public ProcessEntry(NativeHandle handle) { Handle = handle; Pid = NativeBridge.GetPidForProcess(handle); Threads = NativeBridge.GetThreadsForProcess(handle).Select(h => new ThreadEntry(h)).ToArray(); Array.Sort(Threads, (a, b) => a.Tid - b.Tid); SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle); StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor); ImagePath = String.Empty; if (Pid == 0) { Name = "Idle"; } else if (Pid == 4) { Name = "System"; } else { ImagePath = NativeBridge.GetProcessPath(handle); Name = Path.GetFileNameWithoutExtension(ImagePath); } NativeHandle token = NativeBridge.OpenProcessToken(handle); if (token != null) { Token = new TokenEntry(token); } }
public TokenEntry(NativeHandle handle) { Handle = handle; SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle); StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor); UserName = NativeBridge.GetUserNameForToken(handle); }
public ThreadEntry(NativeHandle handle) { Handle = handle; SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle); StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor); Tid = NativeBridge.GetTidForThread(handle); NativeHandle token = NativeBridge.OpenThreadToken(handle); if (token != null) { Token = new TokenEntry(token); } }
static void Main(string[] args) { bool show_help = false; uint standard_filter = 0; int pid = Process.GetCurrentProcess().Id; try { OptionSet opts = new OptionSet() { { "r", "Recursive tree directory listing", v => _recursive = v != null }, { "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null }, { "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) }, { "w", "Show only write permissions granted", v => _show_write_only = v != null }, { "f=", String.Format("Filter on a specific file right [{0}]", String.Join(",", Enum.GetNames(typeof(FileAccessRights)))), v => _file_filter |= ParseRight(v, typeof(FileAccessRights)) }, { "d=", String.Format("Filter on a specific directory right [{0}]", String.Join(",", Enum.GetNames(typeof(FileDirectoryAccessRights)))), v => _dir_filter |= ParseRight(v, typeof(FileDirectoryAccessRights)) }, { "s=", String.Format("Filter on a standard right [{0}]", String.Join(",", Enum.GetNames(typeof(StandardAccessRights)))), v => standard_filter |= ParseRight(v, typeof(StandardAccessRights)) }, { "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v.ToLower()) }, { "q", "Don't print errors", v => _quiet = v != null }, { "onlydirs", "Only check the permissions of directories", v => _only_dirs = v != null }, { "h|help", "show this message and exit", v => show_help = v != null }, }; List<string> paths = opts.Parse(args); if (show_help || (paths.Count == 0)) { ShowHelp(opts); } else { _type = ObjectTypeInfo.GetTypeByName("file"); _token = NativeBridge.OpenProcessToken(pid); _file_filter |= standard_filter; _dir_filter |= standard_filter; foreach (string path in paths) { if ((File.GetAttributes(path) & FileAttributes.Directory) == FileAttributes.Directory) { DumpDirectory(new DirectoryInfo(path)); } else { DumpFile(new FileInfo(path)); } } } } catch(Exception e) { Console.WriteLine(e.Message); } }
static void Main(string[] args) { bool show_help = false; int pid = Process.GetCurrentProcess().Id; OptionSet opts = new OptionSet() { { "r", "Recursive tree directory listing", v => _recursive = v != null }, { "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null }, { "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) }, { "w", "Show only write permissions granted", v => _show_write_only = v != null }, { "k=", String.Format("Filter on a specific directory right [{0}]", String.Join(",", Enum.GetNames(typeof(DirectoryAccessRights)))), v => _dir_rights |= ParseRight(v, typeof(DirectoryAccessRights)) }, { "s=", String.Format("Filter on a standard right [{0}]", String.Join(",", Enum.GetNames(typeof(StandardAccessRights)))), v => _dir_rights |= ParseRight(v, typeof(StandardAccessRights)) }, { "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v.ToLower()) }, { "t=", "Specify a type of object to include", v => _type_filter.Add(v.ToLower()) }, { "h|help", "show this message and exit", v => show_help = v != null }, }; List<string> paths = opts.Parse(args); if (show_help || (paths.Count == 0)) { ShowHelp(opts); } else { try { _token = NativeBridge.OpenProcessToken(pid); foreach (string path in paths) { ObjectDirectory dir = ObjectNamespace.OpenDirectory(path); DumpDirectory(dir); } } catch (Exception e) { Console.WriteLine(e.Message); } } }