private void btnImpersonate_Click(object sender, EventArgs e)
{
TokenImpersonationLevel implevel = TokenImpersonationLevel.Impersonation;
try
{
if (_token.GetTokenType() == TokenType.Impersonation)
{
implevel = _token.GetImpersonationLevel();
}
using (UserToken token = _token.DuplicateToken(TokenType.Impersonation, implevel, (TokenLibrary.TokenIntegrityLevel)comboBoxILForDup.SelectedItem))
{
NativeHandle imptoken = null;
using (ImpersonateProcess imp = token.Impersonate())
{
imptoken = NativeBridge.OpenThreadToken();
}
if (imptoken != null)
{
OpenForm(new UserToken(imptoken), false);
}
else
{
MessageBox.Show(this, "Couldn't open thread token", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
static void ConnectTest(int pid, IPEndPoint ep)
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(pid, TokenSecurityLevel.Impersonate))
{
TcpClient client = new TcpClient();
client.Connect(ep);
client.Close();
Console.WriteLine("** Opened Connection **");
}
}
static void ListenTest(int pid, IPEndPoint ep)
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(pid, TokenSecurityLevel.Impersonate))
{
TcpListener listener = new TcpListener(ep);
listener.Start();
Console.WriteLine("Make a connection to {0}", ep);
listener.AcceptTcpClient();
Console.WriteLine("** Accepted Connection **");
}
}
private void btnCreate_Click(object sender, EventArgs e)
{
try
{
using (UserToken token = _token.DuplicateToken(TokenType.Impersonation,
TokenLibrary.TokenImpersonationLevel.Impersonation))
{
using (ImpersonateProcess imp = token.Impersonate())
{
File.WriteAllText(txtFilePath.Text, txtFileContents.Text);
}
MessageBox.Show(this, "Success", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
catch (Exception ex)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
static bool CheckDevice(string name, bool writable)
{
bool success = false;
try
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
uint access_mask = (uint)GenericAccessRights.GenericRead;
if (writable)
{
access_mask |= (uint)GenericAccessRights.GenericWrite;
}
FileOpenOptions opts = _open_as_dir ? FileOpenOptions.DIRECTORY_FILE : FileOpenOptions.NON_DIRECTORY_FILE;
using (NativeHandle handle = NativeBridge.CreateFileNative(name,
access_mask, 0, FileShareMode.All, FileCreateDisposition.Open,
opts))
{
success = true;
}
}
}
catch (Win32Exception ex)
{
// Ignore access denied and invalid function (indicates there's no IRP_MJ_CREATE handler)
if (_show_errors && (ex.NativeErrorCode != 5) && (ex.NativeErrorCode != 1))
{
Console.Error.WriteLine("Error checking {0} - {1}", name, ex.Message);
}
}
return(success);
}
static void Main(string[] args)
{
bool show_help = false;
_pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet()
{
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => _pid = int.Parse(v.Trim()) },
{ "n", "Specifes the list of arguments represents names instead of pids", v => _named_process = v != null },
{ "i", "Use an indentify level token when impersonating", v => _identify_only = v != null },
{ "t", "Dump accessible threads for process", v => _dump_threads = v != null },
{ "k", "Dump tokens for accessible objects", v => _dump_token = v != null },
{ "sddl", "Dump SDDL strings for objects", v => _print_sddl = v != null },
{ "h|help", "show this message and exit",
v => show_help = v != null },
};
List <string> pids = opts.Parse(args).Select(s => s.ToLower()).ToList();
if (show_help)
{
ShowHelp(opts);
}
else
{
IEnumerable <ProcessEntry> processes = new ProcessEntry[0];
if (pids.Count > 0 && !_named_process)
{
List <ProcessEntry> procs = new List <ProcessEntry>();
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
foreach (string pid_name in pids)
{
try
{
procs.Add(new ProcessEntry(NativeBridge.OpenProcess(int.Parse(pid_name))));
}
catch (Win32Exception ex)
{
Console.WriteLine("Error opening pid {0} - {1}", pid_name, ex.Message);
}
}
}
processes = procs;
}
else
{
try
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
processes = NativeBridge.GetProcesses().Select(h => new ProcessEntry(h));
}
if (_named_process && pids.Count > 0)
{
processes = processes.Where(p => pids.Contains(p.Name.ToLower()));
}
}
catch (Win32Exception ex)
{
Console.WriteLine(ex);
}
}
List <ProcessEntry> ps = processes.ToList();
ps.Sort((a, b) => a.Pid - b.Pid);
processes = ps;
foreach (ProcessEntry process in processes)
{
Console.WriteLine("{0}: {1} {2}", process.Pid, process.Name, process.GetGrantedAccess());
if (_print_sddl && process.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("SDDL: {0}", process.StringSecurityDescriptor);
}
if (_dump_token && process.Token != null)
{
Console.WriteLine("User: {0}", process.Token.UserName);
if (_print_sddl && process.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("Token SDDL: {0}", process.Token.StringSecurityDescriptor);
}
}
if (_dump_threads)
{
foreach (ThreadEntry thread in process.Threads)
{
Console.WriteLine("-- Thread {0}: {1}", thread.Tid, thread.GetGrantedAccess());
if (_print_sddl && thread.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- SDDL: {0}", thread.StringSecurityDescriptor);
}
if (_dump_token && thread.Token != null)
{
Console.WriteLine("---- Impersonating {0}", thread.Token.UserName);
if (_print_sddl && thread.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- Token SDDL: {0}", thread.Token.StringSecurityDescriptor);
}
}
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
