public void SetFileInformation(NtHandle handle, SetInformation information) { int maxOutputLength = 4096; Transaction2SetFileInformationRequest subcommand = new Transaction2SetFileInformationRequest { FID = ((Smb1Handle)handle).FID, }; subcommand.SetInformation(information); Transaction2Request request = new Transaction2Request { Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData(m_client.Unicode) }; request.TotalDataCount = (ushort)request.TransData.Length; request.TotalParameterCount = (ushort)request.TransParameters.Length; request.MaxParameterCount = Transaction2SetFileInformationResponse.ParametersLength; request.MaxDataCount = (ushort)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION2); reply.IsSuccessElseThrow(); }
public void FsCtlPipeTranscieve(NtHandle handle, byte[] input, out byte[]?output, int maxOutputLength) { TransactionTransactNamedPipeRequest subcommand = new TransactionTransactNamedPipeRequest { FID = ((Smb1Handle)handle).FID, WriteData = input }; TransactionRequest request = new TransactionRequest { Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(), TransData = subcommand.GetData(m_client.Unicode) }; request.TotalDataCount = (ushort)request.TransData.Length; request.TotalParameterCount = (ushort)request.TransParameters.Length; request.MaxParameterCount = TransactionTransactNamedPipeResponse.ParametersLength; request.MaxDataCount = (ushort)maxOutputLength; request.Name = @"\PIPE\"; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION); if (reply.Header.Status != NTStatus.STATUS_SUCCESS || !(reply.Commands[0] is TransactionResponse transactionResponse)) { throw new NtStatusException(reply.Header.Status); } TransactionTransactNamedPipeResponse subcommandResponse = new TransactionTransactNamedPipeResponse(transactionResponse.TransData); output = subcommandResponse.ReadData; }
public void GetSecurityInformation(out SecurityDescriptor?result, NtHandle handle, SecurityInformation securityInformation) { result = null; int maxOutputLength = 4096; NTTransactQuerySecurityDescriptorRequest subcommand = new NTTransactQuerySecurityDescriptorRequest { FID = ((Smb1Handle)handle).FID, SecurityInfoFields = securityInformation }; NTTransactRequest request = new NTTransactRequest { Function = subcommand.SubcommandName, Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData() }; request.TotalDataCount = (uint)request.TransData.Length; request.TotalParameterCount = (uint)request.TransParameters.Length; request.MaxParameterCount = NTTransactQuerySecurityDescriptorResponse.ParametersLength; request.MaxDataCount = (uint)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_NT_TRANSACT); if (reply.Header.Status != NTStatus.STATUS_SUCCESS || !(reply.Commands[0] is NTTransactResponse ntTransactResponse)) { throw new NtStatusException(reply.Header.Status); } NTTransactQuerySecurityDescriptorResponse subcommandResponse = new NTTransactQuerySecurityDescriptorResponse(ntTransactResponse.TransParameters, ntTransactResponse.TransData); result = subcommandResponse.SecurityDescriptor; }
public void QueryDirectory(out List <QueryDirectoryFileInformation> result, NtHandle handle, string fileName, FileInformationClass informationClass) { result = new List <QueryDirectoryFileInformation>(); QueryDirectoryRequest request = new QueryDirectoryRequest { Header = { CreditCharge = (ushort)Math.Ceiling((double)m_client.MaxTransactSize / BytesPerCredit) }, FileInformationClass = informationClass, Reopen = true, FileId = (FileID)handle, OutputBufferLength = m_client.MaxTransactSize, FileName = fileName }; SendCommand(request); SMB2Command?response = WaitForCommand(request.MessageID); response.IsSuccessElseThrow(); while (response is QueryDirectoryResponse queryDirectoryResponse) { List <QueryDirectoryFileInformation> page = queryDirectoryResponse.GetFileInformationList(informationClass); result.AddRange(page); request.Reopen = false; SendCommand(request); response = WaitForCommand(request.MessageID); if (response.Header.Status == NTStatus.STATUS_NO_MORE_FILES) { break; } response.IsSuccessElseThrow(); } }
