static void Main(string[] args)
{
bool show_help = false;
int pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet()
{
{ "r", "Recursive tree directory listing",
v => _recursive = v != null },
{ "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null },
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) },
{ "w", "Show only write permissions granted", v => _show_write_only = v != null },
{ "f=", String.Format("Filter on a file right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileAccessRights)))), v => _file_filter |= ParseRight(v, typeof(FileAccessRights)) },
{ "d=", String.Format("Filter on a directory right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileDirectoryAccessRights)))), v => _dir_filter |= ParseRight(v, typeof(FileDirectoryAccessRights)) },
{ "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v) },
{ "q", "Don't print errors", v => _quiet = v != null },
{ "onlydirs", "Only check the permissions of directories", v => _only_dirs = v != null },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
List <string> paths = opts.Parse(args);
if (show_help || (paths.Count == 0))
{
ShowHelp(opts);
}
else
{
_type = NtType.GetTypeByName("file");
_token = NtToken.OpenProcessToken(pid);
foreach (string path in paths)
{
if ((File.GetAttributes(path) & System.IO.FileAttributes.Directory) == System.IO.FileAttributes.Directory)
{
DumpDirectory(new DirectoryInfo(path));
}
else
{
DumpFile(new FileInfo(path));
}
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
public static void EditSecurity(IntPtr hwnd, NtObject handle, string object_name, string typeName, bool writeable)
{
NtType typeInfo = NtType.GetTypeByName(typeName);
Dictionary <uint, String> access = GetMaskDictionary(TypeNameToEnum(typeName));
using (SecurityInformationImpl impl = new SecurityInformationImpl(object_name, handle, access,
typeInfo.GenericMapping))
{
EditSecurity(hwnd, impl);
}
}
private AccessMask MapGeneric(string typename, AccessMask access_mask)
{
if (!MapGenericRights)
{
return(access_mask);
}
NtType type = NtType.GetTypeByName(typename, false);
System.Diagnostics.Debug.Assert(type != null);
return(type.MapGenericRights(access_mask));
}
static void Main(string[] args)
{
bool show_help = false;
int pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet()
{
{ "r", "Recursive tree directory listing",
v => _recursive = v != null },
{ "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null },
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) },
{ "w", "Show only write permissions granted", v => _show_write_only = v != null },
{ "k=", String.Format("Filter on a specific right [{0}]",
String.Join(",", Enum.GetNames(typeof(KeyAccessRights)))), v => _key_rights |= ParseRight(v, typeof(KeyAccessRights)) },
{ "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v.ToLower()) },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
List <string> paths = opts.Parse(args);
if (show_help || (paths.Count == 0))
{
ShowHelp(opts);
}
else
{
_type = NtType.GetTypeByName("key");
_token = NtToken.OpenProcessToken(pid);
foreach (string path in paths)
{
try
{
using (NtKey key = OpenKey(path))
{
DumpKey(key);
}
}
catch (NtException ex)
{
Console.WriteLine("Error opening key: {0} - {1}", path, ex.Message);
}
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
static void Main(string[] args)
{
bool show_help = false;
int pid = Process.GetCurrentProcess().Id;
int recursive_depth = 1;
bool no_files = false;
try
{
OptionSet opts = new OptionSet()
{
{ "r", "Recursive tree directory listing",
v => recursive_depth = v != null ? int.MaxValue : 1 },
{ "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null },
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) },
{ "w", "Show only write permissions granted", v => _show_write_only = v != null },
{ "f=", String.Format("Filter on a file right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileAccessRights)))), v => _file_filter |= ParseRight(v, typeof(FileAccessRights)) },
{ "d=", String.Format("Filter on a directory right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileDirectoryAccessRights)))), v => _dir_filter |= ParseRight(v, typeof(FileDirectoryAccessRights)) },
{ "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(ConvertPath(v)) },
{ "q", "Don't print errors", v => _quiet = v != null },
{ "nofiles", "Don't show permission of files.", v => no_files = v != null },
{ "depth", "Specify a recursive depth", v => recursive_depth = int.Parse(v) },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
List <string> paths = opts.Parse(args).Select(p => ConvertPath(p)).ToList();
if (show_help || (paths.Count == 0))
{
ShowHelp(opts);
}
else
{
_type = NtType.GetTypeByName("file");
_token = NtToken.OpenProcessToken(pid);
foreach (string path in paths)
{
DumpFile(path, null, recursive_depth, no_files);
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
/// <summary>
/// Overridden ProcessRecord method.
