public static extern bool SetSecurityDescriptorDacl(ref Winnt._SECURITY_DESCRIPTOR pSecurityDescriptor, bool bDaclPresent, ref Winnt._ACL pDacl, bool bDaclDefaulted);
internal void UpdateSecurityDacl(IntPtr hToken) { TokenInformation tokenInformation = new TokenInformation(hToken); tokenInformation.GetTokenUser(); #region Windows Station IntPtr hWindowStation = user32.GetProcessWindowStation(); if (IntPtr.Zero == hWindowStation) { Misc.GetWin32Error("GetProcessWindowStation"); return; } Winnt.SECURITY_INFORMATION pSIRequested = Winnt.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION; //Winnt._SECURITY_DESCRIPTOR pSID = new Winnt._SECURITY_DESCRIPTOR(); uint nLength = 0; user32.GetUserObjectSecurity(hWindowStation, ref pSIRequested, IntPtr.Zero, nLength, ref nLength); IntPtr pSID = Marshal.AllocHGlobal((int)nLength); if (!user32.GetUserObjectSecurity(hWindowStation, ref pSIRequested, pSID, nLength, ref nLength)) { Misc.GetWin32Error("GetUserObjectSecurity"); return; } bool bDaclPresent = false; Winnt._ACL oldACL = new Winnt._ACL(); bool bDaclDefaulted = false; if (!advapi32.GetSecurityDescriptorDacl(pSID, ref bDaclPresent, ref oldACL, ref bDaclDefaulted)) { Misc.GetWin32Error("GetSecurityDescriptorDacl"); return; } if (!bDaclPresent) { Console.WriteLine("[-] DACL not present, attempt a different method"); return; } Accctrl.TRUSTEE_W trustee = new Accctrl.TRUSTEE_W() { pMultipleTrustee = IntPtr.Zero, MultipleTrusteeOperation = Accctrl.MULTIPLE_TRUSTEE_OPERATION.NO_MULTIPLE_TRUSTEE, TrusteeForm = Accctrl.TRUSTEE_FORM.TRUSTEE_IS_SID, TrusteeType = Accctrl.TRUSTEE_TYPE.TRUSTEE_IS_USER, ptstrName = tokenInformation.tokenUser.User.Sid }; Accctrl._EXPLICIT_ACCESS_W explicitAccess = new Accctrl._EXPLICIT_ACCESS_W() { grfAccessMode = Accctrl._ACCESS_MODE.SET_ACCESS, grfAccessPermissions = Winuser.WindowStationSecurity.WINSTA_ALL_ACCESS | Winuser.WindowStationSecurity.READ_CONTROL, grfInheritance = Accctrl.Inheritance.NO_INHERITANCE, Trustee = trustee }; Winnt._ACL newACL = new Winnt._ACL(); uint retVal = advapi32.SetEntriesInAclW(1, ref explicitAccess, oldACL, ref newACL); if (0 != retVal) { Misc.GetWin32Error("SetEntriesInAclW"); return; } Winnt._SECURITY_DESCRIPTOR securityDescriptor = new Winnt._SECURITY_DESCRIPTOR(); if (!advapi32.InitializeSecurityDescriptor(securityDescriptor, 1)) { Misc.GetWin32Error("InitializeSecurityDescriptor"); return; } if (!advapi32.SetSecurityDescriptorDacl(ref securityDescriptor, true, ref newACL, false)) { Misc.GetWin32Error("SetSecurityDescriptorDacl"); return; } if (!user32.SetUserObjectSecurity(hWindowStation, pSIRequested, securityDescriptor)) { Misc.GetWin32Error("SetUserObjectSecurity"); return; } #endregion }
public static extern bool InitializeSecurityDescriptor(Winnt._SECURITY_DESCRIPTOR pSecurityDescriptor, uint dwRevision);
public static extern bool SetUserObjectSecurity(IntPtr hObj, Winnt.SECURITY_INFORMATION pSIRequested, Winnt._SECURITY_DESCRIPTOR pSID);