Exemple #1
 public static extern bool AllocateAndInitializeSid(
     ref SidIdentifierAuthority pIdentifierAuthority,
     byte nSubAuthorityCount,
     int dwSubAuthority0, int dwSubAuthority1,
     int dwSubAuthority2, int dwSubAuthority3,
     int dwSubAuthority4, int dwSubAuthority5,
     int dwSubAuthority6, int dwSubAuthority7,
     out IntPtr pSid);
Exemple #3
        internal static void ElevateSelf(bool processCreated)
            try {
                var ntAuth = new SidIdentifierAuthority();
                ntAuth.Value = new byte[] { 0, 0, 0, 0, 0, 5 };

                var  psid = IntPtr.Zero;
                bool isAdmin;
                if (AllocateAndInitializeSid(ref ntAuth, 2, 0x00000020, 0x00000220, 0, 0, 0, 0, 0, 0, out psid) && CheckTokenMembership(IntPtr.Zero, psid, out isAdmin) && isAdmin)
                    return; // yes, we're an elevated admin
            } catch {
                // :) Seems that we need to elevate?

            if (!processCreated)
                // we're not an admin I guess.
                try {
                    var process = new Process {
                        StartInfo =
                            UseShellExecute         = true,
                            WorkingDirectory        = Environment.CurrentDirectory,
                            FileName                = Assembly.GetEntryAssembly().Location,
                            Verb                    = "runas",
                            Arguments               = Environment.GetCommandLineArgs().Skip(1).Aggregate(string.Empty, (current, each) => current + " \"" + each + "\"").Trim() + " __EPM1__",
                            ErrorDialog             = true,
                            ErrorDialogParentHandle = GetForegroundWindow(),
                            WindowStyle             = ProcessWindowStyle.Maximized,

                    if (!process.Start())
                        throw new Exception();

                    // since we want the parent process to be able to wait for this, we'll wait for the child process.
                    while (ParentIsRunning && !process.WaitForExit(100))
                } catch {
                    // nWindow.Fail(LocalizedMessage.IDS_REQUIRES_ADMIN_RIGHTS, "The installer requires administrator permissions.");

            // we should have elevated, or failed to. either way, GTFO.
 public static extern bool AllocateAndInitializeSid(
     ref SidIdentifierAuthority pIdentifierAuthority,
     byte nSubAuthorityCount,
     uint nSubAuthority0,
     uint nSubAuthority1,
     uint nSubAuthority2,
     uint nSubAuthority3,
     uint nSubAuthority4,
     uint nSubAuthority5,
     uint nSubAuthority6,
     uint nSubAuthority7,
     out System.IntPtr pSid);
        public static void ElevateSelf(bool waitForParentAndChild = false, string replacementCmdLineArguments = null, bool rejoinConsole = false, string replacementExeName = null)
            try {
                var ntAuth = new SidIdentifierAuthority {
                    Value = new byte[] {
                        0, 0, 0, 0, 0, 5

                var  psid = IntPtr.Zero;
                bool isAdmin;
                if (Advapi32.AllocateAndInitializeSid(ref ntAuth, 2, 0x00000020, 0x00000220, 0, 0, 0, 0, 0, 0, out psid) && Advapi32.CheckTokenMembership(IntPtr.Zero, psid, out isAdmin) && isAdmin)
                    return; // yes, we're an elevated admin
            } catch {
                // :) Seems that we need to elevate?

            var process = new System.Diagnostics.Process {
                StartInfo =
                    UseShellExecute         = true,
                    WorkingDirectory        = Environment.CurrentDirectory,
                    FileName                = replacementExeName ?? CorrectedExeName,
                    Verb                    = "runas",
                    Arguments               = replacementCmdLineArguments ?? EnvironmentUtility.CommandLineArguments,
                    ErrorDialog             = true,
                    ErrorDialogParentHandle = User32.GetForegroundWindow(),
                    // WindowStyle = ProcessWindowStyle.Maximized, // TODO: uh, what was this here for?

            if (!process.Start())
                throw new ClrPlusException("Unable to start process for elevation.");

            while ((waitForParentAndChild || rejoinConsole) && ParentIsRunning && !process.WaitForExit(50))

            // we should have elevated, or failed to. either way, we're done here..
        internal static void ElevateSelf(string args)
            try {
                var ntAuth = new SidIdentifierAuthority();
                ntAuth.Value = new byte[] { 0, 0, 0, 0, 0, 5 };

                var  psid = IntPtr.Zero;
                bool isAdmin;
                if (AllocateAndInitializeSid(ref ntAuth, 2, 0x00000020, 0x00000220, 0, 0, 0, 0, 0, 0, out psid) && CheckTokenMembership(IntPtr.Zero, psid, out isAdmin) && isAdmin)
                    return; // yes, we're an elevated admin
            catch {
                // :)

            // we're not an admin I guess.
            try {
                new Process {
                    StartInfo =
                        UseShellExecute         = true,
                        WorkingDirectory        = Environment.CurrentDirectory,
                        FileName                = ExeName,
                        Verb                    = "runas",
                        Arguments               = args,
                        ErrorDialog             = true,
                        ErrorDialogParentHandle = GetForegroundWindow(),
                        WindowStyle             = ProcessWindowStyle.Maximized,
                Environment.Exit(0); // since this didn't throw, we know the kids got off to school ok. :)
            catch {
                Fail("This tool requires administrator permissions.");
Exemple #9
        public static bool SDHasAC(string sddl)
            SidIdentifierAuthority authority = new SidIdentifierAuthority(SecurityAuthority.Package);

            return(SDHasAllowedAce(sddl, false, ace => ace.Sid.Authority.Equals(authority)));
        public void _createSecuritydesc()
            byte[] SECURITY_WORLD_SID_AUTHORITY = new byte[6] {
                0, 0, 0, 0, 0, 1
            SidIdentifierAuthority NtAuthority = new SidIdentifierAuthority();

