/// <summary> /// Get the cached singing level from the raw EA buffer. /// </summary> /// <param name="ea">The EA buffer to read the cached signing level from.</param> /// <returns>The cached signing level.</returns> /// <exception cref="NtException">Throw on error.</exception> public static CachedSigningLevel GetCachedSigningLevelFromEa(EaBuffer ea) { EaBufferEntry buffer = ea.GetEntry("$KERNEL.PURGE.ESBCACHE"); if (buffer == null) { NtStatus.STATUS_OBJECT_NAME_NOT_FOUND.ToNtException(); } BinaryReader reader = new BinaryReader(new MemoryStream(buffer.Data)); int total_size = reader.ReadInt32(); int version = reader.ReadInt16(); switch (version) { case 1: return(ReadCachedSigningLevelVersion1(reader)); case 2: return(ReadCachedSigningLevelVersion2(reader)); case 3: return(ReadCachedSigningLevelVersion3(reader)); default: throw new ArgumentException($"Unsupported cached signing level buffer version {version}"); } }
/// <summary> /// Constructor /// </summary> /// <param name="buffer">Existing buffer to copy.</param> public EaBuffer(EaBuffer buffer) : this(buffer.Entries.Select(e => e.Clone())) { }
/// <summary> /// Create a new file /// </summary> /// <param name="name">The path to the file</param> /// <param name="root">A root object to parse relative filenames</param> /// <param name="desired_access">Desired access for the file</param> /// <param name="file_attributes">Attributes for the file</param> /// <param name="share_access">Share access for the file</param> /// <param name="open_options">Open options for file</param> /// <param name="disposition">Disposition when opening the file</param> /// <param name="ea_buffer">Extended Attributes buffer</param> /// <returns>The created/opened file object.</returns> public static NtFile Create(string name, NtObject root, FileAccessRights desired_access, FileAttributes file_attributes, FileShareMode share_access, FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer) { using (ObjectAttributes obja = new ObjectAttributes(name, AttributeFlags.CaseInsensitive, root)) { return(Create(obja, desired_access, file_attributes, share_access, open_options, disposition, ea_buffer)); } }
/// <summary> /// Create a new file /// </summary> /// <param name="name">The path to the file</param> /// <param name="desired_access">Desired access for the file</param> /// <param name="share_access">Share access for the file</param> /// <param name="open_options">Open options for file</param> /// <param name="disposition">Disposition when opening the file</param> /// <param name="ea_buffer">Extended Attributes buffer</param> /// <returns>The created/opened file object.</returns> public static NtFile Create(string name, FileAccessRights desired_access, FileShareMode share_access, FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer) { return(Create(name, null, desired_access, FileAttributes.Normal, share_access, open_options, disposition, ea_buffer)); }
/// <summary> /// Create a new file /// </summary> /// <param name="obj_attributes">The object attributes</param> /// <param name="desired_access">Desired access for the file</param> /// <param name="file_attributes">Attributes for the file</param> /// <param name="share_access">Share access for the file</param> /// <param name="open_options">Open options for file</param> /// <param name="disposition">Disposition when opening the file</param> /// <param name="ea_buffer">Extended Attributes buffer</param> /// <returns>The created/opened file object.</returns> public static NtFile Create(ObjectAttributes obj_attributes, FileAccessRights desired_access, FileAttributes file_attributes, FileShareMode share_access, FileOpenOptions open_options, FileDisposition disposition, EaBuffer ea_buffer) { SafeKernelObjectHandle handle; IoStatus iostatus = new IoStatus(); byte[] buffer = ea_buffer != null?ea_buffer.ToByteArray() : null; NtSystemCalls.NtCreateFile(out handle, desired_access, obj_attributes, iostatus, null, FileAttributes.Normal, share_access, disposition, open_options, buffer, buffer != null ? buffer.Length : 0).ToNtException(); return(new NtFile(handle)); }