/// <summary> /// Query a license value. While technically not directly a registry key /// it has many of the same properties such as using the same registry /// value types. /// </summary> /// <param name="name">The name of the license value.</param> /// <param name="throw_on_error">True to throw an exception on error</param> /// <returns>The license value key</returns> public static NtResult <NtKeyValue> QueryLicenseValue(string name, bool throw_on_error) { RegistryValueType type; int ret_length; UnicodeString name_string = new UnicodeString(name); NtStatus status = NtSystemCalls.NtQueryLicenseValue(name_string, out type, SafeHGlobalBuffer.Null, 0, out ret_length); if (status != NtStatus.STATUS_BUFFER_TOO_SMALL) { return(status.CreateResultFromError <NtKeyValue>(throw_on_error)); } using (var buffer = new SafeHGlobalBuffer(ret_length)) { return(NtSystemCalls.NtQueryLicenseValue(name_string, out type, buffer, buffer.Length, out ret_length) .CreateResult(throw_on_error, () => new NtKeyValue(name, type, buffer.ToArray(), 0))); } }
/// <summary> /// Get security descriptor as a byte array /// </summary> /// <param name="security_information">What parts of the security descriptor to retrieve</param> /// <param name="throw_on_error">True to throw on error.</param> /// <return>The NT status result and security descriptor.</return> public NtResult <byte[]> GetSecurityDescriptorBytes(SecurityInformation security_information, bool throw_on_error) { // Just do a check here, no point checking if ReadControl not available. if (!IsAccessMaskGranted(GenericAccessRights.ReadControl)) { return(NtStatus.STATUS_ACCESS_DENIED.CreateResultFromError <byte[]>(throw_on_error)); } NtStatus status = NtSystemCalls.NtQuerySecurityObject(Handle, security_information, null, 0, out int return_length); if (status != NtStatus.STATUS_BUFFER_TOO_SMALL) { return(status.CreateResult(throw_on_error, () => new byte[0])); } byte[] buffer = new byte[return_length]; return(NtSystemCalls.NtQuerySecurityObject(Handle, security_information, buffer, buffer.Length, out return_length).CreateResult(throw_on_error, () => buffer)); }
/// <summary> /// Set the cached signing level for a file. /// </summary> /// <param name="handle">The handle to the file to set the cache on.</param> /// <param name="flags">Flags to set for the cache.</param> /// <param name="signing_level">The signing level to cache</param> /// <param name="source_files">A list of source file for the cache.</param> /// <param name="catalog_path">Optional directory path to look for catalog files.</param> public static void SetCachedSigningLevel(SafeKernelObjectHandle handle, int flags, SigningLevel signing_level, IEnumerable <SafeKernelObjectHandle> source_files, string catalog_path) { IntPtr[] handles = source_files?.Select(f => f.DangerousGetHandle()).ToArray(); int handles_count = handles == null ? 0 : handles.Length; if (catalog_path != null) { CachedSigningLevelInformation info = new CachedSigningLevelInformation(catalog_path); NtSystemCalls.NtSetCachedSigningLevel2(flags, signing_level, handles, handles_count, handle, info).ToNtException(); } else { NtSystemCalls.NtSetCachedSigningLevel(flags, signing_level, handles, handles_count, handle).ToNtException(); } }
/// <summary> /// Create a kernel dump for current system. /// </summary> /// <param name="path">The path to the output file.</param> /// <param name="flags">Flags</param> /// <param name="page_flags">Page flags</param> public static void CreateKernelDump(string path, SystemDebugKernelDumpControlFlags flags, SystemDebugKernelDumpPageControlFlags page_flags) { NtToken.EnableDebugPrivilege(); using (NtFile file = NtFile.Create(path, FileAccessRights.Synchronize | FileAccessRights.GenericWrite | FileAccessRights.GenericRead, FileShareMode.Read, FileOpenOptions.SynchronousIoNonAlert | FileOpenOptions.WriteThrough | FileOpenOptions.NoIntermediateBuffering, FileDisposition.OverwriteIf, null)) { using (var buffer = new SystemDebugKernelDumpConfig() { FileHandle = file.Handle.DangerousGetHandle(), Flags = flags, PageFlags = page_flags }.ToBuffer()) { NtSystemCalls.NtSystemDebugControl(SystemDebugCommand.SysDbgGetLiveKernelDump, buffer, buffer.Length, SafeHGlobalBuffer.Null, 0, out int ret_length).ToNtException(); } } }
