private static IntPtr StartProcessAsUser(string szFile, string szArguments, string szDirectory, bool Inherit, IntPtr hParent)
{
Win32.STARTUPINFOEX si = new Win32.STARTUPINFOEX();
Win32.PROCESS_INFORMATION pi = new Win32.PROCESS_INFORMATION();
Win32.SECURITY_ATTRIBUTES sa = new Win32.SECURITY_ATTRIBUTES();
IntPtr processToken = IntPtr.Zero, userToken, cbAttributeListSize = IntPtr.Zero;
Win32.OpenProcessToken(new IntPtr(-1), (uint)Win32.TOKEN_ACCESS.TOKEN_ALL_ACCESS, ref processToken);
Win32.DuplicateTokenEx(processToken, (uint)Win32.TOKEN_ACCESS.TOKEN_ALL_ACCESS, out sa, Win32.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, Win32.TOKEN_TYPE.TokenPrimary, out userToken);
Win32.InitializeProcThreadAttributeList(IntPtr.Zero, 1, 0, ref cbAttributeListSize);
IntPtr pAttributeList = Win32.VirtualAlloc(IntPtr.Zero, (int)cbAttributeListSize, 0x1000, 0x40);
Win32.InitializeProcThreadAttributeList(pAttributeList, 1, 0, ref cbAttributeListSize);
Win32.UpdateProcThreadAttribute(pAttributeList, 0, (IntPtr)0x00020000, ref hParent, (IntPtr)Marshal.SizeOf(hParent), IntPtr.Zero, IntPtr.Zero);
si.lpAttributeList = pAttributeList;
si.StartupInfo = new Win32.STARTUPINFO();
Win32.CreateProcessAsUserA(userToken, szFile, szArguments, IntPtr.Zero, IntPtr.Zero, Inherit, 0x400 | 0x010 | 0x00080000, IntPtr.Zero, szDirectory, ref si, ref pi);
Win32.CloseHandle(processToken);
Win32.CloseHandle(userToken);
Win32.DeleteProcThreadAttributeList(pAttributeList);
Win32.VirtualFree(pAttributeList, 0x1000, 0x8000);
return(pi.hProcess);
}
public static IntPtr GetPrimaryToken(Process process)
{
var token = IntPtr.Zero;
var primaryToken = IntPtr.Zero;
if (OpenProcessToken(process.Handle, TOKEN_DUPLICATE, ref token))
{
var sa = new Win32.SECURITY_ATTRIBUTES();
sa.nLength = Marshal.SizeOf(sa);
if (!DuplicateTokenEx(
token,
TOKEN_ALL_ACCESS,
ref sa,
(int)Win32.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
(int)Win32.TOKEN_TYPE.TokenPrimary,
ref primaryToken))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "DuplicateTokenEx failed");
}
CloseHandle(token);
}
else
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "OpenProcessToken failed");
}
return(primaryToken);
}
private byte[] executeDispatch(IRpcClientInfo client, byte[] input)
{
using (client.Impersonate())
{
IntPtr hToken;
Win32.OpenThreadToken(Win32.GetCurrentThread(), Win32.TOKEN_READ | Win32.TOKEN_IMPERSONATE, false, out hToken);
Win32.SECURITY_ATTRIBUTES saProcessAttributes = new Win32.SECURITY_ATTRIBUTES();
Win32.SECURITY_ATTRIBUTES saThreadAttributes = new Win32.SECURITY_ATTRIBUTES();
Win32.STARTUPINFO startupInfo = new Win32.STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(startupInfo);
Win32.PROCESS_INFORMATION processInfo = new Win32.PROCESS_INFORMATION();
bool result = Win32.CreateProcessAsUser(
hToken, @"c:\windows\notepad.exe", null,
ref saProcessAttributes, ref saThreadAttributes, true, 0x01000000, IntPtr.Zero, null, ref startupInfo, out processInfo);
if (!result)
{
int error = Marshal.GetLastWin32Error();
}
return(new byte[] { 0 });
}
}
private static int SetupShareMemoryWithSercurity(int nSize)
{
bool flag = false;
