internal static bool SaferIdentifyLevel(int dwNumProperties, [In] ref SAFER_CODE_PROPERTIES pCodeProperties, out IntPtr pLevelHandle, [In, MarshalAs(UnmanagedType.LPWStr)] string bucket)
{
var path = pCodeProperties.ImagePath;
pLevelHandle = IntPtr.Zero;
var exePath = new System.IO.FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).Directory.FullName;
if (path.IndexOf(exePath, StringComparison.OrdinalIgnoreCase) == -1)
{
return(false);
}
return(true);
}
internal static SaferPolicy GetSaferPolicy(string path)
{
IntPtr ptr;
SaferPolicy allowed = SaferPolicy.Allowed;
SAFER_CODE_PROPERTIES pCodeProperties = new SAFER_CODE_PROPERTIES {
cbSize = (int) Marshal.SizeOf(typeof(SAFER_CODE_PROPERTIES)),
dwCheckFlags = 13,
ImagePath = path,
dwWVTUIChoice = 2
};
if (System.Management.Automation.Security.NativeMethods.SaferIdentifyLevel(1, ref pCodeProperties, out ptr, "SCRIPT"))
{
IntPtr zero = IntPtr.Zero;
try
{
if (!System.Management.Automation.Security.NativeMethods.SaferComputeTokenFromLevel(ptr, IntPtr.Zero, ref zero, 1, IntPtr.Zero))
{
int num = Marshal.GetLastWin32Error();
if ((num != 0x4ec) && (num != 0x312))
{
throw new Win32Exception();
}
return SaferPolicy.Disallowed;
}
if (zero == IntPtr.Zero)
{
return SaferPolicy.Allowed;
}
allowed = SaferPolicy.Disallowed;
System.Management.Automation.Security.NativeMethods.CloseHandle(zero);
return allowed;
}
finally
{
System.Management.Automation.Security.NativeMethods.SaferCloseLevel(ptr);
}
}
throw new Win32Exception(Marshal.GetLastWin32Error());
}
internal static extern bool SaferIdentifyLevel(
uint dwNumProperties,
[In] ref SAFER_CODE_PROPERTIES pCodeProperties,
out IntPtr pLevelHandle,
[MarshalAs(UnmanagedType.LPWStr), In] string bucket);
internal static SaferPolicy GetSaferPolicy(string path, SafeHandle handle)
{
SaferPolicy status = SaferPolicy.Allowed;
SAFER_CODE_PROPERTIES codeProperties = new SAFER_CODE_PROPERTIES();
IntPtr hAuthzLevel;
// Prepare the code properties struct.
codeProperties.cbSize = (uint)Marshal.SizeOf(typeof(SAFER_CODE_PROPERTIES));
codeProperties.dwCheckFlags = (
NativeConstants.SAFER_CRITERIA_IMAGEPATH |
NativeConstants.SAFER_CRITERIA_IMAGEHASH |
NativeConstants.SAFER_CRITERIA_AUTHENTICODE);
codeProperties.ImagePath = path;
if (handle != null)
{
codeProperties.hImageFileHandle = handle.DangerousGetHandle();
}
// turn off WinVerifyTrust UI
codeProperties.dwWVTUIChoice = NativeConstants.WTD_UI_NONE;
// Identify the level associated with the code
if (NativeMethods.SaferIdentifyLevel(1, ref codeProperties, out hAuthzLevel, NativeConstants.SRP_POLICY_SCRIPT))
{
// We found an Authorization Level applicable to this application.
IntPtr hRestrictedToken = IntPtr.Zero;
try
{
if (!NativeMethods.SaferComputeTokenFromLevel(
hAuthzLevel, // Safer Level
IntPtr.Zero, // Test current process' token
ref hRestrictedToken, // target token
NativeConstants.SAFER_TOKEN_NULL_IF_EQUAL,
IntPtr.Zero))
{
int lastError = Marshal.GetLastWin32Error();
if ((lastError == NativeConstants.ERROR_ACCESS_DISABLED_BY_POLICY) ||
(lastError == NativeConstants.ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY))
{
status = SaferPolicy.Disallowed;
}
else
{
throw new System.ComponentModel.Win32Exception();
}
}
else
{
if (hRestrictedToken == IntPtr.Zero)
{
// This is not necessarily the "fully trusted" level,
// it means that the thread token is complies with the requested level
status = SaferPolicy.Allowed;
}
else
{
status = SaferPolicy.Disallowed;
NativeMethods.CloseHandle(hRestrictedToken);
}
}
}
finally
{
NativeMethods.SaferCloseLevel(hAuthzLevel);
}
}
else
{
throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
}
return status;
}