/// <summary> /// Query memory information for a process. /// </summary> /// <param name="process">The process to query.</param> /// <param name="base_address">The base address.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The memory information for the region.</returns> /// <exception cref="NtException">Thrown on error.</exception> public static NtResult <MemoryInformation> QueryMemoryInformation(SafeKernelObjectHandle process, long base_address, bool throw_on_error) { MemoryBasicInformation basic_info = new MemoryBasicInformation(); string mapped_image_path = string.Empty; using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>()) { NtStatus status = NtSystemCalls.NtQueryVirtualMemory(process, new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation, buffer, buffer.LengthIntPtr, out IntPtr ret_length); if (!status.IsSuccess()) { return(status.CreateResultFromError <MemoryInformation>(throw_on_error)); } basic_info = buffer.Result; } MemoryRegionInformation region_info = new MemoryRegionInformation(); using (var buffer = new SafeStructureInOutBuffer <MemoryRegionInformation>()) { NtStatus status = NtSystemCalls.NtQueryVirtualMemory(process, new IntPtr(base_address), MemoryInformationClass.MemoryRegionInformationEx, buffer, buffer.LengthIntPtr, out IntPtr ret_length); if (status.IsSuccess()) { region_info = buffer.Result; } } if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped) { var name = QuerySectionName(process, base_address, false); if (name.IsSuccess) { mapped_image_path = name.Result; } } return(new MemoryInformation(basic_info, mapped_image_path, region_info).CreateResult()); }
/// <summary> /// Do an access check between a security descriptor and a token to determine the allowed access. /// </summary> /// <param name="sd">The security descriptor</param> /// <param name="token">The access token.</param> /// <param name="access_rights">The set of access rights to check against</param> /// <param name="principal">An optional principal SID used to replace the SELF SID in a security descriptor.</param> /// <param name="generic_mapping">The type specific generic mapping (get from corresponding NtType entry).</param> /// <returns>The allowed access mask as a unsigned integer.</returns> /// <exception cref="NtException">Thrown if an error occurred in the access check.</exception> public static AccessMask GetAllowedAccess(SecurityDescriptor sd, NtToken token, AccessMask access_rights, Sid principal, GenericMapping generic_mapping) { if (sd == null) { throw new ArgumentNullException("sd"); } if (token == null) { throw new ArgumentNullException("token"); } if (access_rights.IsEmpty) { return(AccessMask.Empty); } using (SafeBuffer sd_buffer = sd.ToSafeBuffer()) { using (NtToken imp_token = DuplicateForAccessCheck(token)) { using (var privs = new SafePrivilegeSetBuffer()) { int buffer_length = privs.Length; using (var self_sid = principal != null ? principal.ToSafeBuffer() : SafeSidBufferHandle.Null) { NtSystemCalls.NtAccessCheckByType(sd_buffer, self_sid, imp_token.Handle, access_rights, SafeHGlobalBuffer.Null, 0, ref generic_mapping, privs, ref buffer_length, out AccessMask granted_access, out NtStatus result_status).ToNtException(); if (result_status.IsSuccess()) { return(granted_access); } return(AccessMask.Empty); } } } } }
/// <summary> /// Query state data for the WNF object. /// </summary> /// <param name="type_id">Optional Type ID.</param> /// <param name="explicit_scope">Optional explicit scope.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The state data.</returns> public NtResult <WnfStateData> QueryStateData(WnfTypeId type_id, IntPtr explicit_scope, bool throw_on_error) { int tries = 10; int size = 4096; while (tries-- > 0) { using (var buffer = new SafeHGlobalBuffer(size)) { NtStatus status = NtSystemCalls.NtQueryWnfStateData(StateName, type_id, explicit_scope, out int changestamp, buffer, ref size); if (status == NtStatus.STATUS_BUFFER_TOO_SMALL) { continue; } return(status.CreateResult(throw_on_error, () => new WnfStateData(buffer.ReadBytes(size), changestamp))); } } return(NtStatus.STATUS_BUFFER_TOO_SMALL.CreateResultFromError <WnfStateData>(throw_on_error)); }
