private void btnImpersonate_Click(object sender, EventArgs e) { TokenImpersonationLevel implevel = TokenImpersonationLevel.Impersonation; try { if (_token.GetTokenType() == TokenType.Impersonation) { implevel = _token.GetImpersonationLevel(); } using (UserToken token = _token.DuplicateToken(TokenType.Impersonation, implevel, (TokenLibrary.TokenIntegrityLevel)comboBoxILForDup.SelectedItem)) { NativeHandle imptoken = null; using (ImpersonateProcess imp = token.Impersonate()) { imptoken = NativeBridge.OpenThreadToken(); } if (imptoken != null) { OpenForm(new UserToken(imptoken), false); } else { MessageBox.Show(this, "Couldn't open thread token", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
static void ConnectTest(int pid, IPEndPoint ep) { using (ImpersonateProcess imp = NativeBridge.Impersonate(pid, TokenSecurityLevel.Impersonate)) { TcpClient client = new TcpClient(); client.Connect(ep); client.Close(); Console.WriteLine("** Opened Connection **"); } }
static void ListenTest(int pid, IPEndPoint ep) { using (ImpersonateProcess imp = NativeBridge.Impersonate(pid, TokenSecurityLevel.Impersonate)) { TcpListener listener = new TcpListener(ep); listener.Start(); Console.WriteLine("Make a connection to {0}", ep); listener.AcceptTcpClient(); Console.WriteLine("** Accepted Connection **"); } }
private void btnCreate_Click(object sender, EventArgs e) { try { using (UserToken token = _token.DuplicateToken(TokenType.Impersonation, TokenLibrary.TokenImpersonationLevel.Impersonation)) { using (ImpersonateProcess imp = token.Impersonate()) { File.WriteAllText(txtFilePath.Text, txtFileContents.Text); } MessageBox.Show(this, "Success", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information); } } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
static bool CheckDevice(string name, bool writable) { bool success = false; try { using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid, _identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate)) { uint access_mask = (uint)GenericAccessRights.GenericRead; if (writable) { access_mask |= (uint)GenericAccessRights.GenericWrite; } FileOpenOptions opts = _open_as_dir ? FileOpenOptions.DIRECTORY_FILE : FileOpenOptions.NON_DIRECTORY_FILE; using (NativeHandle handle = NativeBridge.CreateFileNative(name, access_mask, 0, FileShareMode.All, FileCreateDisposition.Open, opts)) { success = true; } } } catch (Win32Exception ex) { // Ignore access denied and invalid function (indicates there's no IRP_MJ_CREATE handler) if (_show_errors && (ex.NativeErrorCode != 5) && (ex.NativeErrorCode != 1)) { Console.Error.WriteLine("Error checking {0} - {1}", name, ex.Message); } } return(success); }
static void Main(string[] args) { bool show_help = false; _pid = Process.GetCurrentProcess().Id; try { OptionSet opts = new OptionSet() { { "p|pid=", "Specify a PID of a process to impersonate when checking", v => _pid = int.Parse(v.Trim()) }, { "n", "Specifes the list of arguments represents names instead of pids", v => _named_process = v != null }, { "i", "Use an indentify level token when impersonating", v => _identify_only = v != null }, { "t", "Dump accessible threads for process", v => _dump_threads = v != null }, { "k", "Dump tokens for accessible objects", v => _dump_token = v != null }, { "sddl", "Dump SDDL strings for objects", v => _print_sddl = v != null }, { "h|help", "show this message and exit", v => show_help = v != null }, }; List <string> pids = opts.Parse(args).Select(s => s.ToLower()).ToList(); if (show_help) { ShowHelp(opts); } else { IEnumerable <ProcessEntry> processes = new ProcessEntry[0]; if (pids.Count > 0 && !_named_process) { List <ProcessEntry> procs = new List <ProcessEntry>(); using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid, _identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate)) { foreach (string pid_name in pids) { try { procs.Add(new ProcessEntry(NativeBridge.OpenProcess(int.Parse(pid_name)))); } catch (Win32Exception ex) { Console.WriteLine("Error opening pid {0} - {1}", pid_name, ex.Message); } } } processes = procs; } else { try { using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid, _identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate)) { processes = NativeBridge.GetProcesses().Select(h => new ProcessEntry(h)); } if (_named_process && pids.Count > 0) { processes = processes.Where(p => pids.Contains(p.Name.ToLower())); } } catch (Win32Exception ex) { Console.WriteLine(ex); } } List <ProcessEntry> ps = processes.ToList(); ps.Sort((a, b) => a.Pid - b.Pid); processes = ps; foreach (ProcessEntry process in processes) { Console.WriteLine("{0}: {1} {2}", process.Pid, process.Name, process.GetGrantedAccess()); if (_print_sddl && process.StringSecurityDescriptor.Length > 0) { Console.WriteLine("SDDL: {0}", process.StringSecurityDescriptor); } if (_dump_token && process.Token != null) { Console.WriteLine("User: {0}", process.Token.UserName); if (_print_sddl && process.Token.StringSecurityDescriptor.Length > 0) { Console.WriteLine("Token SDDL: {0}", process.Token.StringSecurityDescriptor); } } if (_dump_threads) { foreach (ThreadEntry thread in process.Threads) { Console.WriteLine("-- Thread {0}: {1}", thread.Tid, thread.GetGrantedAccess()); if (_print_sddl && thread.StringSecurityDescriptor.Length > 0) { Console.WriteLine("---- SDDL: {0}", thread.StringSecurityDescriptor); } if (_dump_token && thread.Token != null) { Console.WriteLine("---- Impersonating {0}", thread.Token.UserName); if (_print_sddl && thread.Token.StringSecurityDescriptor.Length > 0) { Console.WriteLine("---- Token SDDL: {0}", thread.Token.StringSecurityDescriptor); } } } } } } } catch (Exception ex) { Console.WriteLine(ex.Message); } }