/// </summary>
protected override void ProcessRecord()
{
if (!string.IsNullOrWhiteSpace(TypeName))
{
NtType type_info = NtType.GetTypeByName(TypeName, false, !CurrentStatus);
if (type_info != null)
{
WriteObject(type_info);
}
else
{
throw new ArgumentException($"Invalid Type Name {TypeName}");
}
}
else
{
WriteObject(NtType.GetTypes(!CurrentStatus), true);
}
}
static void DumpDirectory(ObjectDirectory dir)
{
if (_walked.Contains(dir.FullPath.ToLower()))
{
return;
}
_walked.Add(dir.FullPath.ToLower());
try
{
CheckAccess(dir.FullPath, dir.SecurityDescriptor, NtType.GetTypeByName("Directory"));
if (_recursive)
{
foreach (ObjectDirectoryEntry entry in dir.Entries)
{
try
{
if (entry.IsDirectory)
{
using (ObjectDirectory newdir = ObjectNamespace.OpenDirectory(dir, entry.ObjectName))
{
DumpDirectory(newdir);
}
}
else
{
CheckAccess(entry.FullPath, entry.SecurityDescriptor, NtType.GetTypeByName(entry.TypeName));
}
}
catch (Exception ex)
{
Console.Error.WriteLine("Error opening {0} {1}", entry.FullPath, ex.Message);
}
}
}
}
catch (Exception ex)
{
Console.Error.WriteLine("Error dumping directory {0} {1}", dir.FullPath, ex.Message);
}
}
/// <summary>
/// Overridden ProcessRecord method.
/// </summary>
protected override void ProcessRecord()
{
if (!string.IsNullOrWhiteSpace(TypeName))
{
NtType type_info = NtType.GetTypeByName(TypeName, false);
if (type_info != null)
{
WriteObject(type_info);
}
else
{
throw new ArgumentException(String.Format("Invalid Type Name {0}", TypeName));
}
}
else
{
WriteObject(NtType.GetTypes(), true);
}
}
/// <summary>
/// Overridden ProcessRecord
/// </summary>
protected override void ProcessRecord()
{
AccessMask mask = AccessMask;
mask |= MapGeneric("File", File);
mask |= MapGeneric("File", FileDirectory);
mask |= MapGeneric("IoCompletion", IoCompletion);
mask |= MapGeneric("Mutant", Mutant);
mask |= MapGeneric("Semaphore", Semaphore);
mask |= MapGeneric("RegistryTransaction", RegistryTransaction);
mask |= MapGeneric("ALPC Port", AlpcPort);
mask |= MapGeneric("Section", Section);
mask |= MapGeneric("Key", Key);
mask |= MapGeneric("Event", Event);
mask |= MapGeneric("SymbolicLink", SymbolicLink);
mask |= MapGeneric("Token", Token);
mask |= Generic;
mask |= MapGeneric("Directory", Directory);
mask |= MapGeneric("Thread", Thread);
mask |= MapGeneric("DebugObject", DebugObject);
mask |= MapGeneric("Job", Job);
mask |= MapGeneric("Process", Process);
if (ToGenericAccess)
{
WriteObject(mask.ToGenericAccess());
}
else if (String.IsNullOrEmpty(ToSpecificAccess))
{
WriteObject(mask);
}
else
{
NtType type = NtType.GetTypeByName(ToSpecificAccess, false);
if (type == null)
{
throw new ArgumentException(String.Format("'{0}' is not a valid NT type name", ToSpecificAccess));
}
WriteObject(mask.ToSpecificAccess(type.AccessRightsType));
}
}
static void Main(string[] args)
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
try
{
if (args.Length == 0)
{
MessageBox.Show("Usage: ViewSecurityDescriptor.exe (handle [--readonly]|Name SDDL NtType)", "Usage", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
if (args.Length < 3)
{
var handle = new SafeKernelObjectHandle(new IntPtr(int.Parse(args[0])), true);
bool read_only = args.Length > 1 ? args[1].Equals("--readonly") : false;
using (var obj = NtGeneric.FromHandle(handle))
{
Application.Run(new SecurityDescriptorViewerForm(obj, read_only));
}
}
else
{
SecurityDescriptor sd = new SecurityDescriptor(args[1]);
NtType type = NtType.GetTypeByName(args[2], false);
if (type == null)
{
throw new ArgumentException($"Unknown NT type {args[2]}");
}
Application.Run(new SecurityDescriptorViewerForm(args[0], sd, type));
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
private static NtType GetTypeObject(SpecificAccessType type)
{
switch (type)
{
case SpecificAccessType.Transaction:
return(NtType.GetTypeByType <NtTransaction>());
case SpecificAccessType.TransactionManager:
return(NtType.GetTypeByType <NtTransactionManager>());
case SpecificAccessType.ResourceManager:
return(NtType.GetTypeByType <NtResourceManager>());
case SpecificAccessType.Enlistment:
return(NtType.GetTypeByType <NtEnlistment>());
case SpecificAccessType.ALPCPort:
return(NtType.GetTypeByType <NtAlpc>());
}
return(NtType.GetTypeByName(type.ToString(), false));
}
/// <summary>
/// Get the security descriptor for a resource.