/// <summary> /// Read structured memory array from a process. /// </summary> /// <param name="process">The process to read from.</param> /// <param name="base_address">The base address in the process.</param> /// <param name="count">The number of elements in the array to read.</param> /// <returns>The read structure.</returns> /// <exception cref="NtException">Thrown on error.</exception> /// <typeparam name="T">Type of structure to read.</typeparam> public static T[] ReadMemoryArray <T>(SafeKernelObjectHandle process, long base_address, int count) where T : new() { int element_size = Marshal.SizeOf(typeof(T)); using (var buffer = new SafeHGlobalBuffer(element_size * count)) { NtSystemCalls.NtReadVirtualMemory(process, new IntPtr(base_address), buffer, buffer.Length, out int return_length).ToNtException(); if (return_length != buffer.Length) { throw new NtException(NtStatus.STATUS_PARTIAL_COPY); } T[] result = new T[count]; for (int i = 0; i < count; ++i) { int offset = i * element_size; result[i] = (T)Marshal.PtrToStructure(buffer.DangerousGetHandle() + offset, typeof(T)); } return(result); } }
/// <summary> /// Enumerate window handles. /// </summary> /// <param name="desktop">Desktop containing the Windows. Optional.</param> /// <param name="parent">The parent Window. Optional.</param> /// <param name="enum_children">True to enumerate child Windows.</param> /// <param name="hide_immersive">Hide immersive Windows.</param> /// <param name="thread_id">The thread ID that owns the Window.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The enumerated Window Handles.</returns> public static NtResult <IEnumerable <NtWindow> > GetWindows(NtDesktop desktop, NtWindow parent, bool enum_children, bool hide_immersive, int thread_id, bool throw_on_error) { int count = 64; while (true) { IntPtr[] handles = new IntPtr[count]; NtStatus status = NtSystemCalls.NtUserBuildHwndList(desktop.GetHandle(), parent.Handle, enum_children, hide_immersive, thread_id, handles.Length, handles, out int required_count); if (status.IsSuccess()) { return(handles.Take(required_count).Select(i => new NtWindow(i)).CreateResult()); } if (status != NtStatus.STATUS_BUFFER_TOO_SMALL || count > required_count) { return(status.CreateResultFromError <IEnumerable <NtWindow> >(throw_on_error)); } count = required_count; } }
/// <summary> /// Get a list of handles /// </summary> /// <param name="pid">A process ID to filter on. If -1 will get all handles</param> /// <param name="allow_query">True to allow the handles returned to query for certain properties</param> /// <returns>The list of handles</returns> public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query) { SafeHGlobalBuffer handleInfo = new SafeHGlobalBuffer(0x10000); try { NtStatus status = 0; int return_length = 0; while ((status = NtSystemCalls.NtQuerySystemInformation(SystemInformationClass.SystemHandleInformation, handleInfo.DangerousGetHandle(), handleInfo.Length, out return_length)) == NtStatus.STATUS_INFO_LENGTH_MISMATCH) { int length = handleInfo.Length * 2; handleInfo.Close(); handleInfo = new SafeHGlobalBuffer(length); } status.ToNtException(); IntPtr handleInfoBuf = handleInfo.DangerousGetHandle(); int handle_count = Marshal.ReadInt32(handleInfoBuf); List <NtHandle> ret = new List <NtHandle>(); handleInfoBuf += IntPtr.Size; for (int i = 0; i < handle_count; ++i) { SystemHandleTableInfoEntry entry = (SystemHandleTableInfoEntry)Marshal.PtrToStructure(handleInfoBuf, typeof(SystemHandleTableInfoEntry)); if (pid == -1 || entry.UniqueProcessId == pid) { ret.Add(new NtHandle(entry, allow_query)); } handleInfoBuf += Marshal.SizeOf(typeof(SystemHandleTableInfoEntry)); } return(ret); } finally { handleInfo.Close(); } }
