/// <summary> /// Execute a command line. /// </summary> /// <param name="cmd">Command line</param> /// <param name="dir">Working dir. Inherits the current directory if null.</param> /// <param name="env">Environement variables. Inherits all of them if null.</param> /// <param name="noWindow">Hides the window if true</param> public static void Execute(string cmd, string dir , Hashtable env = null, bool noWindow = false) { var si = new Native.STARTUPINFO(); var pi = new Native.PROCESS_INFORMATION(); int createFlags = Native.CREATE_UNICODE_ENVIRONMENT; if (noWindow) { createFlags |= Native.CREATE_NO_WINDOW; } StringBuilder envVars = BuildEnvironmentVars(env); try { bool success = Native.CreateProcess(null , cmd , IntPtr.Zero , IntPtr.Zero , false , createFlags , envVars , dir, si, pi); if (!success) { throw new Win32Exception(); } } finally { Native.CloseHandle(pi.hThread); Native.CloseHandle(pi.hProcess); } }
/// <summary> /// Starts a process /// </summary> /// <param name="filepath">File path</param> /// <param name="args">Arguments</param> /// <param name="dir">Working dir. Inherits the current directory if null</param> /// <param name="env">Environement variables. Inherits all of them if null</param> /// <param name="noWindow">Hides the window if true</param> /// <param name="createJob">Creates a Job if true</param> /// <returns></returns> public static ProcessExt Start(string filepath, IEnumerable args , string dir, Hashtable env, bool noWindow, bool createJob) { string cmd = ProcessExt.BuildCommandLine(filepath, args); StringBuilder envVars = BuildEnvironmentVars(env); var si = new Native.STARTUPINFO(); var pi = new Native.PROCESS_INFORMATION(); int createFlags = Native.CREATE_UNICODE_ENVIRONMENT; if (noWindow) createFlags |= Native.CREATE_NO_WINDOW; if (createJob) { createFlags |= Native.CREATE_SUSPENDED; IntPtr curProc = Native.GetCurrentProcess(); try { bool isProcessInJob = false; if (!Native.IsProcessInJob(curProc, IntPtr.Zero, out isProcessInJob)) throw new Win32Exception(); if (isProcessInJob) createFlags |= Native.CREATE_BREAKAWAY_FROM_JOB; } finally { Native.CloseHandle(curProc); } } bool success = Native.CreateProcess(null , cmd , IntPtr.Zero , IntPtr.Zero , false , createFlags , envVars , dir, si, pi); if (!success) throw new Win32Exception(); IntPtr hJob = IntPtr.Zero; try { if (createJob) { hJob = AssignProcessToNewJob(pi.hProcess, null); if (-1 == Native.ResumeThread(pi.hThread)) throw new Win32Exception(); } } catch { Native.CloseHandle(pi.hProcess); Native.CloseHandle(hJob); throw; } finally { Native.CloseHandle(pi.hThread); } return new ProcessExt(pi.dwProcessId, pi.hProcess, hJob); }
public static void PrisonCreateProcessAsUserFakes(Native.PROCESS_INFORMATION processInfo) { //shim Prison.GetDefaultEnvironmentVarialbes ShimPrison.AllInstances.GetDefaultEnvironmentVarialbes = (pris) => { return(new Dictionary <string, string>()); }; ShimPrison.AllInstances.NativeCreateProcessAsUserBooleanStringStringString = (pris, interactive, filename, arguments, envBlock) => { return(processInfo); }; }
public void TestSimpleEcho() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 0; }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return processInfo.dwProcessId; }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; }; Process procAddedToJob = null; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(procAddedToJob.Id, process.Id); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void TestSimpleEcho() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(0); }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return(processInfo.dwProcessId); }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); }; Process procAddedToJob = null; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(procAddedToJob.Id, process.Id); Assert.AreEqual(true, raisingEventsChangedTo); } }
public void PrisonApplyWindowStationTest() { using (ShimsContext.Create()) { int winStationPtr = 2658; PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr); string username = null; ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); }; ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.WindowStation; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(0); }; ShimProcess.GetProcessByIdInt32 = (id) => { return(new Process()); }; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { }; Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username)); } }