/// </summary>
/// <param name="handle">The handle to the resource.</param>
/// <param name="type">The type of the resource.</param>
/// <param name="security_information">The security information to get.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The security descriptor.</returns>
public static NtResult <SecurityDescriptor> GetSecurityInfo(
SafeHandle handle,
SeObjectType type,
SecurityInformation security_information,
bool throw_on_error)
{
using (var result = SecurityNativeMethods.GetSecurityInfo(handle, type,
security_information, null,
null, null, null, out SafeLocalAllocBuffer sd).MapDosErrorToStatus().CreateResult(throw_on_error, () => sd)) {
if (!result.IsSuccess)
{
return(result.Cast <SecurityDescriptor>());
}
NtType sd_type = null;
if (handle is SafeKernelObjectHandle kernel_handle)
{
sd_type = NtType.GetTypeByName(kernel_handle.NtTypeName, false);
}
return(SecurityDescriptor.Parse(result.Result, sd_type ?? GetNativeType(type), throw_on_error));
}
}
/// <summary>
/// Overridden ProcessRecord method.
/// </summary>
protected override void ProcessRecord()
{
if (TypeName != null && TypeName.Length > 0)
{
foreach (var name in TypeName)
{
NtType type_info = NtType.GetTypeByName(name, false, !CurrentStatus);
if (type_info != null)
{
WriteObject(type_info);
}
else
{
WriteError(new ErrorRecord(new ArgumentException($"Invalid Type Name {name}"),
"Invalid.Type", ErrorCategory.InvalidArgument, name));
}
}
}
else
{
WriteObject(NtType.GetTypes(!CurrentStatus), true);
}
}
static void Main(string[] args)
{
try
{
if (args.Length == 0)
{
MessageBox.Show("Usage: ViewSecurityDescriptor.exe (handle [--readonly]|Name SDDL NtType)", "Usage", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
if (args.Length < 3)
{
var handle = new SafeKernelObjectHandle(new IntPtr(int.Parse(args[0])), true);
bool read_only = args.Length > 1 ? args[1].Equals("--readonly") : false;
using (var obj = NtGeneric.FromHandle(handle))
{
SecurityUtils.EditSecurity(IntPtr.Zero, obj, obj.Name, read_only);
}
}
else
{
SecurityDescriptor sd = new SecurityDescriptor(args[1]);
NtType type = NtType.GetTypeByName(args[2], false);
if (type == null)
{
throw new ArgumentException(string.Format("Unknown NT type {0}", args[2]));
}
SecurityUtils.EditSecurity(IntPtr.Zero, args[0], sd, type);
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
/// <summary>
/// Get the appropriate NT type for the printer path.
/// </summary>
/// <param name="path">The printer path, e.g. \\server\printer.</param>
/// <returns>The NT type.</returns>
public static NtType GetTypeForPath(string path)
{
return(NtType.GetTypeByName(IsPrintServer(path) ? PRINT_SERVER_NT_TYPE_NAME : PRINTER_NT_TYPE_NAME));
}
internal NtResult <SecurityDescriptor> GetSecurityDescriptor(
string type_name, SecurityInformation security_information, bool throw_on_error)
{
security_information &= DEFAULT_SECURITY_INFORMATION;
if (IsInvalid || IsClosed)
{
return(NtStatus.STATUS_INVALID_HANDLE.CreateResultFromError <SecurityDescriptor>(throw_on_error));
}
byte[] sd = new byte[8192];
return(Win32NativeMethods.QueryServiceObjectSecurity(this, security_information,
sd, sd.Length, out _).CreateWin32Result(throw_on_error,
() => new SecurityDescriptor(sd, NtType.GetTypeByName(type_name))));
}
private void showServiceSecurityToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewServices.SelectedItems.Count > 0)
{
if (listViewServices.SelectedItems[0].Tag is ServiceTokenEntry service)
{
if (service.Service.SecurityDescriptor != null)
{
var viewer = new SecurityDescriptorViewerForm(service.Service.Name,
service.Service.SecurityDescriptor, NtType.GetTypeByName(ServiceUtils.SERVICE_NT_TYPE_NAME, false), false);
viewer.ShowDialog(this);
}
}
}
}