/// <summary> /// Create a Window Station by name. /// </summary> /// <param name="object_attributes">Object attributes for the Window Station.</param> /// <param name="desired_access">Desired access for the Window Station.</param> /// <param name="kbd_dll_path">Path to Keyboard DLL e.g. kbusa.dll.</param> /// <param name="keyboard_locale">Locale ID, e.g. 0x4090409.</param> /// <param name="language_id">Language ID e.g. 0x409.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The Window Station.</returns> public static NtResult <NtWindowStation> Create(ObjectAttributes object_attributes, WindowStationAccessRights desired_access, string kbd_dll_path, int language_id, int keyboard_locale, bool throw_on_error) { string dll_path; IntPtr layout_offset; IntPtr nls_offset; using (var kbd_dll = SafeLoadLibraryHandle.LoadLibrary(kbd_dll_path, LoadLibraryFlags.None, throw_on_error)) { if (!kbd_dll.IsSuccess) { return(kbd_dll.Cast <NtWindowStation>()); } dll_path = kbd_dll.Result.FullPath; layout_offset = GetKdbLayoutOffset(kbd_dll.Result, 1); nls_offset = GetKdbLayoutOffset(kbd_dll.Result, 2); } using (var buffer = new SafeHGlobalBuffer(0x318)) { BufferUtils.FillBuffer(buffer, 0); using (var file = NtFile.Open(NtFileUtils.DosFileNameToNt(dll_path), null, FileAccessRights.GenericRead | FileAccessRights.Synchronize, FileShareMode.Read | FileShareMode.Delete, FileOpenOptions.NonDirectoryFile | FileOpenOptions.SynchronousIoNonAlert, throw_on_error)) { if (!file.IsSuccess) { return(file.Cast <NtWindowStation>()); } var handle = NtSystemCalls.NtUserCreateWindowStation(object_attributes, desired_access, file.Result.Handle, layout_offset, nls_offset, buffer, new UnicodeString($"{language_id:X08}"), keyboard_locale); if (handle.IsInvalid) { return(NtObjectUtils.CreateResultFromDosError <NtWindowStation>(throw_on_error)); } return(new NtWindowStation(handle).CreateResult()); } } }
/// <summary> /// Query the directory for a list of entries. /// </summary> /// <returns>The list of entries.</returns> /// <exception cref="NtException">Thrown on error</exception> public IEnumerable <ObjectDirectoryInformation> Query() { string base_path = FullPath.TrimEnd('\\'); using (SafeStructureInOutBuffer <OBJECT_DIRECTORY_INFORMATION> buffer = new SafeStructureInOutBuffer <OBJECT_DIRECTORY_INFORMATION>(2048, true)) { NtStatus status; int context = 0; int return_length = 0; while ((status = NtSystemCalls.NtQueryDirectoryObject(Handle, buffer, buffer.Length, false, true, ref context, out return_length)) == NtStatus.STATUS_MORE_ENTRIES) { buffer.Resize(buffer.Length * 2); } if (status == NtStatus.STATUS_NO_MORE_ENTRIES) { yield break; } status.ToNtException(); IntPtr current = buffer.DangerousGetHandle(); string name = String.Empty; while (true) { OBJECT_DIRECTORY_INFORMATION dir_info = (OBJECT_DIRECTORY_INFORMATION)Marshal.PtrToStructure(current, typeof(OBJECT_DIRECTORY_INFORMATION)); name = dir_info.Name.ToString(); if (name.Length == 0) { break; } yield return(new ObjectDirectoryInformation(this, base_path, dir_info)); current += Marshal.SizeOf(dir_info); } } }
private SafeStructureInOutBuffer <T> Query <T>(ProcessInfoClass info_class) where T : new() { int return_length = 0; NtStatus status = NtSystemCalls.NtQueryInformationProcess(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length); if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL) { throw new NtException(status); } SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false); try { NtSystemCalls.NtQueryInformationProcess(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException(); return(buffer); } catch { buffer.Close(); throw; } }
private NtResult <IContext> GetAmd64Context(ContextFlags flags, bool throw_on_error) { var context = new ContextAmd64 { ContextFlags = flags }; // Buffer needs to be 16 bytes aligned, so allocate some extract space in case. using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16)) { int write_ofs = 0; long ptr = buffer.DangerousGetHandle().ToInt64(); // Almost certainly 16 byte aligned, but just in case. if ((ptr & 0xF) != 0) { write_ofs = (int)(0x10 - (ptr & 0xF)); } Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false); var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs); return(NtSystemCalls.NtGetContextThread(Handle, sbuffer).CreateResult(throw_on_error, () => sbuffer.Result).Cast <IContext>()); } }
