private static string FormatText(NtHandle ent) { string size = String.Empty; try { using (NtSection section = NtSection.DuplicateFrom(ent.ProcessId, new IntPtr(ent.Handle), SectionAccessRights.Query)) { size = section.Size.ToString(); } } catch (NtException) { size = "Unknown"; } StringBuilder builder = new StringBuilder(); NtType section_type = NtType.GetTypeByName("section"); if (section_type.HasReadPermission(ent.GrantedAccess)) { builder.Append("R"); } if (section_type.HasWritePermission(ent.GrantedAccess)) { builder.Append("W"); } return(String.Format("[{0}/0x{0:X}] {1} Size: {2} Access: {3}", ent.Handle, ent.Name, size, builder.ToString())); }
static void CheckAccess(string full_path, NtFile entry) { try { if (!entry.IsAccessGranted(FileAccessRights.ReadControl)) { return; } SecurityDescriptor sd = entry.SecurityDescriptor; bool is_dir = entry.IsDirectory; AccessMask granted_access; if (is_dir && _dir_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray()); } else if (!is_dir && _file_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray()); } else { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (granted_access.HasAccess) { // Now reget maximum access rights if (_dir_filter != 0 || _file_filter != 0) { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (!_show_write_only || _type.HasWritePermission(granted_access)) { Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'), is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } catch (NtException) { } }
static void CheckAccess(string path, byte[] sd, NtType type) { try { if (_type_filter.Count > 0) { if (!_type_filter.Contains(type.Name.ToLower())) { return; } } if (sd.Length > 0) { uint granted_access = 0; if (_dir_rights != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, type, (uint)_dir_rights, sd); } else { granted_access = NtSecurity.GetMaximumAccess(_token, type, sd); } if (granted_access != 0) { // As we can get all the rights for the directory get maximum if (_dir_rights != 0) { granted_access = NtSecurity.GetMaximumAccess(_token, type, sd); } if (!_show_write_only || type.HasWritePermission(granted_access)) { Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, path, granted_access, AccessMaskToString(type, granted_access)); if (_print_sddl) { Console.WriteLine("{0}", NtSecurity.SecurityDescriptorToSddl(sd, SecurityInformation.AllBasic)); } } } } } catch (Exception) { } }
static void CheckAccess(NtToken token, NtObject obj) { if (!obj.IsAccessMaskGranted(GenericAccessRights.ReadControl)) { return; } try { SecurityDescriptor sd = obj.SecurityDescriptor; AccessMask granted_access; NtType type = obj.NtType; if (_dir_rights != 0) { granted_access = NtSecurity.GetAllowedAccess(sd, token, _dir_rights, type.GenericMapping); } else { granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping); } if (!granted_access.IsEmpty) { // As we can get all the rights for the directory get maximum if (_dir_rights != 0) { granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping); } if (!_show_write_only || type.HasWritePermission(granted_access)) { Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, obj.FullPath, granted_access, type.AccessMaskToString(granted_access, _map_to_generic)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } catch (NtException) { } }
static void CheckAccess(FileSystemInfo entry) { try { SecurityDescriptor sd = NtSecurity.FromNamedObject(@"\??\" + entry.FullName, "file"); if (sd != null) { bool is_dir = entry is DirectoryInfo; uint granted_access; if (is_dir && _dir_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray()); } else if (!is_dir && _file_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray()); } else { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (granted_access != 0) { // Now reget maximum access rights if (_dir_filter != 0 || _file_filter != 0) { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (!_show_write_only || _type.HasWritePermission(granted_access)) { Console.WriteLine("{0}{1} : {2:X08} {3}", entry.FullName, is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } } catch (Exception) { } }
static void CheckAccess(string full_path, NtFile entry) { try { SecurityDescriptor sd = entry.GetSecurityDescriptor(SecurityInformation.AllBasic); if (sd != null) { bool is_dir = entry.IsDirectory; uint granted_access; if (is_dir && _dir_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray()); } else if (!is_dir && _file_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray()); } else { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (granted_access != 0) { // Now reget maximum access rights if (_dir_filter != 0 || _file_filter != 0) { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (!_show_write_only || _type.HasWritePermission(granted_access)) { Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'), is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } } catch { } }
static void CheckAccess(NtToken token, NtKey key) { NtType type = key.NtType; if (!key.IsAccessGranted(KeyAccessRights.ReadControl)) { return; } SecurityDescriptor sd = key.SecurityDescriptor; AccessMask granted_access; if (_key_rights != 0) { granted_access = NtSecurity.GetAllowedAccess(token, type, _key_rights, sd.ToByteArray()); } else { granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray()); } if (!granted_access.IsEmpty) { // As we can get all the rights for the key get maximum if (_key_rights != 0) { granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray()); } if (!_show_write_only || type.HasWritePermission(granted_access)) { Console.WriteLine("{0} : {1:X08} {2}", key.FullPath, granted_access, AccessMaskToString(granted_access, type)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } }