internal WnfServiceTriggerInformation(SERVICE_TRIGGER trigger)
: base(trigger)
{
var data = CustomData.FirstOrDefault();
if (data?.RawData?.Length != 8)
{
return;
}
Name = NtWnf.Open(BitConverter.ToUInt64(data.RawData, 0), true, false).GetResultOrDefault();
}
internal WnfAccessCheckResult(NtWnf wnf,
AccessMask granted_access,
SecurityDescriptor sd, TokenInformation token_info)
: base(wnf.Name,
"Wnf", granted_access,
NtWnf.GenericMapping, sd,
typeof(WnfAccessRights), false, token_info)
{
StateName = wnf.StateName;
Lifetime = wnf.Lifetime;
SubscribersPresent = wnf.SubscribersPresent;
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
GenericMapping generic_mapping = NtWnf.GenericMapping;
AccessMask access_rights = generic_mapping.MapMask(Access);
var entries = NtWnf.GetRegisteredNotifications();
foreach (var entry in entries)
{
var sd = entry.SecurityDescriptor;
if (sd == null)
{
WriteWarning($"Couldn't query security for WNF Provider {entry.StateName:X016}.");
continue;
}
if (sd.Owner == null)
{
sd.Owner = new SecurityDescriptorSid(new Sid("SY"), false);
}
if (sd.Group == null)
{
sd.Group = new SecurityDescriptorSid(new Sid("SY"), false);
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, generic_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new WnfAccessCheckResult(entry, granted_access, sd, token.Information));
}
}
}
}