public void PrisonApplyWindowStationTest() { using (ShimsContext.Create()) { int winStationPtr = 2658; PrisonTestsHelper.PrisonLockdownFakes(); PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr); string username = null; ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); }; ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); }; Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.CellType |= RuleType.WindowStation; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 0; }; ShimProcess.GetProcessByIdInt32 = (id) => { return new Process(); }; ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; }; ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; }; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { }; Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username)); } }
public int StartProcess(ProcessStartInfo processStartInfo) { LogInOtherUser(processStartInfo); Native.STARTUPINFO startUpInfo = new Native.STARTUPINFO(); startUpInfo.cb = Marshal.SizeOf(startUpInfo); startUpInfo.lpDesktop = string.Empty; Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION(); bool processStarted = Native.CreateProcessAsUser(UserToken, processStartInfo.FileName, processStartInfo.Arguments, IntPtr.Zero, IntPtr.Zero, true, 0, IntPtr.Zero, null, ref startUpInfo, out processInfo); if (!processStarted) { throw new Win32Exception(Marshal.GetLastWin32Error()); } uint processId = processInfo.dwProcessId; Native.CloseHandle(processInfo.hProcess); Native.CloseHandle(processInfo.hThread); return((int)processId); }
/// <summary> /// Starts the application, injecting Reloaded into it. /// </summary> public void Start() { // Start up the process Native.STARTUPINFO startupInfo = new Native.STARTUPINFO(); Native.SECURITY_ATTRIBUTES lpProcessAttributes = new Native.SECURITY_ATTRIBUTES(); Native.SECURITY_ATTRIBUTES lpThreadAttributes = new Native.SECURITY_ATTRIBUTES(); Native.PROCESS_INFORMATION processInformation = new Native.PROCESS_INFORMATION(); if (_arguments == null) { _arguments = ""; } bool success = Native.CreateProcessW(null, $"\"{_location}\" {_arguments}", ref lpProcessAttributes, ref lpThreadAttributes, false, Native.ProcessCreationFlags.CREATE_SUSPENDED, IntPtr.Zero, Path.GetDirectoryName(_location) !, ref startupInfo, ref processInformation); if (!success) { string windowsErrorMessage = new Win32Exception(Marshal.GetLastWin32Error()).Message; throw new ArgumentException($"{Resources.ErrorFailedToStartProcess.Get()} {windowsErrorMessage}"); } // DLL Injection var process = Process.GetProcessById((int)processInformation.dwProcessId); var injector = new ApplicationInjector(process); try { injector.Inject(); } catch (Exception) { Native.ResumeThread(processInformation.hThread); throw; } Native.ResumeThread(processInformation.hThread); }
/// <summary> /// Execute a command line. /// </summary> /// <param name="cmd">Command line</param> /// <param name="dir">Working dir. Inherits the current directory if null.</param> /// <param name="env">Environement variables. Inherits all of them if null.</param> /// <param name="noWindow">Hides the window if true</param> public static void Execute(string cmd, string dir , Hashtable env = null, bool noWindow = false) { var si = new Native.STARTUPINFO(); var pi = new Native.PROCESS_INFORMATION(); int createFlags = Native.CREATE_UNICODE_ENVIRONMENT; if (noWindow) createFlags |= Native.CREATE_NO_WINDOW; StringBuilder envVars = BuildEnvironmentVars(env); try { bool success = Native.CreateProcess(null , cmd , IntPtr.Zero , IntPtr.Zero , false , createFlags , envVars , dir, si, pi); if (!success) throw new Win32Exception(); } finally { Native.CloseHandle(pi.hThread); Native.CloseHandle(pi.hProcess); } }