            NtAuthority.Value = SECURITY_WORLD_SID_AUTHORITY;

            IntPtr AuthenticatedUsersSid = IntPtr.Zero;
            //const int AuthenticatedUser = 11;
            const int SECURITY_WORLD_RID = 0;

            // Get the SID for the Authenticated Uses group
            if (!NativeMethods.AllocateAndInitializeSid(ref NtAuthority,
                                                        0, 0, 0, 0, 0, 0, 0,
                                                        out AuthenticatedUsersSid))
                throw new Win32Exception("Failed to AllocateAndInitializeSid");
            // Remember to free the SID when you are done

            IntPtr          SPECIFIC_RIGHTS_ALL            = (IntPtr)0x0000FFFF;
            IntPtr          STANDARD_RIGHTS_ALL            = (IntPtr)0x001F0000;
            IntPtr          SPECIFIC_N_STANDARD_RIGHTS_ALL = (IntPtr)0x001FFFFF;
            uint            SET_ACCESS = 2;
            EXPLICIT_ACCESS ea         = new EXPLICIT_ACCESS();

            ea.grfAccessPermissions = (uint)RightFlags.SPECIFIC_N_STANDARD_RIGHTS_ALL;
            ea.grfAccessMode       = SET_ACCESS;
            ea.grfInheritance      = 0;                                        //NO_INHERITANCE
            ea.Trustee.TrusteeForm = TRUSTEE_FORM.TRUSTEE_IS_SID;              //TRUSTEE_IS_SID
            ea.Trustee.ptstrName   = AuthenticatedUsersSid;

            IntPtr NewAclPointer = IntPtr.Zero;
            _ACL   NewAcl        = new _ACL();
            // Marshal.StructureToPtr(NewAcl, NewAclPointer, true);
            int dwRes = NativeMethods.SetEntriesInAcl(1, ref ea, IntPtr.Zero, out NewAclPointer);

            if (dwRes != 0)
                throw new Win32Exception("Failed to SetEntriesInAcl");


            IntPtr pSDlocalAlloc = NativeMethods.LocalAlloc((uint)LMEMFlags.LMEM_FIXED_N_ZEROINIT, (UIntPtr)Marshal.SizeOf(sec));

            //Marshal.PtrToStructure(pSDlocalAlloc, sec);
            if (pSDlocalAlloc == IntPtr.Zero || pSDlocalAlloc == null)
                throw new Win32Exception("Failed to localAlloc");
            if (!NativeMethods.InitializeSecurityDescriptor(out sec, 1))
                throw new Win32Exception("Failed to InitializeSecurityDescriptor");
            if (!NativeMethods.SetSecurityDescriptorDacl(ref sec, true, NewAclPointer, false))
                throw new Win32Exception("Failed to SetSecurityDescriptorDacl");

            //byte[] src = getBytes(sec);
            //IntPtr dest = Marshal.AllocHGlobal(src.Length);
            //Marshal.Copy(src, 0, dest, src.Length);
            //sa.bInheritHandle = 0;
            //sa.nLength = Marshal.SizeOf(sa);
            //sa.lpSecurityDescriptor = dest;

            //byte[] src = getBytes(sec);
            //IntPtr dest = Marshal.AllocHGlobal(src.Length);
            //Marshal.Copy(src, 0, dest, src.Length);
            Marshal.StructureToPtr(sec, pSDlocalAlloc, true);
            sa.bInheritHandle       = 0;
            sa.nLength              = (uint)Marshal.SizeOf(sa); // its 24 or 816 (8x100 +8(int) +8(int))
            sa.lpSecurityDescriptor = pSDlocalAlloc;            // dest;//0x00000193dc8f7420
                                                                //gay1 end


            //sa.lpSecurityDescriptor = getBytes(sa);

            // Marshal.by(gay, SECURITY_ATTRIBUTES);

        internal static void ElevateSelf(bool processCreated)
            try {
                var ntAuth = new SidIdentifierAuthority();
                ntAuth.Value = new byte[] {0, 0, 0, 0, 0, 5};

                var psid = IntPtr.Zero;
                bool isAdmin;
                if (AllocateAndInitializeSid(ref ntAuth, 2, 0x00000020, 0x00000220, 0, 0, 0, 0, 0, 0, out psid) && CheckTokenMembership(IntPtr.Zero, psid, out isAdmin) && isAdmin) {
                    return; // yes, we're an elevated admin
            } catch {
                // :) Seems that we need to elevate?

            if (!processCreated) {
            // we're not an admin I guess.
            try {
                var process = new Process {
                    StartInfo = {
                        UseShellExecute = true,
                        WorkingDirectory = Environment.CurrentDirectory,
                        FileName = Assembly.GetEntryAssembly().Location,
                        Verb = "runas",
                    Arguments = Environment.GetCommandLineArgs().Skip(1).Aggregate(string.Empty, (current, each) => current + " \"" + each + "\"").Trim() + " __EPM1__",
                        ErrorDialog = true,
                        ErrorDialogParentHandle = GetForegroundWindow(),
                        WindowStyle = ProcessWindowStyle.Maximized,

                if (!process.Start()) {
                    throw new Exception();

                // since we want the parent process to be able to wait for this, we'll wait for the child process.
                while( ParentIsRunning && !process.WaitForExit(100) ) {
            } catch {
                // nWindow.Fail(LocalizedMessage.IDS_REQUIRES_ADMIN_RIGHTS, "The installer requires administrator permissions.");

            // we should have elevated, or failed to. either way, GTFO.