/// <summary>
/// Get the cached singing level from the raw EA buffer.
/// </summary>
/// <param name="ea">The EA buffer to read the cached signing level from.</param>
/// <returns>The cached signing level.</returns>
/// <exception cref="NtException">Throw on error.</exception>
public static CachedSigningLevel GetCachedSigningLevelFromEa(EaBuffer ea)
{
EaBufferEntry buffer = ea.GetEntry("$KERNEL.PURGE.ESBCACHE");
if (buffer == null)
{
NtStatus.STATUS_OBJECT_NAME_NOT_FOUND.ToNtException();
}
BinaryReader reader = new BinaryReader(new MemoryStream(buffer.Data));
int total_size = reader.ReadInt32();
int version = reader.ReadInt16();
switch (version)
{
case 1:
return(ReadCachedSigningLevelVersion1(reader));
case 2:
return(ReadCachedSigningLevelVersion2(reader));
case 3:
return(ReadCachedSigningLevelVersion3(reader));
default:
throw new ArgumentException($"Unsupported cached signing level buffer version {version}");
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="buffer">Existing buffer to copy.</param>
public EaBuffer(EaBuffer buffer)
: this(buffer.Entries.Select(e => e.Clone()))
{
}
/// <summary>
/// Create a new file
/// </summary>
/// <param name="name">The path to the file</param>
/// <param name="root">A root object to parse relative filenames</param>
/// <param name="desired_access">Desired access for the file</param>
/// <param name="file_attributes">Attributes for the file</param>
/// <param name="share_access">Share access for the file</param>
/// <param name="open_options">Open options for file</param>
/// <param name="disposition">Disposition when opening the file</param>
/// <param name="ea_buffer">Extended Attributes buffer</param>
/// <returns>The created/opened file object.</returns>
public static NtFile Create(string name, NtObject root, FileAccessRights desired_access, FileAttributes file_attributes, FileShareMode share_access,
FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer)
{
using (ObjectAttributes obja = new ObjectAttributes(name, AttributeFlags.CaseInsensitive, root))
{
return(Create(obja, desired_access, file_attributes, share_access, open_options, disposition, ea_buffer));
}
}
/// <summary>
/// Create a new file
/// </summary>
/// <param name="name">The path to the file</param>
/// <param name="desired_access">Desired access for the file</param>
/// <param name="share_access">Share access for the file</param>
/// <param name="open_options">Open options for file</param>
/// <param name="disposition">Disposition when opening the file</param>
/// <param name="ea_buffer">Extended Attributes buffer</param>
/// <returns>The created/opened file object.</returns>
public static NtFile Create(string name, FileAccessRights desired_access, FileShareMode share_access,
FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer)
{
return(Create(name, null, desired_access, FileAttributes.Normal, share_access, open_options, disposition, ea_buffer));
}
/// <summary>
/// Create a new file
/// </summary>
/// <param name="obj_attributes">The object attributes</param>
/// <param name="desired_access">Desired access for the file</param>
/// <param name="file_attributes">Attributes for the file</param>
/// <param name="share_access">Share access for the file</param>
/// <param name="open_options">Open options for file</param>
/// <param name="disposition">Disposition when opening the file</param>
/// <param name="ea_buffer">Extended Attributes buffer</param>
/// <returns>The created/opened file object.</returns>
public static NtFile Create(ObjectAttributes obj_attributes, FileAccessRights desired_access, FileAttributes file_attributes, FileShareMode share_access,
FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer)
{
SafeKernelObjectHandle handle;
IoStatus iostatus = new IoStatus();
byte[] buffer = ea_buffer != null?ea_buffer.ToByteArray() : null;
NtSystemCalls.NtCreateFile(out handle, desired_access, obj_attributes, iostatus, null, FileAttributes.Normal,
share_access, disposition, open_options, buffer, buffer != null ? buffer.Length : 0).ToNtException();
return(new NtFile(handle));
}
