/// <summary>
/// Execute a command line.
/// </summary>
/// <param name="cmd">Command line</param>
/// <param name="dir">Working dir. Inherits the current directory if null.</param>
/// <param name="env">Environement variables. Inherits all of them if null.</param>
/// <param name="noWindow">Hides the window if true</param>
public static void Execute(string cmd, string dir
, Hashtable env = null, bool noWindow = false)
{
var si = new Native.STARTUPINFO();
var pi = new Native.PROCESS_INFORMATION();
int createFlags = Native.CREATE_UNICODE_ENVIRONMENT;
if (noWindow)
{
createFlags |= Native.CREATE_NO_WINDOW;
}
StringBuilder envVars = BuildEnvironmentVars(env);
try {
bool success = Native.CreateProcess(null
, cmd
, IntPtr.Zero
, IntPtr.Zero
, false
, createFlags
, envVars
, dir, si, pi);
if (!success)
{
throw new Win32Exception();
}
} finally {
Native.CloseHandle(pi.hThread);
Native.CloseHandle(pi.hProcess);
}
}
/// <summary>
/// Starts a process
/// </summary>
/// <param name="filepath">File path</param>
/// <param name="args">Arguments</param>
/// <param name="dir">Working dir. Inherits the current directory if null</param>
/// <param name="env">Environement variables. Inherits all of them if null</param>
/// <param name="noWindow">Hides the window if true</param>
/// <param name="createJob">Creates a Job if true</param>
/// <returns></returns>
public static ProcessExt Start(string filepath, IEnumerable args
, string dir, Hashtable env, bool noWindow, bool createJob) {
string cmd = ProcessExt.BuildCommandLine(filepath, args);
StringBuilder envVars = BuildEnvironmentVars(env);
var si = new Native.STARTUPINFO();
var pi = new Native.PROCESS_INFORMATION();
int createFlags = Native.CREATE_UNICODE_ENVIRONMENT;
if (noWindow)
createFlags |= Native.CREATE_NO_WINDOW;
if (createJob) {
createFlags |= Native.CREATE_SUSPENDED;
IntPtr curProc = Native.GetCurrentProcess();
try {
bool isProcessInJob = false;
if (!Native.IsProcessInJob(curProc, IntPtr.Zero, out isProcessInJob))
throw new Win32Exception();
if (isProcessInJob)
createFlags |= Native.CREATE_BREAKAWAY_FROM_JOB;
} finally {
Native.CloseHandle(curProc);
}
}
bool success = Native.CreateProcess(null
, cmd
, IntPtr.Zero
, IntPtr.Zero
, false
, createFlags
, envVars
, dir, si, pi);
if (!success)
throw new Win32Exception();
IntPtr hJob = IntPtr.Zero;
try {
if (createJob) {
hJob = AssignProcessToNewJob(pi.hProcess, null);
if (-1 == Native.ResumeThread(pi.hThread))
throw new Win32Exception();
}
} catch {
Native.CloseHandle(pi.hProcess);
Native.CloseHandle(hJob);
throw;
} finally {
Native.CloseHandle(pi.hThread);
}
return new ProcessExt(pi.dwProcessId, pi.hProcess, hJob);
}
public static void PrisonCreateProcessAsUserFakes(Native.PROCESS_INFORMATION processInfo)
{
//shim Prison.GetDefaultEnvironmentVarialbes
ShimPrison.AllInstances.GetDefaultEnvironmentVarialbes = (pris) => { return(new Dictionary <string, string>()); };
ShimPrison.AllInstances.NativeCreateProcessAsUserBooleanStringStringString = (pris, interactive, filename, arguments, envBlock) =>
{
return(processInfo);
};
}
public void TestSimpleEcho()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 0; };
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return processInfo.dwProcessId; };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; };
Process procAddedToJob = null;
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(procAddedToJob.Id, process.Id);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
public void TestSimpleEcho()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(0); };
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return(processInfo.dwProcessId); };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); };
Process procAddedToJob = null;
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { procAddedToJob = proc; return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(procAddedToJob.Id, process.Id);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
public void PrisonApplyWindowStationTest()
{
using (ShimsContext.Create())
{
int winStationPtr = 2658;
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr);
string username = null;
ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); };
ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return(new IntPtr(winStationPtr)); };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.WindowStation;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(0); };
ShimProcess.GetProcessByIdInt32 = (id) => { return(new Process()); };
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { };
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username));
}
}
public void PrisonApplyWindowStationTest()
{
using (ShimsContext.Create())
{
int winStationPtr = 2658;
PrisonTestsHelper.PrisonLockdownFakes();
PrisonTestsHelper.ApplyWindowStationRuleFakes(winStationPtr);
string username = null;
ShimWindowStation.NativeOpenWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); };
ShimWindowStation.NativeCreateWindowStationString = (user) => { username = user; return new IntPtr(winStationPtr); };
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.CellType |= RuleType.WindowStation;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 0; };
ShimProcess.GetProcessByIdInt32 = (id) => { return new Process(); };
ShimJobObject.AllInstances.AddProcessProcess = (jobObject, proc) => { return; };
ShimPrison.AllInstances.AddProcessToGuardJobObjectProcess = (fakePrison, proc) => { return; };
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { };
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
Assert.AreEqual(prison.desktopName, string.Format(@"{0}\Default", username));
}
}
public int StartProcess(ProcessStartInfo processStartInfo)
{
LogInOtherUser(processStartInfo);
Native.STARTUPINFO startUpInfo = new Native.STARTUPINFO();
startUpInfo.cb = Marshal.SizeOf(startUpInfo);
startUpInfo.lpDesktop = string.Empty;
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION();
bool processStarted = Native.CreateProcessAsUser(UserToken, processStartInfo.FileName, processStartInfo.Arguments,
IntPtr.Zero, IntPtr.Zero, true, 0, IntPtr.Zero, null,
ref startUpInfo, out processInfo);
if (!processStarted)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
uint processId = processInfo.dwProcessId;
Native.CloseHandle(processInfo.hProcess);
Native.CloseHandle(processInfo.hThread);
return((int)processId);
}
/// <summary>
/// Starts the application, injecting Reloaded into it.
/// </summary>
public void Start()
{
// Start up the process
Native.STARTUPINFO startupInfo = new Native.STARTUPINFO();
Native.SECURITY_ATTRIBUTES lpProcessAttributes = new Native.SECURITY_ATTRIBUTES();
Native.SECURITY_ATTRIBUTES lpThreadAttributes = new Native.SECURITY_ATTRIBUTES();
Native.PROCESS_INFORMATION processInformation = new Native.PROCESS_INFORMATION();
if (_arguments == null)
{
_arguments = "";
}
bool success = Native.CreateProcessW(null, $"\"{_location}\" {_arguments}", ref lpProcessAttributes,
ref lpThreadAttributes, false, Native.ProcessCreationFlags.CREATE_SUSPENDED,
IntPtr.Zero, Path.GetDirectoryName(_location) !, ref startupInfo, ref processInformation);
if (!success)
{
string windowsErrorMessage = new Win32Exception(Marshal.GetLastWin32Error()).Message;
throw new ArgumentException($"{Resources.ErrorFailedToStartProcess.Get()} {windowsErrorMessage}");
}
// DLL Injection
var process = Process.GetProcessById((int)processInformation.dwProcessId);
var injector = new ApplicationInjector(process);
try
{
injector.Inject();
}
catch (Exception)
{
Native.ResumeThread(processInformation.hThread);
throw;
}
Native.ResumeThread(processInformation.hThread);
}
/// <summary>
/// Execute a command line.
