Beispiel #1
0
        private static Dictionary <string, NtType> LoadTypes()
        {
            var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
            SafeStructureInOutBuffer <ObjectAllTypesInformation> type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>();

            try
            {
                Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
                int      return_length;
                NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
                                                              type_info.DangerousGetHandle(), type_info.Length, out return_length);
                if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH)
                {
                    status.ToNtException();
                }

                type_info.Close();
                type_info = null;
                type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(return_length, false);

                int alignment = IntPtr.Size - 1;
                NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
                                            type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException();
                ObjectAllTypesInformation result = type_info.Result;
                IntPtr curr_typeinfo             = type_info.DangerousGetHandle() + IntPtr.Size;
                for (int count = 0; count < result.NumberOfTypes; ++count)
                {
                    ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
                    string        name         = info.Name.ToString();
                    NtTypeFactory factory      = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
                    NtType        ti           = new NtType(count + 2, info, factory);
                    ret[ti.Name] = ti;

                    int offset = (info.Name.MaximumLength + alignment) & ~alignment;
                    curr_typeinfo = info.Name.Buffer + offset;
                }

                return(ret);
            }
            finally
            {
                if (type_info != null)
                {
                    type_info.Close();
                }
            }
        }
Beispiel #2
0
        private SafeHGlobalBuffer CreateAbsoluteSecurityDescriptor()
        {
            SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;

            try
            {
                byte[] dacl       = Dacl?.ToByteArray();
                byte[] sacl       = Sacl?.ToByteArray();
                byte[] owner      = Owner?.Sid.ToArray();
                byte[] group      = Group?.Sid.ToArray();
                int    total_size = GetLength(dacl) + GetLength(sacl) + GetLength(owner) + GetLength(group);
                sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>(total_size, true);
                NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
                SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
                NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
                int current_ofs = 0;
                if (Dacl != null)
                {
                    IntPtr ptr = UpdateBuffer(sd_buffer, Dacl.NullAcl ? null : dacl, ref current_ofs);
                    NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, ptr, Dacl.Defaulted).ToNtException();
                }
                if (Sacl != null)
                {
                    IntPtr ptr = UpdateBuffer(sd_buffer, Sacl.NullAcl ? null : sacl, ref current_ofs);
                    NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, ptr, Sacl.Defaulted).ToNtException();
                }
                if (Owner != null)
                {
                    IntPtr ptr = UpdateBuffer(sd_buffer, owner, ref current_ofs);
                    NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, ptr, Owner.Defaulted);
                }
                if (Group != null)
                {
                    IntPtr ptr = UpdateBuffer(sd_buffer, group, ref current_ofs);
                    NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, ptr, Group.Defaulted);
                }

                return(Interlocked.Exchange(ref sd_buffer, null));
            }
            finally
            {
                sd_buffer?.Close();
            }
        }
Beispiel #3
0
        private SafeStructureInOutBuffer <T> Query <T>(ProcessInfoClass info_class) where T : new()
        {
            int      return_length = 0;
            NtStatus status        = NtSystemCalls.NtQueryInformationProcess(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);

            if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL)
            {
                throw new NtException(status);
            }

            SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false);

            try
            {
                NtSystemCalls.NtQueryInformationProcess(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException();
                return(buffer);
            }
            catch
            {
                buffer.Close();
                throw;
            }
        }
Beispiel #4
0
        private SafeStructureInOutBuffer <T> QueryKey <T>(KeyInformationClass info_class) where T : new()
        {
            int      return_length;
            NtStatus status = NtSystemCalls.NtQueryKey(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length);

            if (status != NtStatus.STATUS_BUFFER_OVERFLOW && status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL)
            {
                status.ToNtException();
            }
            SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false);

            try
            {
                NtSystemCalls.NtQueryKey(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException();
                return(Interlocked.Exchange(ref buffer, null));
            }
            finally
            {
                if (buffer != null)
                {
                    buffer.Close();
                }
            }
        }
Beispiel #5
0
        /// <summary>
        /// Convert security descriptor to a byte array
        /// </summary>
        /// <returns>The binary security descriptor</returns>
        public byte[] ToByteArray()
        {
            SafeStructureInOutBuffer <SecurityDescriptorStructure> sd_buffer = null;
            SafeHGlobalBuffer   dacl_buffer  = null;
            SafeHGlobalBuffer   sacl_buffer  = null;
            SafeSidBufferHandle owner_buffer = null;
            SafeSidBufferHandle group_buffer = null;

            try
            {
                sd_buffer = new SafeStructureInOutBuffer <SecurityDescriptorStructure>();
                NtRtl.RtlCreateSecurityDescriptor(sd_buffer, Revision).ToNtException();
                SecurityDescriptorControl control = Control & SecurityDescriptorControl.ValidControlSetMask;
                NtRtl.RtlSetControlSecurityDescriptor(sd_buffer, control, control).ToNtException();
                if (Dacl != null)
                {
                    if (!Dacl.NullAcl)
                    {
                        dacl_buffer = new SafeHGlobalBuffer(Dacl.ToByteArray());
                    }
                    else
                    {
                        dacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
                    }

                    NtRtl.RtlSetDaclSecurityDescriptor(sd_buffer, true, dacl_buffer.DangerousGetHandle(), Dacl.Defaulted).ToNtException();
                }
                if (Sacl != null)
                {
                    if (!Sacl.NullAcl)
                    {
                        sacl_buffer = new SafeHGlobalBuffer(Sacl.ToByteArray());
                    }
                    else
                    {
                        sacl_buffer = new SafeHGlobalBuffer(IntPtr.Zero, 0, false);
                    }

                    NtRtl.RtlSetSaclSecurityDescriptor(sd_buffer, true, sacl_buffer.DangerousGetHandle(), Sacl.Defaulted).ToNtException();
                }
                if (Owner != null)
                {
                    owner_buffer = Owner.Sid.ToSafeBuffer();
                    NtRtl.RtlSetOwnerSecurityDescriptor(sd_buffer, owner_buffer.DangerousGetHandle(), Owner.Defaulted);
                }
                if (Group != null)
                {
                    group_buffer = Group.Sid.ToSafeBuffer();
                    NtRtl.RtlSetGroupSecurityDescriptor(sd_buffer, group_buffer.DangerousGetHandle(), Group.Defaulted);
                }

                int      total_length = 0;
                NtStatus status       = NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, new SafeHGlobalBuffer(IntPtr.Zero, 0, false), ref total_length);
                if (status != NtStatus.STATUS_BUFFER_TOO_SMALL)
                {
                    status.ToNtException();
                }

                using (SafeHGlobalBuffer relative_sd = new SafeHGlobalBuffer(total_length))
                {
                    NtRtl.RtlAbsoluteToSelfRelativeSD(sd_buffer, relative_sd, ref total_length).ToNtException();
                    return(relative_sd.ToArray());
                }
            }
            finally
            {
                sd_buffer?.Close();
                dacl_buffer?.Close();
                sacl_buffer?.Close();
                owner_buffer?.Close();
                group_buffer?.Close();
            }
        }