private static NtResult <NtEvent> CreateEvent(int session_id, string name, bool throw_on_error)
{
using (var obja = CreateObjectAttributes(session_id, name))
{
return(NtEvent.Create(obja, EventType.SynchronizationEvent, false, EventAccessRights.MaximumAllowed, throw_on_error));
}
}
public override NtObject NewItem(string relative_path, string item_type_name, object new_item_value)
{
switch (item_type_name.ToLower())
{
case "event":
return(NtEvent.Create(relative_path, _dir, EventType.NotificationEvent, false));
case "directory":
return(NtDirectory.Create(relative_path, _dir, DirectoryAccessRights.MaximumAllowed));
case "symboliclink":
case "link":
if (new_item_value == null)
{
throw new ArgumentNullException(nameof(new_item_value), "Must specify value for the symbolic link");
}
return(NtSymbolicLink.Create(relative_path, _dir, new_item_value.ToString()));
case "mutant":
return(NtMutant.Create(relative_path, _dir, false));
case "semaphore":
int max_count = 1;
if (new_item_value != null)
{
max_count = Convert.ToInt32(new_item_value);
}
return(NtSemaphore.Create(relative_path, _dir, 0, max_count));
default:
throw new ArgumentException($"Can't create new object of type {item_type_name}");
}
}
/// <summary>
/// Overridden method to create a new item.
/// </summary>
/// <param name="path">The drive path to create.</param>
/// <param name="itemTypeName">The NT object type to create.</param>
/// <param name="newItemValue">Additional item value data.</param>
protected override void NewItem(string path, string itemTypeName, object newItemValue)
{
if (itemTypeName == null)
{
throw new ArgumentNullException("itemTypeName", "Must specify a typename");
}
NtObject obj = null;
string relative_path = GetRelativePath(PSPathToNT(path));
bool container = false;
switch (itemTypeName.ToLower())
{
case "event":
obj = NtEvent.Create(relative_path, GetDrive().DirectoryRoot, EventType.NotificationEvent, false);
break;
case "directory":
obj = NtDirectory.Create(relative_path, GetDrive().DirectoryRoot, DirectoryAccessRights.MaximumAllowed);
container = true;
break;
case "symboliclink":
case "link":
if (newItemValue == null)
{
throw new ArgumentNullException("newItemValue", "Must specify value for the symbolic link");
}
obj = NtSymbolicLink.Create(relative_path, GetDrive().DirectoryRoot, newItemValue.ToString());
break;
case "mutant":
obj = NtMutant.Create(relative_path, GetDrive().DirectoryRoot, false);
break;
case "semaphore":
int max_count = 1;
if (newItemValue != null)
{
max_count = Convert.ToInt32(newItemValue);
}
obj = NtSemaphore.Create(relative_path, GetDrive().DirectoryRoot, 0, max_count);
break;
default:
throw new ArgumentException(String.Format("Can't create new object of type {0}", itemTypeName));
}
WriteItemObject(obj, path, container);
}
static void Main()
{
SetTokenPriv.EnablePrivilege();
//using var _ = new ApplicationPrivilege(new[] {
// TokenPrivilegeValue.SeAssignPrimaryTokenPrivilege,
// TokenPrivilegeValue.SeTakeOwnershipPrivilege,
// TokenPrivilegeValue.SeLoadDriverPrivilege,
// TokenPrivilegeValue.SeSecurityPrivilege,
// TokenPrivilegeValue.SeTcbPrivilege,
// TokenPrivilegeValue.SeBackupPrivilege,
// TokenPrivilegeValue.SeRestorePrivilege,
//});
//WaitForDebugger();
using var evt = NtEvent.Create(null, EventType.NotificationEvent, false);
using var job = NtJob.CreateServerSilo(SiloObjectRootDirectoryControlFlags.All, @"C:\Windows", evt, false);
using (var root = NtDirectory.Open(job.SiloRootDirectory)) {
Console.WriteLine(root);
SetupRootDirectory(root);
}
//Debugger.Break();
//NotifySM(job, 7);
//ProcessExtensions.GetSessionUserToken(out var tok);
var config = new NtProcessCreateConfig {
ImagePath = @"\SystemRoot\System32\cmd.exe",
ConfigImagePath = @"C:\Windows\System32\cmd.exe",
CurrentDirectory = @"C:\Windows\System32",
WindowTitle = "Demo",
ParentProcess = NtProcess.Current,
TerminateOnDispose = true,
ThreadFlags = ThreadCreateFlags.Suspended,
};
config.AddAttribute(ProcessAttribute.JobList(new[] { job }));
using var proc = NtProcess.Create(config);
proc.Thread.Resume();
proc.Process.Wait().ToNtException();
Console.WriteLine($"status: {proc.Process.ExitNtStatus}");
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
return(NtEvent.Create(obj_attributes, EventType, InitialState, Access));
}