public void CreateFile(out NtHandle handle, out FileStatus fileStatus, string path, AccessMask desiredAccess, FileAttributes fileAttributes, ShareAccess shareAccess, CreateDisposition createDisposition, CreateOptions createOptions, SecurityContext?securityContext) { fileStatus = FileStatus.FILE_DOES_NOT_EXIST; CreateRequest request = new CreateRequest { Name = path, DesiredAccess = desiredAccess, FileAttributes = fileAttributes, ShareAccess = shareAccess, CreateDisposition = createDisposition, CreateOptions = createOptions, ImpersonationLevel = ImpersonationLevel.Impersonation }; SendCommand(request); CreateResponse createResponse = (CreateResponse)WaitForCommand(request.MessageID); createResponse.IsSuccessElseThrow(); handle = createResponse.FileId; fileStatus = ToFileStatus(createResponse.CreateAction); }
private static string FormatText(NtHandle ent) { string size = String.Empty; try { using (NtSection section = NtSection.DuplicateFrom(ent.ProcessId, new IntPtr(ent.Handle), SectionAccessRights.Query)) { size = section.Size.ToString(); } } catch (NtException) { size = "Unknown"; } StringBuilder builder = new StringBuilder(); NtType section_type = NtType.GetTypeByName("section"); if (section_type.HasReadPermission(ent.GrantedAccess)) { builder.Append("R"); } if (section_type.HasWritePermission(ent.GrantedAccess)) { builder.Append("W"); } return(String.Format("[{0}/0x{0:X}] {1} Size: {2} Access: {3}", ent.Handle, ent.Name, size, builder.ToString())); }
private void openTokenToolStripMenuItem_Click(object sender, EventArgs e) { TreeNode selectedNode = treeViewProcesses.SelectedNode; if (selectedNode != null) { NtProcess process = selectedNode.Tag as NtProcess; NtHandle handle = selectedNode.Tag as NtHandle; if (process != null) { NtToken token = GetToken(process); if (token != null) { TokenForm.OpenForm(token, true); } } else if (handle != null) { try { TokenForm.OpenForm(NtToken.DuplicateFrom(handle.ProcessId, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource), false); } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } }
private object GetHandle(NtHandle handle) { using (var proc = NtProcess.Open(handle.ProcessId, ProcessAccessRights.DupHandle)) { return(NtObject.DuplicateHandle(proc, new IntPtr(handle.Handle), DestinationProcess, GetDesiredAccess(), ObjectAttributes ?? 0, GetOptions())); } }
private object GetObject(NtHandle handle) { using (var proc = NtProcess.Open(handle.ProcessId, ProcessAccessRights.DupHandle)) { using (var dup_obj = NtGeneric.DuplicateFrom(proc, new IntPtr(handle.Handle), GetDesiredAccess(), ObjectAttributes ?? 0, GetOptions())) { return(dup_obj.ToTypedObject()); } } }
public void CloseFile(NtHandle handle) { CloseRequest request = new CloseRequest { FID = ((Smb1Handle)handle).FID }; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_CLOSE); reply.IsSuccessElseThrow(); }
internal HandleAccessCheckResult(MaximumAccess maximum_access, NtHandle handle, string name, string type_name, AccessMask granted_access, GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info) : base(name, type_name, granted_access, generic_mapping, sddl, enum_type, is_directory, token_info) { if (maximum_access != null) { MaximumAccess = maximum_access.Access; DifferentAccess = (granted_access & MaximumAccess) != granted_access; } ProcessId = handle.ProcessId; Handle = handle.Handle; Object = handle.Object; }
public void GetFileInformation(out FileInformation result, NtHandle handle, FileInformationClass informationClass) { if (m_client.InfoLevelPassthrough) { int maxOutputLength = 4096; Transaction2QueryFileInformationRequest subcommand = new Transaction2QueryFileInformationRequest { FID = ((Smb1Handle)handle).FID, FileInformationClass = informationClass }; Transaction2Request request = new Transaction2Request { Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData(m_client.Unicode) }; request.TotalDataCount = (ushort)request.TransData.Length; request.TotalParameterCount = (ushort)request.TransParameters.Length; request.MaxParameterCount = Transaction2QueryFileInformationResponse.ParametersLength; request.MaxDataCount = (ushort)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION2); reply.IsSuccessElseThrow(); if (!