System.IntPtr intPtr = System.IntPtr.Zero;
int cb = 68;
System.IntPtr arg_12_0 = System.IntPtr.Zero;
Win32.SECURITY_ATTRIBUTES sECURITY_ATTRIBUTES = default(Win32.SECURITY_ATTRIBUTES);
try
{
intPtr = System.Runtime.InteropServices.Marshal.AllocHGlobal(cb);
if (!Win32.CreateWellKnownSid(System.Security.Principal.WellKnownSidType.BuiltinAdministratorsSid, System.IntPtr.Zero, intPtr, ref cb))
{
int result = -1;
return(result);
}
if (!Win32.ConvertStringSecurityDescriptorToSecurityDescriptor("D:(A;;GA;;;RD)(A;;GA;;;S-1-5-32-544)(A;;GA;;;S-1-5-4)", 1, out sECURITY_ATTRIBUTES.lpSecurityDescriptor, System.IntPtr.Zero))
{
int result = -1;
return(result);
}
sECURITY_ATTRIBUTES.nLength = System.Runtime.InteropServices.Marshal.SizeOf(sECURITY_ATTRIBUTES);
sECURITY_ATTRIBUTES.bInheritHandle = false;
AppInterProcess._hMapFile = Win32.CreateFileMapping(4294967295u, ref sECURITY_ATTRIBUTES, 4, 0, nSize + 1024, "Global\\ecoAppMapName");
flag = ((long)System.Runtime.InteropServices.Marshal.GetLastWin32Error() == 183L);
if (AppInterProcess._hMapFile == System.IntPtr.Zero)
{
int result = -1;
return(result);
}
AppInterProcess._pMapBuf = Win32.MapViewOfFile(AppInterProcess._hMapFile, 983071, 0, 0, nSize + 128);
if (AppInterProcess._pMapBuf == System.IntPtr.Zero)
{
int result = -1;
return(result);
}
}
catch (System.Exception)
{
}
finally
{
if (intPtr != System.IntPtr.Zero)
{
System.Runtime.InteropServices.Marshal.FreeHGlobal(intPtr);
}
if (sECURITY_ATTRIBUTES.lpSecurityDescriptor != System.IntPtr.Zero)
{
Win32.LocalFree(sECURITY_ATTRIBUTES.lpSecurityDescriptor);
}
}
if (!flag)
{
return(0);
}
return(1);
}
private static void CreatePipe(out SafeFileHandle parentHandle, out SafeFileHandle childHandle, bool parentInputs)
{
/*
* private void CreatePipe(out SafeFileHandle parentHandle, out SafeFileHandle childHandle, bool parentInputs);
*
* Declaring Type: System.Diagnostics.Process
* Assembly: System, Version=4.0.0.0
*/
parentHandle = childHandle = null;
Win32.SECURITY_ATTRIBUTES lpPipeAttributes = new Win32.SECURITY_ATTRIBUTES();
lpPipeAttributes.bInheritHandle = true;
SafeFileHandle hWritePipe = null;
try
{
if (parentInputs && (!Win32.CreatePipe(out childHandle, out hWritePipe, ref lpPipeAttributes, 0) || childHandle.IsInvalid || hWritePipe.IsInvalid))
{
throw new Win32Exception();
}
else if (!parentInputs && (!Win32.CreatePipe(out hWritePipe, out childHandle, ref lpPipeAttributes, 0) || hWritePipe.IsInvalid || childHandle.IsInvalid))
{
throw new Win32Exception();
}
if (!Win32.DuplicateHandle(Process.GetCurrentProcess().Handle, hWritePipe, Process.GetCurrentProcess().Handle, out parentHandle, 0, false, 2))
{
throw new Win32Exception();
}
}
finally
{
if (hWritePipe != null && !hWritePipe.IsInvalid)
{
hWritePipe.Close();
}
}
}
public bool CreateTrinoHandleIDs()
{
HandleID1FileMap = 0;
HandleID2Event = 0;
// Not sure if we actually need this signature part or not
string stringForSignature = "dGVzdA==";
string ticketDataString = "";
if (UseCustomTicketData)
{
ticketDataString = CustomTicketData;
}
else
{
ticketDataString = "<?xml version=\"1.0\" encoding=\"UTF - 8\" standalone=\"yes\"?>";
ticketDataString += "<authTicket version = \"1.2\">";
