStatusBlock,
FileShareMode ShareAccess,
FileDisposition CreateDisposition,
FileOpenOptions CreateOptions,
NamedPipeType NamedPipeType,
NamedPipeReadMode ReadMode,
NamedPipeCompletionMode CompletionMode,
int MaximumInstances,
int InboundQuota,
int OutboundQuota,
LargeInteger DefaultTimeout
);
static string AccessMaskToString(uint granted_access, bool directory)
{
if (_type.HasFullPermission(granted_access))
{
return("Full Permission");
}
if (directory)
{
FileDirectoryAccessRights rights = (FileDirectoryAccessRights)granted_access;
return(rights.ToString());
}
else
{
FileAccessRights rights = (FileAccessRights)granted_access;
return(rights.ToString());
}
}
static string AccessMaskToString(uint granted_access, bool directory)
{
if (_type.HasFullPermission(granted_access))
{
return("Full Permission");
}
string file_rights;
if (directory)
{
FileDirectoryAccessRights rights = (FileDirectoryAccessRights)(granted_access & 0x1FF);
file_rights = rights.ToString();
}
else
{
FileAccessRights rights = (FileAccessRights)(granted_access & 0x1FF);
file_rights = rights.ToString();
}
StandardAccessRights standard = (StandardAccessRights)(granted_access & 0x1F0000);
return(String.Join(", ", new string[] { standard.ToString(), file_rights }));
}
public void AddAuditRule(IdentityReference identityReference, FileAccessRights accessMask, AuditFlags flags)
{
AddAuditRule(new FileAuditRule(identityReference, accessMask, flags));
}
public static extern bool DuplicateHandle(ProcessHandle sourceProcessHandle, SafeHandle sourceHandle, ProcessHandle targetProcess, out SafeFileHandle targetHandle, FileAccessRights desiredAccess, bool inheritHandle, DuplicateHandleOptions options);
public void AddAccessRule(IdentityReference identityReference, FileAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new FileAccessRule(identityReference, accessMask, type));
}
public void AddAccessRule(IdentityReference identityReference, FileAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new FileAccessRule(identityReference, accessMask, type));
}
public static SafeFileHandle DuplicateHandle(this SafeFileHandle sourceHandle, ProcessHandle sourceAndTargetProcess, FileAccessRights desiredAccess, bool inheritHandle, DuplicateHandleOptions options)
{
SafeFileHandle targetHandle;
if (!NativeMethods.DuplicateHandle(sourceAndTargetProcess, sourceHandle, sourceAndTargetProcess, out targetHandle, desiredAccess, inheritHandle, options))
{
ErrorHelper.ThrowCustomWin32Exception();
}
return(targetHandle);
}
public FileAuditRule(IdentityReference identity, FileAccessRights accessRights, AuditFlags type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public void AddAuditRule(IdentityReference identityReference, FileAccessRights accessMask, AuditFlags flags)
{
AddAuditRule(new FileAuditRule(identityReference, accessMask, flags));
}
private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights)
{
var securityInfo = Win32Security.GetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl);
var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid);
if (existingAce is not null &&
existingAce.Type == AceType.Allowed &&
existingAce.Mask == accessRights &&
existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit))
{
// Ace already exists.
return;
}
var ace = new Ace(
AceType.Allowed,
AceFlags.ContainerInherit | AceFlags.ObjectInherit,
accessRights,
container.Sid);
securityInfo.AddAce(ace);
Win32Security.SetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl,
securityInfo,
true);
}
/// <summary>
/// Creates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, and pipe.
/// The function returns a handle that can be used to access the file or device for various types of I/O depending on the file or device and the flags and attributes specified.
/// </summary>
/// <param name="path">
/// The name of the file or device to be created or opened. You may use either forward slashes (/) or backslashes (\) in this name.
/// </param>
/// <param name="access">
/// The requested access to the file or device, which can be summarized as read, write, both or neither.
/// </param>
/// <param name="share">
/// The requested sharing mode of the file or device, which can be read, write, both, delete, all of these, or none.
/// Access requests to attributes or extended attributes are not affected by this flag.
/// </param>
/// <param name="mode">
/// An action to take on a file or device that exists or does not exist.
/// For devices other than files, this parameter is usually set to FileMode.Open.
/// </param>
/// <param name="attributes">
/// The file or device attributes.
/// </param>
/// <param name="flags">
/// The file or device flags.
/// </param>
/// <returns>If the function succeeds, the return value is an open handle to the specified file, device, named pipe, or mail slot.</returns>
public static SafeFileHandle CreateFile(string path, FileAccessRights access, FileShare share, FileMode mode, FileAttributes attributes, FileFlags flags)
{
return(CreateFileInternal(path, (uint)access, share, mode, (uint)attributes | (uint)flags));
}
private SafeFileHandle CreateConnection(string deviceId, FileAccessRights desiredAccess, uint shareMode, uint creationDisposition)
{
Logger?.Log($"Calling {nameof(APICalls.CreateFile)} for DeviceId: {deviceId}. Desired Access: {desiredAccess}. Share mode: {shareMode}. Creation Disposition: {creationDisposition}", nameof(ApiService), null, LogLevel.Information);
return(APICalls.CreateFile(deviceId, desiredAccess, shareMode, IntPtr.Zero, creationDisposition, 0, IntPtr.Zero));
}
public SafeFileHandle CreateReadConnection(string deviceId, FileAccessRights desiredAccess)
{
return(CreateConnection(deviceId, desiredAccess, APICalls.FileShareRead | APICalls.FileShareWrite, APICalls.OpenExisting));
}
public FileAuditRule(IdentityReference identity, FileAccessRights accessRights, AuditFlags type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
private protected BaseNtFilePropertyCmdlet(FileAccessRights desired_access, FileShareMode share_mode, FileOpenOptions options)
{
_desired_access = desired_access;
_share_mode = share_mode;
_options = options;
}
public static extern bool DuplicateHandle(ProcessHandle sourceProcessHandle, SafeHandle sourceHandle, ProcessHandle targetProcess, out SafeFileHandle targetHandle, FileAccessRights desiredAccess, bool inheritHandle, DuplicateHandleOptions options);
/// <summary>
/// Convert a file access rights mask to a directory file access mask.
/// </summary>
/// <param name="access">The access to convert.</param>
/// <returns>The converted access rights.</returns>
public static FileDirectoryAccessRights ToDirectoryAccessRights(this FileAccessRights access)
{
AccessMask mask = access;
return(mask.ToSpecificAccess <FileDirectoryAccessRights>());
}
public static extern SafeFileHandle CreateFile(string lpFileName, FileAccessRights dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile);