private IContext GetAmd64Context(ContextFlags flags) { var context = new ContextAmd64(); context.ContextFlags = flags; // Buffer needs to be 16 bytes aligned, so allocate some extract space in case. using (var buffer = new SafeHGlobalBuffer(Marshal.SizeOf(context) + 16)) { int write_ofs = 0; long ptr = buffer.DangerousGetHandle().ToInt64(); // Almost certainly 8 byte aligned, but just in case. if ((ptr & 0xF) != 0) { write_ofs = (int)(0x10 - (ptr & 0xF)); } Marshal.StructureToPtr(context, buffer.DangerousGetHandle() + write_ofs, false); var sbuffer = buffer.GetStructAtOffset <ContextAmd64>(write_ofs); NtSystemCalls.NtGetContextThread(Handle, sbuffer).ToNtException(); return(sbuffer.Result); } }
private static SafeHGlobalBuffer EnumEnvironmentValues(SystemEnvironmentValueInformationClass info_class) { int ret_length = 0; NtStatus status = NtSystemCalls.NtEnumerateSystemEnvironmentValuesEx(info_class, SafeHGlobalBuffer.Null, ref ret_length); if (status != NtStatus.STATUS_BUFFER_TOO_SMALL) { throw new NtException(status); } var buffer = new SafeHGlobalBuffer(ret_length); try { ret_length = buffer.Length; NtSystemCalls.NtEnumerateSystemEnvironmentValuesEx(info_class, buffer, ref ret_length).ToNtException(); return(buffer); } catch { buffer.Dispose(); throw; } }
/// <summary> /// Query memory information for a process. /// </summary> /// <param name="process">The process to query.</param> /// <param name="base_address">The base address.</param> /// <returns>The memory information for the region.</returns> /// <exception cref="NtException">Thrown on error.</exception> public static MemoryInformation QueryMemoryInformation(SafeKernelObjectHandle process, long base_address) { MemoryBasicInformation basic_info = new MemoryBasicInformation(); string mapped_image_path = String.Empty; using (var buffer = new SafeStructureInOutBuffer <MemoryBasicInformation>()) { NtSystemCalls.NtQueryVirtualMemory(process, new IntPtr(base_address), MemoryInformationClass.MemoryBasicInformation, buffer, buffer.LengthIntPtr, out IntPtr ret_length).ToNtException(); basic_info = buffer.Result; } if (basic_info.Type == MemoryType.Image || basic_info.Type == MemoryType.Mapped) { var name = QuerySectionName(process, base_address, false); if (name.IsSuccess) { mapped_image_path = name.Result; } } return(new MemoryInformation(basic_info, mapped_image_path)); }
private SafeStructureInOutBuffer <T> QueryKey <T>(KeyInformationClass info_class) where T : new() { int return_length; NtStatus status = NtSystemCalls.NtQueryKey(Handle, info_class, SafeHGlobalBuffer.Null, 0, out return_length); if (status != NtStatus.STATUS_BUFFER_OVERFLOW && status != NtStatus.STATUS_INFO_LENGTH_MISMATCH && status != NtStatus.STATUS_BUFFER_TOO_SMALL) { status.ToNtException(); } SafeStructureInOutBuffer <T> buffer = new SafeStructureInOutBuffer <T>(return_length, false); try { NtSystemCalls.NtQueryKey(Handle, info_class, buffer, buffer.Length, out return_length).ToNtException(); return(Interlocked.Exchange(ref buffer, null)); } finally { if (buffer != null) { buffer.Close(); } } }
private static Dictionary <string, NtType> LoadTypes() { var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly()); using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>()) { Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); int return_length; NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation, type_info.DangerousGetHandle(), type_info.Length, out return_length); if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH) { status.ToNtException(); } type_info.Resize(return_length); int alignment = IntPtr.Size - 1; NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation, type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException(); ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); string name = info.Name.ToString(); NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory; NtType ti = new NtType(count + 2, info, factory); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } return(ret); } }
/// <summary> /// Create an event object /// </summary> /// <param name="object_attributes">The event object attributes</param> /// <param name="type">The type of the event</param> /// <param name="initial_state">The initial state of the event</param> /// <param name="desired_access">The desired access for the event</param> /// <param name="throw_on_error">True to throw an exception on error.</param> /// <returns>The NT status code and object result.</returns> public static NtResult <NtEvent> Create(ObjectAttributes object_attributes, EventType type, bool initial_state, EventAccessRights desired_access, bool throw_on_error) { SafeKernelObjectHandle handle; return(NtSystemCalls.NtCreateEvent(out handle, desired_access, object_attributes, type, initial_state).CreateResult(throw_on_error, () => new NtEvent(handle))); }