(reply.Commands[0] is Transaction2Response transaction2Response)) { throw new NtStatusException(reply.Header.Status); } Transaction2QueryFileInformationResponse subcommandResponse = new Transaction2QueryFileInformationResponse(transaction2Response.TransParameters, transaction2Response.TransData); if (informationClass == FileInformationClass.FileAllInformation) { // Windows implementations return SMB_QUERY_FILE_ALL_INFO when a client specifies native NT passthrough level "FileAllInformation". QueryInformation queryFileAllInfo = subcommandResponse.GetQueryInformation(QueryInformationLevel.SMB_QUERY_FILE_ALL_INFO); result = QueryInformationHelper.ToFileInformation(queryFileAllInfo); } else { result = subcommandResponse.GetFileInformation(informationClass); } reply.IsSuccessElseThrow(); return; } QueryInformationLevel informationLevel = QueryInformationHelper.ToFileInformationLevel(informationClass); GetFileInformation(out QueryInformation? queryInformation, handle, informationLevel); result = QueryInformationHelper.ToFileInformation(queryInformation); }
public void CloseFile(NtHandle handle) { CloseRequest request = new CloseRequest { FileId = (FileID)handle }; SendCommand(request); SMB2Command?response = WaitForCommand(request.MessageID); if (response.Header.Status != NTStatus.STATUS_FILE_CLOSED) { response?.IsSuccessElseThrow(); } }
public void WriteFile(out int numberOfBytesWritten, NtHandle handle, long offset, byte[] data) { WriteRequest request = new WriteRequest { Header = { CreditCharge = (ushort)Math.Ceiling((double)data.Length / BytesPerCredit) }, FileId = (FileID)handle, Offset = (ulong)offset, Data = data }; SendCommand(request); WriteResponse writeResponse = (WriteResponse)WaitForCommand(request.MessageID); writeResponse.IsSuccessElseThrow(); numberOfBytesWritten = (int)writeResponse.Count; }
public void GetFileSystemInformation(out FileSystemInformation result, NtHandle handle, FileSystemInformationClass informationClass) { QueryInfoRequest request = new QueryInfoRequest { InfoType = InfoType.FileSystem, FileSystemInformationClass = informationClass, OutputBufferLength = 4096, FileId = (FileID)handle }; SendCommand(request); QueryInfoResponse queryInfoResponse = (QueryInfoResponse)WaitForCommand(request.MessageID); queryInfoResponse.IsSuccessElseThrow(); result = queryInfoResponse.GetFileSystemInformation(informationClass); }
public void ReadFile(out byte[] data, NtHandle handle, long offset, int maxCount) { ReadRequest request = new ReadRequest { Header = { CreditCharge = (ushort)Math.Ceiling((double)maxCount / BytesPerCredit) }, FileId = (FileID)handle, Offset = (ulong)offset, ReadLength = (uint)maxCount }; SendCommand(request); ReadResponse readResponse = (ReadResponse)WaitForCommand(request.MessageID); readResponse.IsSuccessElseThrow(); data = readResponse.Data; }
public void SetFileInformation(NtHandle handle, FileInformation information) { SetInfoRequest request = new SetInfoRequest { InfoType = InfoType.File, FileInformationClass = information.FileInformationClass, FileId = (FileID)handle }; request.SetFileInformation(information); SendCommand(request); SMB2Command response = WaitForCommand(request.MessageID); response.IsSuccessElseThrow(); }
private RpcAlpcServer(NtHandle handle, List <RpcEndpoint> endpoints) { ProcessId = handle.ProcessId; using (var proc = NtProcess.Open(handle.ProcessId, ProcessAccessRights.QueryLimitedInformation, false)) { if (proc.IsSuccess) { ProcessName = proc.Result.Name; } else { ProcessName = string.Empty; } } Name = handle.Name; SecurityDescriptor = handle.SecurityDescriptor; Endpoints = endpoints.AsReadOnly(); EndpointCount = endpoints.Count; }
