internal void FromSafeBuffer(SafeAlpcMessageAttributesBuffer buffer, NtAlpc port, AlpcMessage message)
{
var result = buffer.Result;
var valid_attrs = result.ValidAttributes;
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.Token))
{
AddAttribute <AlpcTokenMessageAttribute>(buffer, port, message);
}
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.Context))
{
AddAttribute <AlpcContextMessageAttribute>(buffer, port, message);
}
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.Handle))
{
var attribute = AddAttribute <AlpcHandleMessageAttribute>(buffer, port, message);
_handles.AddRange(attribute.Handles.Select(h => NtObjectUtils.FromHandle(h.Handle, true)));
}
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.Security))
{
var attr = AddAttribute <AlpcSecurityMessageAttribute>(buffer, port, message);
SecurityContext = new SafeAlpcSecurityContextHandle(attr.ContextHandle, true, port, attr.Flags, attr.SecurityQoS);
}
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.View))
{
var attr = AddAttribute <AlpcDataViewMessageAttribute>(buffer, port, message);
DataView = new SafeAlpcDataViewBuffer(new IntPtr(attr.ViewBase), attr.ViewSize,
new SafeAlpcPortSectionHandle(attr.SectionHandle, true, port), attr.Flags, true);
}
if (valid_attrs.HasFlag(AlpcMessageAttributeFlags.WorkOnBehalfOf))
{
AddAttribute <AlpcWorkOnBehalfMessageAttribute>(buffer, port, message);
}
}
/// <summary>
/// Gets all accessible threads on the system.
/// </summary>
/// <param name="desired_access">The desired access for each thread.</param>
/// <param name="from_system_info">Get the thread list from system information.</param>
/// <returns>The list of accessible threads.</returns>
public static IEnumerable <NtThread> GetThreads(ThreadAccessRights desired_access, bool from_system_info)
{
if (from_system_info)
{
return(NtSystemInfo.GetProcessInformation().SelectMany(p => p.Threads)
.Select(t => Open(t, desired_access, false)).SelectValidResults());
}
else
{
using (var threads = new DisposableList <NtThread>())
{
using (var procs = NtProcess.GetProcesses(ProcessAccessRights.QueryInformation).ToDisposableList())
{
foreach (var proc in procs)
{
threads.AddRange(proc.GetThreads(desired_access));
}
}
return(threads.ToArrayAndClear());
}
}
}
/// <summary>
/// Start the new process
/// </summary>
/// <param name="image_path">The image path to the file to execute</param>
/// <returns>The result of the process creation</returns>
public CreateUserProcessResult Start(string image_path)
{
if (image_path == null)
{
throw new ArgumentNullException("image_path");
}
using (var process_params = SafeProcessParametersBuffer.Create(ConfigImagePath ?? image_path, DllPath, CurrentDirectory,
CommandLine, Environment, WindowTitle, DesktopInfo, ShellInfo, RuntimeData, CreateProcessParametersFlags.Normalize)) {
using (var attrs = new DisposableList <ProcessAttribute>()) {
ProcessCreateInfo create_info = new ProcessCreateInfo();
attrs.Add(ProcessAttribute.ImageName(image_path));
SafeStructureInOutBuffer <SectionImageInformation> image_info = new SafeStructureInOutBuffer <SectionImageInformation>();
attrs.Add(ProcessAttribute.ImageInfo(image_info));
SafeStructureInOutBuffer <ClientId> client_id = new SafeStructureInOutBuffer <ClientId>();
attrs.Add(ProcessAttribute.ClientId(client_id));
attrs.AddRange(AdditionalAttributes);
if (ParentProcess != null)
{
attrs.Add(ProcessAttribute.ParentProcess(ParentProcess.Handle));
}
if (RestrictChildProcess || OverrideRestrictChildProcess)
{
attrs.Add(ProcessAttribute.ChildProcess(RestrictChildProcess, OverrideRestrictChildProcess));
}
if (Token != null)
{
attrs.Add(ProcessAttribute.Token(Token.Handle));
}
using (ProcessAttributeList attr_list = ProcessAttributeList.Create(attrs)) {
create_info.Data.InitFlags = InitFlags | ProcessCreateInitFlag.WriteOutputOnExit;
create_info.Data.ProhibitedImageCharacteristics = ProhibitedImageCharacteristics;
create_info.Data.AdditionalFileAccess = AdditionalFileAccess;
using (ObjectAttributes proc_attr = new ObjectAttributes(null, AttributeFlags.None,
SafeKernelObjectHandle.Null, null, ProcessSecurityDescriptor),
thread_attr = new ObjectAttributes(null, AttributeFlags.None,
SafeKernelObjectHandle.Null, null, ThreadSecurityDescriptor)) {
NtStatus status = NtSystemCalls.NtCreateUserProcess(
out SafeKernelObjectHandle process_handle, out SafeKernelObjectHandle thread_handle,
ProcessDesiredAccess, ThreadDesiredAccess,
proc_attr, thread_attr, ProcessFlags,
ThreadFlags, process_params.DangerousGetHandle(), create_info, attr_list);
if (!status.IsSuccess() && !ReturnOnError)
{
// Close handles which come from errors
switch (create_info.State)
{
case ProcessCreateState.FailOnSectionCreate:
NtSystemCalls.NtClose(create_info.Data.FileHandle);
break;
case ProcessCreateState.FailExeName:
NtSystemCalls.NtClose(create_info.Data.IFEOKey);
break;
}
status.ToNtException();
}
if (create_info.State == ProcessCreateState.Success)
{
return(new CreateUserProcessResult(process_handle, thread_handle,
create_info.Data, image_info.Result, client_id.Result, TerminateOnDispose));
}
else
{
return(new CreateUserProcessResult(status, create_info.Data, create_info.State));
}
}
}
}
}
}