ticketDataString += "<storeToken>1</storeToken>";
ticketDataString += "<username>" + UserName + "</username>";
ticketDataString += "<password>" + _passwordHash + "</password>";
ticketDataString += "</authTicket>";
}
//------ IntPtr CreateFileMappingHandle(string ticketString,string signatureString)
// MSDN Documentation says SECURITY_ATTRIBUTES needs to be set (not null) for child processes to be able to inherit the handle from CreateEvent
Win32.SECURITY_ATTRIBUTES sa = new Win32.SECURITY_ATTRIBUTES
{
nLength = Marshal.SizeOf(typeof(Win32.SECURITY_ATTRIBUTES)),
lpSecurityDescriptor = IntPtr.Zero,
bInheritHandle = true
};
IntPtr sa_pointer = Marshal.AllocHGlobal(sa.nLength);
Marshal.StructureToPtr(sa, sa_pointer, false);
uint maxMapSize = 4096; // TODO: 0x20000 or 0x1000
maxMapSize = (uint)ticketDataString.Length + 0xc;
var credentialFileMapHandle = Win32.CreateFileMappingW(
Win32.INVALID_HANDLE_VALUE,
sa_pointer, // IntPtr.Zero, //sa_pointer,
FileMapProtection.PageReadWrite,
0,
maxMapSize,
"archeage_auth_ticket_map");
//Marshal.FreeHGlobal(sa_pointer);
if (credentialFileMapHandle == IntPtr.Zero)
{
//Console.WriteLine("Failed to create credential file mapping");
Marshal.FreeHGlobal(sa_pointer);
return(false);
}
var fileMapViewPointer = Win32.MapViewOfFile(credentialFileMapHandle, FileMapAccess.FileMapAllAccessFull, 0, 0, maxMapSize);
if (fileMapViewPointer == IntPtr.Zero)
{
//Console.WriteLine("Failed to create credential file mapping view");
Win32.CloseHandle(credentialFileMapHandle);
Marshal.FreeHGlobal(sa_pointer);
return(false);
}
//--- EncryptFileMapData(fileMapViewHandle, ticketString, signatureString);
// TFIR is the header for this ?
var ticket = "TFIR" + stringForSignature + '\n' + ticketDataString;
var ticketBytes = Encoding.UTF8.GetBytes(ticket);
var ticketEncrypted = AAEmu.Launcher.Basic.RC4.Encrypt(encryptionKey, ticketBytes);
// Use a temporary memorystream for ease
MemoryStream ms = new MemoryStream();
var writer = new BinaryWriter(ms);
writer.Write(encryptionKey, 0, encryptionKey.Length);
Int32 ticketSize = ticketEncrypted.Length;
writer.Write((int)ticketSize);
writer.Write(ticketEncrypted);
ms.Position = 0;
var result = new byte[ms.Length];
ms.Read(result, 0, (int)ms.Length);
// Copy data to MemoryMappedFile
// Structure
// 8 bytes: RC4 Key
// 4 bytes: Actual Data Size
// ? bytes: Encrypted data
var pointer = Marshal.AllocHGlobal(result.Length);
Marshal.Copy(result, 0, pointer, result.Length);
Win32.MemCpy(fileMapViewPointer, pointer, (uint)result.Length);
Marshal.FreeHGlobal(pointer);
writer.Dispose();
ms.Dispose();
//-----------
if (credentialFileMapHandle == IntPtr.Zero)
{
// TODO ...
// Win32.CloseHandle(credentialEvent);
Marshal.FreeHGlobal(sa_pointer);
return(false);
}
var credentialEvent = Win32.CreateEventW(sa_pointer, true, false, "archeage_auth_ticket_event");
Marshal.FreeHGlobal(sa_pointer);
if (credentialEvent == IntPtr.Zero)
{
// Console.WriteLine("Failed to create credential event");
return(false);
}
HandleID1FileMap = credentialFileMapHandle.ToInt32();
HandleID2Event = credentialEvent.ToInt32();
return((HandleID1FileMap != 0) && (HandleID2Event != 0));
}
