private SafeHGlobalBuffer GetAttributes(DisposableList <IDisposable> resources)
{
int count = GetAttributeCount();
if (count == 0)
{
return(SafeHGlobalBuffer.Null);
}
var attr_list = resources.AddResource(new SafeProcThreadAttributeListBuffer(count));
if (ParentProcess != null)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeParentProcess, ParentProcess.Handle.DangerousGetHandle());
}
if (MitigationOptions2 != ProcessMitigationOptions2.None)
{
MemoryStream stm = new MemoryStream();
BinaryWriter writer = new BinaryWriter(stm);
writer.Write((ulong)MitigationOptions);
writer.Write((ulong)MitigationOptions2);
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, stm.ToArray());
}
else if (MitigationOptions != ProcessMitigationOptions.None)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, (ulong)MitigationOptions);
}
if (Win32kFilterFlags != Win32kFilterFlags.None)
{
Win32kFilterAttribute filter = new Win32kFilterAttribute();
filter.Flags = Win32kFilterFlags;
filter.FilterLevel = Win32kFilterLevel;
attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeWin32kFilter, resources.AddResource(filter.ToBuffer()));
}
if ((CreationFlags & CreateProcessFlags.ProtectedProcess) != 0)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeProtectionLevel, (int)ProtectionLevel);
}
if (InheritHandleList.Count > 0)
{
int total_size = IntPtr.Size * InheritHandleList.Count;
var handle_list = resources.AddResource(new SafeHGlobalBuffer(total_size));
handle_list.WriteArray(0, InheritHandleList.ToArray(), 0, InheritHandleList.Count);
attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeHandleList, handle_list);
}
return(attr_list);
}
private SafeHGlobalBuffer GetAttributes(DisposableList <IDisposable> resources)
{
int count = GetAttributeCount();
if (count == 0)
{
return(SafeHGlobalBuffer.Null);
}
var attr_list = resources.AddResource(new SafeProcThreadAttributeListBuffer(count));
if (ParentProcess != null)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeParentProcess, ParentProcess.Handle.DangerousGetHandle());
}
if (MitigationOptions2 != ProcessMitigationOptions2.None)
{
MemoryStream stm = new MemoryStream();
BinaryWriter writer = new BinaryWriter(stm);
writer.Write((ulong)MitigationOptions);
writer.Write((ulong)MitigationOptions2);
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, stm.ToArray());
}
else if (MitigationOptions != ProcessMitigationOptions.None)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, (ulong)MitigationOptions);
}
if (Win32kFilterFlags != Win32kFilterFlags.None)
{
Win32kFilterAttribute filter = new Win32kFilterAttribute();
filter.Flags = Win32kFilterFlags;
filter.FilterLevel = Win32kFilterLevel;
attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeWin32kFilter, resources.AddResource(filter.ToBuffer()));
}
if ((CreationFlags & CreateProcessFlags.ProtectedProcess) != 0)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeProtectionLevel, (int)ProtectionLevel);
}
if (InheritHandleList.Count > 0)
{
int total_size = IntPtr.Size * InheritHandleList.Count;
var handle_list = resources.AddResource(new SafeHGlobalBuffer(total_size));
handle_list.WriteArray(0, InheritHandleList.ToArray(), 0, InheritHandleList.Count);
attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeHandleList, handle_list);
}
if (AppContainerSid != null)
{
SECURITY_CAPABILITIES caps = new SECURITY_CAPABILITIES();
caps.AppContainerSid = resources.AddResource(AppContainerSid.ToSafeBuffer()).DangerousGetHandle();
if (Capabilities.Count > 0)
{
SidAndAttributes[] cap_sids = new SidAndAttributes[Capabilities.Count];
for (int i = 0; i < Capabilities.Count; ++i)
{
cap_sids[i] = new SidAndAttributes()
{
Sid = resources.AddResource(Capabilities[i].ToSafeBuffer()).DangerousGetHandle(),
Attributes = GroupAttributes.Enabled
};
}
SafeHGlobalBuffer cap_buffer = resources.AddResource(new SafeHGlobalBuffer(Marshal.SizeOf(typeof(SidAndAttributes)) * Capabilities.Count));
cap_buffer.WriteArray(0, cap_sids, 0, cap_sids.Length);
caps.Capabilities = cap_buffer.DangerousGetHandle();
caps.CapabilityCount = cap_sids.Length;
}
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeSecurityCapabilities, caps);
}
if (LowPrivilegeAppContainer)
{
attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeAllApplicationPackagesPolicy, 1);
}
return(attr_list);
}