public void SetFileInformation(NtHandle handle, FileInformation information) { if (!m_client.InfoLevelPassthrough) { throw new NotSupportedException("Server does not support InfoLevelPassthrough"); } if (information is FileRenameInformationType2 fileRenameInformationType2) { FileRenameInformationType1 informationType1 = new FileRenameInformationType1 { FileName = fileRenameInformationType2.FileName, ReplaceIfExists = fileRenameInformationType2.ReplaceIfExists, RootDirectory = (uint)fileRenameInformationType2.RootDirectory }; information = informationType1; } int maxOutputLength = 4096; Transaction2SetFileInformationRequest subcommand = new Transaction2SetFileInformationRequest { FID = ((Smb1Handle)handle).FID, }; subcommand.SetInformation(information); Transaction2Request request = new Transaction2Request { Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData(m_client.Unicode) }; request.TotalDataCount = (ushort)request.TransData.Length; request.TotalParameterCount = (ushort)request.TransParameters.Length; request.MaxParameterCount = Transaction2SetFileInformationResponse.ParametersLength; request.MaxDataCount = (ushort)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION2); reply.IsSuccessElseThrow(); }
public void ReadFile(out byte[]?data, NtHandle handle, long offset, int maxCount) { data = null; ReadAndXRequest request = new ReadAndXRequest { FID = ((Smb1Handle)handle).FID, Offset = (ulong)offset, MaxCountLarge = (uint)maxCount }; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_READ_ANDX); reply.IsSuccessElseThrow(); if (reply.Commands[0] is ReadAndXResponse response) { data = response.Data; } }
public void WriteFile(out int numberOfBytesWritten, NtHandle handle, long offset, byte[] data) { numberOfBytesWritten = 0; WriteAndXRequest request = new WriteAndXRequest { FID = ((Smb1Handle)handle).FID, Offset = (ulong)offset, Data = data }; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_WRITE_ANDX); reply.IsSuccessElseThrow(); if (reply.Commands[0] is WriteAndXResponse response) { numberOfBytesWritten = (int)response.Count; } }
public void CreateFile(out NtHandle handle, out FileStatus fileStatus, string path, AccessMask desiredAccess, FileAttributes fileAttributes, ShareAccess shareAccess, CreateDisposition createDisposition, CreateOptions createOptions, SecurityContext?securityContext) { fileStatus = FileStatus.FILE_DOES_NOT_EXIST; // It is possible to have a named pipe that does not use RPC (e.g. MS-WSP), // However this is not currently needed by our implementation. RemoteService?service = GetService(path); if (service == null) { throw new NtStatusException(NTStatus.STATUS_OBJECT_PATH_NOT_FOUND); } // All instances of a named pipe share the same pipe name, but each instance has its own buffers and handles, // and provides a separate conduit for client/server communication. using RPCPipeStream stream = new RPCPipeStream(service); handle = new FileHandle(path, false, stream, false); fileStatus = FileStatus.FILE_OPENED; }
public void GetSecurityInformation(out SecurityDescriptor?result, NtHandle handle, SecurityInformation securityInformation) { result = null; QueryInfoRequest request = new QueryInfoRequest { InfoType = InfoType.Security, SecurityInformation = securityInformation, OutputBufferLength = 4096, FileId = (FileID)handle }; SendCommand(request); SMB2Command response = WaitForCommand(request.MessageID); response.IsSuccessElseThrow(); if (response is QueryInfoResponse queryInfoResponse) { result = queryInfoResponse.GetSecurityInformation(); } }
public void DeviceIOControl(NtHandle handle, uint ctlCode, byte[] input, out byte[]?output, int maxOutputLength) { if ((IoControlCode)ctlCode == IoControlCode.FSCTL_PIPE_TRANSCEIVE) { FsCtlPipeTranscieve(handle, input, out output, maxOutputLength); return; } NTTransactIOCTLRequest subcommand = new NTTransactIOCTLRequest { FID = ((Smb1Handle)handle).FID, FunctionCode = ctlCode, IsFsctl = true, Data = input }; NTTransactRequest request = new NTTransactRequest { Function = subcommand.SubcommandName, Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData() }; request.TotalDataCount = (uint)request.TransData.Length; request.TotalParameterCount = (uint)request.TransParameters.Length; request.MaxParameterCount = NTTransactIOCTLResponse.ParametersLength; request.MaxDataCount = (uint)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_NT_TRANSACT); if (reply.Header.Status != NTStatus.STATUS_SUCCESS || !(reply.Commands[0] is NTTransactResponse ntTransactResponse)) { throw new NtStatusException(reply.Header.Status); } NTTransactIOCTLResponse subcommandResponse = new NTTransactIOCTLResponse(ntTransactResponse.Setup, ntTransactResponse.TransData); output = subcommandResponse.Data; }
