internal static SecurityIdentifier GetUserSidForPid(int pid)
{
SafeCloseHandle process = OpenProcessForQuery(pid);
try
{
SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY);
try
{
int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser);
byte[] tokenInformation = new byte[length];
fixed(byte *pTokenInformation = tokenInformation)
{
GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_USER * ptg = (ListenerUnsafeNativeMethods.TOKEN_USER *)pTokenInformation;
ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sids = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *)(&(ptg->User));
return(new SecurityIdentifier(sids->Sid));
}
}
finally
{
token.Close();
}
}
finally
{
process.Close();
}
}
internal static void AddRightGrantedToAccounts(List <SecurityIdentifier> accounts, int right, bool onProcess)
{
SafeCloseHandle kernelObject = OpenCurrentProcessForWrite();
try
{
if (onProcess)
{
EditKernelObjectSecurity(kernelObject, accounts, null, right, true);
}
else
{
SafeCloseHandle processToken = GetProcessToken(kernelObject, 0x60008);
try
{
EditKernelObjectSecurity(processToken, accounts, null, right, true);
}
finally
{
processToken.Close();
}
}
}
finally
{
kernelObject.Close();
}
}
internal static void AddRightGrantedToAccounts(List <SecurityIdentifier> accounts, int right, bool onProcess)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
if (onProcess)
{
EditKernelObjectSecurity(process, accounts, null, right, true);
}
else
{
SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY | ListenerUnsafeNativeMethods.WRITE_DAC | ListenerUnsafeNativeMethods.READ_CONTROL);
try
{
EditKernelObjectSecurity(token, accounts, null, right, true);
}
finally
{
token.Close();
}
}
}
finally
{
process.Close();
}
}
internal static unsafe void KeepOnlyPrivilegeInProcess(string privilege)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
SafeCloseHandle processToken = GetProcessToken(process, 0x20028);
try
{
LUID luid;
if (!ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges)];
try
{
fixed(byte *numRef = tokenInformation)
{
GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *newState = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)numRef;
LUID_AND_ATTRIBUTES *luid_and_attributesPtr = &newState->Privileges;
int index = 0;
for (int i = 0; i < newState->PrivilegeCount; i++)
{
if (!luid_and_attributesPtr[i].Luid.Equals(luid))
{
luid_and_attributesPtr[index].Attributes = PrivilegeAttribute.SE_PRIVILEGE_DISABLED | PrivilegeAttribute.SE_PRIVILEGE_REMOVED;
luid_and_attributesPtr[index].Luid = luid_and_attributesPtr[i].Luid;
index++;
}
}
newState->PrivilegeCount = index;
bool flag = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(processToken, false, newState, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero);
int num5 = Marshal.GetLastWin32Error();
if (!flag || (num5 != 0))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num5));
}
}
}
finally
{
numRef = null;
}
}
finally
{
processToken.Close();
}
}
finally
{
process.Close();
}
}
internal static void KeepOnlyPrivilegeInProcess(string privilege)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY | ListenerUnsafeNativeMethods.TOKEN_ADJUST_PRIVILEGES | ListenerUnsafeNativeMethods.READ_CONTROL);
try
{
LUID luid;
bool success = ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid);
if (!success)
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges);
byte[] tokenInformation = new byte[length];
fixed(byte *pTokenPrivileges = tokenInformation)
{
GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges,
tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *pTP = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)pTokenPrivileges;
LUID_AND_ATTRIBUTES *pLuidAndAttributes = (LUID_AND_ATTRIBUTES *)(&(pTP->Privileges));
int privilegeCount = 0;
for (int i = 0; i < pTP->PrivilegeCount; i++)
{
if (!pLuidAndAttributes[i].Luid.Equals(luid))
{
pLuidAndAttributes[privilegeCount].Attributes = PrivilegeAttribute.SE_PRIVILEGE_REMOVED;
pLuidAndAttributes[privilegeCount].Luid = pLuidAndAttributes[i].Luid;
privilegeCount++;
}
}
pTP->PrivilegeCount = privilegeCount;
success = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(token, false, pTP, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero);
int error = Marshal.GetLastWin32Error();
if (!success || error != UnsafeNativeMethods.ERROR_SUCCESS)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
}
finally
{
token.Close();
}
}
finally
{
process.Close();
}
}
internal static void RemoveRightGrantedToAccount(SecurityIdentifier account, int right)
{
SafeCloseHandle kernelObject = OpenCurrentProcessForWrite();
try
{
EditKernelObjectSecurity(kernelObject, null, account, right, false);
}
finally
{
kernelObject.Close();
}
}
internal static void AddRightGrantedToAccount(SecurityIdentifier account, int right)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
EditKernelObjectSecurity(process, null, account, right, true);
}
finally
{
process.Close();
}
}
internal static unsafe SecurityIdentifier GetLogonSidForPid(int pid)
{
SecurityIdentifier identifier;
SafeCloseHandle process = OpenProcessForQuery(pid);
try
{
SafeCloseHandle processToken = GetProcessToken(process, 8);
try
{
byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups)];
try
{
fixed(byte *numRef = tokenInformation)
{
GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_GROUPS * token_groupsPtr = (ListenerUnsafeNativeMethods.TOKEN_GROUPS *)numRef;
ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sid_and_attributesPtr = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *) & token_groupsPtr->Groups;
for (int i = 0; i < token_groupsPtr->GroupCount; i++)
{
if ((sid_and_attributesPtr[i].Attributes & ((ListenerUnsafeNativeMethods.SidAttribute)(-1073741824))) == ((ListenerUnsafeNativeMethods.SidAttribute)(-1073741824)))
{
return(new SecurityIdentifier(sid_and_attributesPtr[i].Sid));
}
}
}
}
finally
{
numRef = null;
}
identifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
}
finally
{
processToken.Close();
}
}
finally
{
process.Close();
}
return(identifier);
}
internal static unsafe SecurityIdentifier GetUserSidForPid(int pid)
{
SecurityIdentifier identifier;
SafeCloseHandle process = OpenProcessForQuery(pid);
try
{
SafeCloseHandle processToken = GetProcessToken(process, 8);
try
{
byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser)];
try
{
fixed(byte *numRef = tokenInformation)
{
GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenUser, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_USER * token_userPtr = (ListenerUnsafeNativeMethods.TOKEN_USER *)numRef;
ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sid_and_attributesPtr = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *) & token_userPtr->User;
identifier = new SecurityIdentifier(sid_and_attributesPtr->Sid);
}
}
finally
{
numRef = null;
}
}
finally
{
processToken.Close();
}
}
finally
{
process.Close();
}
return(identifier);
}
internal static SecurityIdentifier GetLogonSidForPid(int pid)
{
SafeCloseHandle process = OpenProcessForQuery(pid);
try
{
SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY);
try
{
int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups);
byte[] tokenInformation = new byte[length];
fixed(byte *pTokenInformation = tokenInformation)
{
GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenGroups, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_GROUPS * ptg = (ListenerUnsafeNativeMethods.TOKEN_GROUPS *)pTokenInformation;
ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *sids = (ListenerUnsafeNativeMethods.SID_AND_ATTRIBUTES *)(&(ptg->Groups));
for (int i = 0; i < ptg->GroupCount; i++)
{
if ((sids[i].Attributes & ListenerUnsafeNativeMethods.SidAttribute.SE_GROUP_LOGON_ID) == ListenerUnsafeNativeMethods.SidAttribute.SE_GROUP_LOGON_ID)
{
return(new SecurityIdentifier(sids[i].Sid));
}
}
}
return(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null));
}
finally
{
token.Close();
}
}
finally
{
process.Close();
}
}