public void TestSimpleEchoChangedSession() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return 12; }; ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; }; StubIExecutor exec = new StubIExecutor(); ShimChannelFactory<IExecutor>.AllInstances.CreateChannel = (executor) => { return exec; }; exec.ExecuteProcessPrisonStringStringDictionaryOfStringString = (fakePrison, filename, arguments, extraEnvironmentVariables) => { return processInfo.dwProcessId; }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return processInfo.dwProcessId; }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; }; ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(true, raisingEventsChangedTo); } }
/// <summary> /// Starts a process /// </summary> /// <param name="filepath">File path</param> /// <param name="args">Arguments</param> /// <param name="dir">Working dir. Inherits the current directory if null</param> /// <param name="env">Environement variables. Inherits all of them if null</param> /// <param name="noWindow">Hides the window if true</param> /// <param name="createJob">Creates a Job if true</param> /// <returns></returns> public static ProcessExt Start(string filepath, IEnumerable args , string dir, Hashtable env, bool noWindow, bool createJob) { string cmd = ProcessExt.BuildCommandLine(filepath, args); StringBuilder envVars = BuildEnvironmentVars(env); var si = new Native.STARTUPINFO(); var pi = new Native.PROCESS_INFORMATION(); int createFlags = Native.CREATE_UNICODE_ENVIRONMENT; if (noWindow) { createFlags |= Native.CREATE_NO_WINDOW; } IntPtr hJob = IntPtr.Zero; bool success = false; if (createJob) { IntPtr curProc = Native.GetCurrentProcess(); bool isProcessInJob = false; success = Native.IsProcessInJob(curProc, IntPtr.Zero, out isProcessInJob); Native.CloseHandle(curProc); if (success) { int createFlagsJob = createFlags | Native.CREATE_SUSPENDED; if (isProcessInJob) { createFlagsJob |= Native.CREATE_BREAKAWAY_FROM_JOB; } success = Native.CreateProcess(null , cmd , IntPtr.Zero , IntPtr.Zero , false , createFlagsJob , envVars , dir, si, pi); if (success) { success = AssignProcessToNewJob(pi.hProcess, null, out hJob); if (success) { if (-1 == Native.ResumeThread(pi.hThread)) { throw new Win32Exception(); } } else { Native.TerminateProcess(pi.hProcess, -1); Native.CloseHandle(pi.hProcess); Native.CloseHandle(pi.hThread); Native.CloseHandle(hJob); hJob = IntPtr.Zero; } } } } if (!success) { success = Native.CreateProcess(null , cmd , IntPtr.Zero , IntPtr.Zero , false , createFlags , envVars , dir, si, pi); if (!success) { throw new Win32Exception(); } } return(new ProcessExt(pi.dwProcessId, pi.hProcess, hJob)); }
public void TestSimpleEchoChangedSession() { using (ShimsContext.Create()) { // shim Prison.Lockdown PrisonTestsHelper.PrisonLockdownFakes(); Prison prison = new Prison(); prison.Tag = "uhtst"; PrisonRules prisonRules = new PrisonRules(); prisonRules.CellType = RuleType.None; prisonRules.PrisonHomePath = @"c:\prison_tests\p3"; prison.Lockdown(prisonRules); // shim Prison.Execute Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION { hProcess = new IntPtr(2400), hThread = new IntPtr(2416), dwProcessId = 5400, dwThreadId = 4544 }; PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo); ShimPrison.GetCurrentSessionId = () => { return(12); }; ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; }; StubIExecutor exec = new StubIExecutor(); ShimChannelFactory <IExecutor> .AllInstances.CreateChannel = (executor) => { return(exec); }; exec.ExecuteProcessPrisonStringStringDictionaryOfStringString = (fakePrison, filename, arguments, extraEnvironmentVariables) => { return(processInfo.dwProcessId); }; var shimedProcess = new ShimProcess(); shimedProcess.IdGet = () => { return(processInfo.dwProcessId); }; var raisingEventsChangedTo = false; shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; }; ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); }; ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; }; var processIdResumed = 0; ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; }; ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; }; // Act Process process = prison.Execute( @"c:\windows\system32\cmd.exe", @"/c echo test"); // Assert Assert.AreEqual(processInfo.dwProcessId, process.Id); Assert.AreEqual(processInfo.dwProcessId, processIdResumed); Assert.AreEqual(true, raisingEventsChangedTo); } }