public void CreateFile(out NtHandle handle, out FileStatus fileStatus, string path, AccessMask desiredAccess, FileAttributes fileAttributes, ShareAccess shareAccess, CreateDisposition createDisposition, CreateOptions createOptions, SecurityContext?securityContext) { handle = null; fileStatus = FileStatus.FILE_DOES_NOT_EXIST; NTCreateAndXRequest request = new NTCreateAndXRequest { FileName = path, DesiredAccess = desiredAccess, ExtFileAttributes = ToExtendedFileAttributes(fileAttributes), ShareAccess = shareAccess, CreateDisposition = createDisposition, CreateOptions = createOptions, ImpersonationLevel = ImpersonationLevel.Impersonation }; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_NT_CREATE_ANDX); switch (reply.Commands[0]) { case NTCreateAndXResponse response: { handle = new Smb1Handle(response.FID); fileStatus = ToFileStatus(response.CreateDisposition); reply.IsSuccessElseThrow(); break; } case ErrorResponse _: reply.IsSuccessElseThrow(); break; default: throw new NtStatusException(NTStatus.STATUS_INVALID_SMB); } }
public void DeviceIOControl(NtHandle handle, uint ctlCode, byte[] input, out byte[]?output, int maxOutputLength) { output = null; IOCtlRequest request = new IOCtlRequest { Header = { CreditCharge = (ushort)Math.Ceiling((double)maxOutputLength / BytesPerCredit) }, CtlCode = ctlCode, IsFSCtl = true, FileId = (FileID)handle, Input = input, MaxOutputResponse = (uint)maxOutputLength }; SendCommand(request); SMB2Command response = WaitForCommand(request.MessageID); response.IsSuccessOrBufferOverflowElseThrow(); if (response is IOCtlResponse ioCtlResponse) { output = ioCtlResponse.Output; } }
public void GetFileInformation(out QueryInformation result, NtHandle handle, QueryInformationLevel informationLevel) { int maxOutputLength = 4096; Transaction2QueryFileInformationRequest subcommand = new Transaction2QueryFileInformationRequest { FID = ((Smb1Handle)handle).FID, QueryInformationLevel = informationLevel }; Transaction2Request request = new Transaction2Request { Setup = subcommand.GetSetup(), TransParameters = subcommand.GetParameters(m_client.Unicode), TransData = subcommand.GetData(m_client.Unicode) }; request.TotalDataCount = (ushort)request.TransData.Length; request.TotalParameterCount = (ushort)request.TransParameters.Length; request.MaxParameterCount = Transaction2QueryFileInformationResponse.ParametersLength; request.MaxDataCount = (ushort)maxOutputLength; TrySendMessage(request); SMB1Message reply = m_client.WaitForMessage(CommandName.SMB_COM_TRANSACTION2); reply.IsSuccessElseThrow(); if (!(reply.Commands[0] is Transaction2Response)) { throw new NtStatusException(reply.Header.Status); } Transaction2Response response = (Transaction2Response)reply.Commands[0]; Transaction2QueryFileInformationResponse subcommandResponse = new Transaction2QueryFileInformationResponse(response.TransParameters, response.TransData); result = subcommandResponse.GetQueryInformation(informationLevel); reply.IsSuccessElseThrow(); }
public void NotifyChange(out object ioRequest, NtHandle handle, NotifyChangeFilter completionFilter, bool watchTree, int outputBufferSize, OnNotifyChangeCompleted onNotifyChangeCompleted, object context) { throw new NotImplementedException(); }
public void SetSecurityInformation(NtHandle handle, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor) { throw new NtStatusException(NTStatus.STATUS_NOT_SUPPORTED); }
public void UnlockFile(NtHandle handle, long byteOffset, long length) { throw new NotImplementedException(); }