static void Main(string[] args)
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
if (args.Length == 0)
{
MessageBox.Show("Usage: ViewSecurityDescriptor.exe (handle [--readonly]|Name SDDL NtType)", "Usage", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
if (args.Length < 3)
{
var handle = new SafeKernelObjectHandle(new IntPtr(int.Parse(args[0])), true);
bool read_only = args.Length > 1 ? args[1].Equals("--readonly") : false;
using (var obj = NtGeneric.FromHandle(handle))
{
Application.Run(new SecurityDescriptorViewerForm(obj, read_only));
}
}
else
{
NtType type = ServiceUtils.GetServiceNtType(args[2]) ?? new NtType(args[2]);
SecurityDescriptor sd = new SecurityDescriptor(args[1], type);
Application.Run(new SecurityDescriptorViewerForm(args[0], sd));
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private void CheckHandles(IEnumerable <TokenEntry> tokens, HashSet <string> type_filter,
HashSet <ulong> checked_objects, NtProcess process, IEnumerable <NtHandle> handles)
{
foreach (NtHandle handle in handles)
{
if (Stopping)
{
return;
}
using (var obj = NtGeneric.DuplicateFrom(process, new IntPtr(handle.Handle), 0, DuplicateObjectOptions.SameAccess, false))
{
// We double check type here to ensure we've duplicated a similar handle.
if (!obj.IsSuccess)
{
continue;
}
if (checked_objects.Add(handle.Object))
{
if (CheckUnnamed || !String.IsNullOrEmpty(obj.Result.FullPath))
{
DumpObject(tokens, type_filter, AccessRights, obj.Result,
obj.Result.NtTypeName.Equals("Directory", StringComparison.OrdinalIgnoreCase));
}
}
}
}
}
private object GetObject(IntPtr handle)
{
using (var dup_obj = NtGeneric.DuplicateFrom(SourceProcess, handle,
GetDesiredAccess(), ObjectAttributes ?? 0, GetOptions()))
{
return(dup_obj.ToTypedObject());
}
}
static void Main(string[] args)
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
if (args.Length == 0)
{
MessageBox.Show("Usage: ViewSecurityDescriptor.exe (handle [--readonly]|Name (SDDL|-B64) NtType [Container])", "Usage", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
if (args.Length < 3)
{
var handle = new SafeKernelObjectHandle(new IntPtr(int.Parse(args[0])), true);
bool read_only = args.Length > 1 ? args[1].Equals("--readonly") : false;
using (var obj = NtGeneric.FromHandle(handle))
{
Application.Run(new SecurityDescriptorViewerForm(obj.ToTypedObject(), read_only));
}
}
else
{
NtType type = null;
if (args[2].Equals("DirectoryService", StringComparison.OrdinalIgnoreCase))
{
type = DirectoryServiceUtils.NtType;
}
else
{
type = ServiceUtils.GetServiceNtType(args[2]) ?? new NtType(args[2]);
}
SecurityDescriptor sd;
if (args[1].StartsWith("-"))
{
sd = new SecurityDescriptor(Convert.FromBase64String(args[1].Substring(1)));
}
else
{
sd = new SecurityDescriptor(args[1]);
}
bool container = false;
if (args.Length > 3)
{
container = bool.Parse(args[3]);
}
Application.Run(new SecurityDescriptorViewerForm(args[0], sd, type, container));
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private object GetObject(NtHandle handle)
{
using (var proc = NtProcess.Open(handle.ProcessId, ProcessAccessRights.DupHandle))
{
using (var dup_obj = NtGeneric.DuplicateFrom(proc, new IntPtr(handle.Handle),
GetDesiredAccess(), ObjectAttributes ?? 0, GetOptions()))
{
return(dup_obj.ToTypedObject());
}
}
}
private NtObject GetObject()
{
if (ParameterSetName == "FromHandle")
{
using (var obj = NtGeneric.DuplicateFrom(SourceProcess, SourceHandle, DesiredAccess ?? 0, ObjectAttributes ?? 0, GetOptions()))
{
return(obj.ToTypedObject());
}
}
else
{
return(Object.DuplicateObject(DesiredAccess ?? 0, ObjectAttributes ?? 0, GetOptions()));
}
}
private void CheckHandles(TokenEntry token, HashSet <string> type_filter,
Dictionary <ulong, MaximumAccess> max_access, NtProcess process, IEnumerable <NtHandle> handles)
{
foreach (NtHandle handle in handles)
{
if (Stopping)
{
return;
}
using (var result = NtGeneric.DuplicateFrom(process, new IntPtr(handle.Handle), 0, DuplicateObjectOptions.SameAccess, false))
{
if (!result.IsSuccess)
{
continue;
}
using (NtObject obj = result.Result.ToTypedObject())
{
NtType type = obj.NtType;
if (!IsTypeFiltered(type.Name, type_filter))
{
continue;
}
string full_path = GetObjectName(obj);
MaximumAccess maximum_access = GetMaxAccess(token, obj, handle.Object, max_access);
HandleAccessCheckResult access = new HandleAccessCheckResult(maximum_access, handle,
full_path, type.Name, handle.GrantedAccess, type.GenericMapping,
maximum_access != null ? maximum_access.SecurityDescriptor : string.Empty, type.AccessRightsType, false, token.Information);
WriteObject(access);
}
}
}
}
static void Main(string[] args)
{
try
{
if (args.Length == 0)
{
MessageBox.Show("Usage: ViewSecurityDescriptor.exe (handle [--readonly]|Name SDDL NtType)", "Usage", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
if (args.Length < 3)
{
var handle = new SafeKernelObjectHandle(new IntPtr(int.Parse(args[0])), true);
bool read_only = args.Length > 1 ? args[1].Equals("--readonly") : false;
using (var obj = NtGeneric.FromHandle(handle))
{
SecurityUtils.EditSecurity(IntPtr.Zero, obj, obj.Name, read_only);
}
}
else
{
SecurityDescriptor sd = new SecurityDescriptor(args[1]);
NtType type = NtType.GetTypeByName(args[2], false);
if (type == null)
{
throw new ArgumentException(string.Format("Unknown NT type {0}", args[2]));
}
SecurityUtils.EditSecurity(IntPtr.Zero, args[0], sd, type);
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private SecurityDescriptor GetSecurityDescriptor(NtGeneric obj)
{
try
{
if (obj != null)
{
using (NtGeneric dup = obj.Duplicate(GenericAccessRights.ReadControl))
{
return dup.SecurityDescriptor;
}
}
}
catch
{
}
return null;
}
private string GetName(NtGeneric obj)
{
if (obj == null)
{
return String.Empty;
}
return obj.FullPath;
}
