private void QueryValues()
{
if (_allow_query)
{
_allow_query = false;
NtToken.EnableDebugPrivilege();
using (var obj = NtGeneric.DuplicateFrom(ProcessId,
new IntPtr(Handle), 0, DuplicateObjectOptions.SameAccess, false)) {
if (!obj.IsSuccess)
{
return;
}
NtType = obj.Result.NtType;
if (!_force_file_query && obj.Result.NtTypeName == "File")
{
using (var file = obj.Result.ToTypedObject() as NtFile) {
var device_type = file?.DeviceType ?? FileDeviceType.UNKNOWN;
switch (device_type)
{
case FileDeviceType.DISK:
case FileDeviceType.CD_ROM:
break;
default:
return;
}
}
}
_handle_valid = true;
_name = GetName(obj.Result);
_sd = GetSecurityDescriptor(obj.Result);
}
}
}
private string GetName(NtGeneric obj)
{
if (obj == null)
{
return(String.Empty);
}
return(obj.FullPath);
}
/// <summary>
/// Get handle into the current process
/// </summary>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The handle to the object</returns>
public NtResult <NtObject> GetObject(bool throw_on_error)
{
NtToken.EnableDebugPrivilege();
using (var result = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle), 0,
DuplicateObjectOptions.SameAccess | DuplicateObjectOptions.SameAttributes, throw_on_error)) {
if (!result.IsSuccess)
{
return(result.Cast <NtObject>());
}
NtGeneric generic = result.Result;
// Ensure that we get the actual type from the handle.
NtType = generic.NtType;
return(generic.ToTypedObject(throw_on_error).Cast <NtObject>());
}
}
private SecurityDescriptor GetSecurityDescriptor(NtGeneric obj)
{
try
{
if (obj != null)
{
using (NtGeneric dup = obj.Duplicate(GenericAccessRights.ReadControl))
{
return(dup.SecurityDescriptor);
}
}
}
catch
{
}
return(null);
}
/// <summary>
/// Get handle into the current process
/// </summary>
/// <returns>The handle to the object</returns>
public NtObject GetObject()
{
NtToken.EnableDebugPrivilege();
try
{
using (NtGeneric generic = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle)))
{
// Ensure that we get the actual type from the handle.
NtType = generic.NtType;
return(generic.ToTypedObject());
}
}
catch
{
}
return(null);
}
private SecurityDescriptor GetSecurityDescriptor(NtGeneric obj)
{
if (obj != null)
{
using (var dup = obj.Duplicate(GenericAccessRights.ReadControl, false)) {
if (!dup.IsSuccess)
{
return(null);
}
var sd = dup.Result.GetSecurityDescriptor(SecurityInformation.AllBasic, false);
if (!sd.IsSuccess)
{
return(null);
}
return(sd.Result);
}
}
return(null);
}
private void QueryValues()
{
if (_allow_query)
{
_allow_query = false;
NtToken.EnableDebugPrivilege();
using (var obj = NtGeneric.DuplicateFrom(ProcessId,
new IntPtr(Handle), 0, DuplicateObjectOptions.SameAccess, false))
{
if (!obj.IsSuccess)
{
return;
}
NtType = obj.Result.NtType;
_name = GetName(obj.Result);
_sd = GetSecurityDescriptor(obj.Result);
}
}
}
private void QueryValues()
{
if (_allow_query)
{
_allow_query = false;
try
{
using (NtGeneric obj = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle)))
{
// Ensure we get the real type, in case it changed _or_ it was wrong to begin with.
ObjectType = obj.NtTypeName;
_name = GetName(obj);
_sd = GetSecurityDescriptor(obj);
}
}
catch (NtException)
{
}
}
}
