public TokenProvider Duplicate(uint desiredAccess = 0x02000000)
{
if (!TokensApi.DuplicateTokenEx(Token.DangerousGetHandle(), desiredAccess, IntPtr.Zero,
SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out var newToken))
{
throw new Win32Exception();
}
Token.Close();
Token = newToken;
return(this);
}
public static Process StartWithProcessToken(int pidWithToken, string appToRun, string args, string startupFolder, bool hidden)
{
IntPtr existingProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION, true, (uint)pidWithToken);
if (existingProcessHandle == IntPtr.Zero)
{
return(null);
}
IntPtr existingProcessToken, newToken;
try
{
if (!OpenProcessToken(existingProcessHandle, TOKEN_DUPLICATE, out existingProcessToken))
{
return(null);
}
}
finally
{
CloseHandle(existingProcessHandle);
}
if (existingProcessToken == IntPtr.Zero)
{
return(null);
}
var sa = new SECURITY_ATTRIBUTES();
const uint MAXIMUM_ALLOWED = 0x02000000;
if (!TokensApi.DuplicateTokenEx(existingProcessToken, MAXIMUM_ALLOWED, ref sa, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out newToken))
{
return(null);
}
var STARTF_USESHOWWINDOW = 0x00000001;
var startupInfo = new STARTUPINFO()
{
cb = (int)Marshal.SizeOf(typeof(STARTUPINFO)),
dwFlags = STARTF_USESHOWWINDOW,
wShowWindow = (short)(hidden ? 0 : 1),
};
PROCESS_INFORMATION processInformation;
if (!CreateProcessWithTokenW(newToken, 0, appToRun, $"{appToRun} {args}", 0, IntPtr.Zero, startupFolder, ref startupInfo, out processInformation))
{
return(null);
}
return(Process.GetProcessById(processInformation.dwProcessId));
}
public TokenProvider GetLinkedToken(uint desiredAccess = MAXIMUM_ALLOWED)
{
// Now we allocate a buffer for the integrity level information.
int cb = Marshal.SizeOf <TOKEN_LINKED_TOKEN>();
var pLinkedToken = Marshal.AllocHGlobal(cb);
if (pLinkedToken == IntPtr.Zero)
{
throw new Win32Exception();
}
try
{
// Now we ask for the integrity level information again. This may fail
// if an administrator has added this account to an additional group
// between our first call to GetTokenInformation and this one.
if (!TokensApi.GetTokenInformation(Token.DangerousGetHandle(),
TokensApi.TOKEN_INFORMATION_CLASS.TokenLinkedToken, pLinkedToken, cb,
out cb))
{
throw new Win32Exception();
}
// Marshal the TOKEN_MANDATORY_LABEL struct from native to .NET object.
TOKEN_LINKED_TOKEN linkedTokenStruct = (TOKEN_LINKED_TOKEN)
Marshal.PtrToStructure(pLinkedToken, typeof(TOKEN_LINKED_TOKEN));
var sa = new SECURITY_ATTRIBUTES();
sa.nLength = 0;
SafeTokenHandle newToken;
if (!TokensApi.DuplicateTokenEx(linkedTokenStruct.LinkedToken, desiredAccess, IntPtr.Zero,
SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out newToken))
{
throw new Win32Exception();
}
CloseHandle(linkedTokenStruct.LinkedToken);
this.Token.Close();
this.Token = newToken;
}
finally
{
Marshal.FreeHGlobal(pLinkedToken);
}
return(this);
}
public static TokenProvider CreateFromProcessToken(int pidWithToken, uint tokenAccess = MAXIMUM_ALLOWED)
{
IntPtr existingProcessHandle = OpenProcess(PROCESS_QUERY_INFORMATION, true, (uint)pidWithToken);
if (existingProcessHandle == IntPtr.Zero)
{
throw new Win32Exception();
}
IntPtr existingProcessToken;
try
{
if (!ProcessApi.OpenProcessToken(existingProcessHandle,
MAXIMUM_ALLOWED
//| TOKEN_ALL_ACCESS,
//| TOKEN_DUPLICATE
//| TokensApi.TOKEN_ADJUST_DEFAULT |
//| TokensApi.TOKEN_QUERY
//| TokensApi.TOKEN_ASSIGN_PRIMARY
//| TOKEN_QUERY_SOURCE
//| TOKEN_IMPERSONATE
//| TOKEN_READ
//| TOKEN_ALL_ACCESS ==> access denied
//| STANDARD_RIGHTS_REQUIRED ==> access denied.
,
out existingProcessToken))
{
throw new Win32Exception();
}
}
finally
{
CloseHandle(existingProcessHandle);
}
if (existingProcessToken == IntPtr.Zero)
{
return(null);
}
var sa = new SECURITY_ATTRIBUTES();
sa.nLength = 0;
uint desiredAccess = MAXIMUM_ALLOWED;
SafeTokenHandle newToken;
if (!TokensApi.DuplicateTokenEx(existingProcessToken, desiredAccess, IntPtr.Zero,
SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out newToken))
{
CloseHandle(existingProcessToken);
throw new Win32Exception();
}
CloseHandle(existingProcessToken);
return(new TokenProvider()
{
Token = newToken
});
}