/// <summary> /// Method to query information for this object type. /// </summary> /// <param name="info_class">The information class.</param> /// <param name="buffer">The buffer to return data in.</param> /// <param name="return_length">Return length from the query.</param> /// <returns>The NT status code for the query.</returns> public override NtStatus QueryInformation(EventInformationClass info_class, SafeBuffer buffer, out int return_length) { return(NtSystemCalls.NtQueryEvent(Handle, info_class, buffer, buffer.GetLength(), out return_length)); }
/// <summary> /// Pulse the event state. /// </summary> /// <param name="throw_on_error">True to throw an exception on error.</param> /// <returns>The previous state of the event and NT status.</returns> public NtResult <int> Pulse(bool throw_on_error) { return(NtSystemCalls.NtPulseEvent(Handle, out int previous_state).CreateResult(throw_on_error, () => previous_state)); }
/// <summary> /// Clear the event state /// </summary> /// <param name="throw_on_error">True to throw an exception on error.</param> /// <returns>The NT status code.</returns> public NtStatus Clear(bool throw_on_error) { return(NtSystemCalls.NtClearEvent(Handle).ToNtException(throw_on_error)); }
/// <summary> /// Open an event object /// </summary> /// <param name="object_attributes">The event object attributes</param> /// <param name="desired_access">The desired access for the event</param> /// <param name="throw_on_error">True to throw an exception on error.</param> /// <returns>The NT status code and object result.</returns> public static NtResult <NtEvent> Open(ObjectAttributes object_attributes, EventAccessRights desired_access, bool throw_on_error) { SafeKernelObjectHandle handle; return(NtSystemCalls.NtOpenEvent(out handle, desired_access, object_attributes).CreateResult(throw_on_error, () => new NtEvent(handle))); }
/// <summary> /// Make the object a permanent object /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus MakePermanent(bool throw_on_error) => NtSystemCalls.NtMakePermanentObject(Handle).ToNtException(throw_on_error);
/// <summary> /// Make the object a temporary object /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus MakeTemporary(bool throw_on_error) => NtSystemCalls.NtMakeTemporaryObject(Handle).ToNtException(throw_on_error);
/// <summary> /// Terminate this job object. /// </summary> /// <param name="status">The termination status.</param> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus Terminate(NtStatus status, bool throw_on_error) { return(NtSystemCalls.NtTerminateJobObject(Handle, status).ToNtException(throw_on_error)); }
/// <summary> /// Assign a process to this job object. /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <param name="process">The process to assign.</param> /// <returns>The NT status code.</returns> public NtStatus AssignProcess(NtProcess process, bool throw_on_error) { return(NtSystemCalls.NtAssignProcessToJobObject(Handle, process.Handle).ToNtException(throw_on_error)); }
/// <summary> /// Convert Job object into a Silo /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The NT status code.</returns> public NtStatus CreateSilo(bool throw_on_error) { return(NtSystemCalls.NtSetInformationJobObject(Handle, JobObjectInformationClass.JobObjectCreateSilo, SafeHGlobalBuffer.Null, 0).ToNtException(throw_on_error)); }
/// <summary> /// Method to set information for this object type. /// </summary> /// <param name="info_class">The information class.</param> /// <param name="buffer">The buffer to set data from.</param> /// <returns>The NT status code for the set.</returns> public override NtStatus SetInformation(ResourceManagerInformationClass info_class, SafeBuffer buffer) { return(NtSystemCalls.NtSetInformationResourceManager(Handle, info_class, buffer, buffer.GetLength())); }