/// </summary>
/// <param name="cmd">Command line</param>
/// <param name="dir">Working dir. Inherits the current directory if null.</param>
/// <param name="env">Environement variables. Inherits all of them if null.</param>
/// <param name="noWindow">Hides the window if true</param>
public static void Execute(string cmd, string dir
, Hashtable env = null, bool noWindow = false) {
var si = new Native.STARTUPINFO();
var pi = new Native.PROCESS_INFORMATION();
int createFlags = Native.CREATE_UNICODE_ENVIRONMENT;
if (noWindow)
createFlags |= Native.CREATE_NO_WINDOW;
StringBuilder envVars = BuildEnvironmentVars(env);
try {
bool success = Native.CreateProcess(null
, cmd
, IntPtr.Zero
, IntPtr.Zero
, false
, createFlags
, envVars
, dir, si, pi);
if (!success)
throw new Win32Exception();
} finally {
Native.CloseHandle(pi.hThread);
Native.CloseHandle(pi.hProcess);
}
}
public void TestSimpleEchoChangedSession()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return 12; };
ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; };
StubIExecutor exec = new StubIExecutor();
ShimChannelFactory<IExecutor>.AllInstances.CreateChannel = (executor) => { return exec; };
exec.ExecuteProcessPrisonStringStringDictionaryOfStringString =
(fakePrison, filename, arguments, extraEnvironmentVariables) =>
{
return processInfo.dwProcessId;
};
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return processInfo.dwProcessId; };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return (Process)shimedProcess; };
ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
/// <summary>
/// Starts a process
/// </summary>
/// <param name="filepath">File path</param>
/// <param name="args">Arguments</param>
/// <param name="dir">Working dir. Inherits the current directory if null</param>
/// <param name="env">Environement variables. Inherits all of them if null</param>
/// <param name="noWindow">Hides the window if true</param>
/// <param name="createJob">Creates a Job if true</param>
/// <returns></returns>
public static ProcessExt Start(string filepath, IEnumerable args
, string dir, Hashtable env, bool noWindow, bool createJob)
{
string cmd = ProcessExt.BuildCommandLine(filepath, args);
StringBuilder envVars = BuildEnvironmentVars(env);
var si = new Native.STARTUPINFO();
var pi = new Native.PROCESS_INFORMATION();
int createFlags = Native.CREATE_UNICODE_ENVIRONMENT;
if (noWindow)
{
createFlags |= Native.CREATE_NO_WINDOW;
}
IntPtr hJob = IntPtr.Zero;
bool success = false;
if (createJob)
{
IntPtr curProc = Native.GetCurrentProcess();
bool isProcessInJob = false;
success = Native.IsProcessInJob(curProc, IntPtr.Zero, out isProcessInJob);
Native.CloseHandle(curProc);
if (success)
{
int createFlagsJob = createFlags | Native.CREATE_SUSPENDED;
if (isProcessInJob)
{
createFlagsJob |= Native.CREATE_BREAKAWAY_FROM_JOB;
}
success = Native.CreateProcess(null
, cmd
, IntPtr.Zero
, IntPtr.Zero
, false
, createFlagsJob
, envVars
, dir, si, pi);
if (success)
{
success = AssignProcessToNewJob(pi.hProcess, null, out hJob);
if (success)
{
if (-1 == Native.ResumeThread(pi.hThread))
{
throw new Win32Exception();
}
}
else
{
Native.TerminateProcess(pi.hProcess, -1);
Native.CloseHandle(pi.hProcess);
Native.CloseHandle(pi.hThread);
Native.CloseHandle(hJob);
hJob = IntPtr.Zero;
}
}
}
}
if (!success)
{
success = Native.CreateProcess(null
, cmd
, IntPtr.Zero
, IntPtr.Zero
, false
, createFlags
, envVars
, dir, si, pi);
if (!success)
{
throw new Win32Exception();
}
}
return(new ProcessExt(pi.dwProcessId, pi.hProcess, hJob));
}
public void TestSimpleEchoChangedSession()
{
using (ShimsContext.Create())
{
// shim Prison.Lockdown
PrisonTestsHelper.PrisonLockdownFakes();
Prison prison = new Prison();
prison.Tag = "uhtst";
PrisonRules prisonRules = new PrisonRules();
prisonRules.CellType = RuleType.None;
prisonRules.PrisonHomePath = @"c:\prison_tests\p3";
prison.Lockdown(prisonRules);
// shim Prison.Execute
Native.PROCESS_INFORMATION processInfo = new Native.PROCESS_INFORMATION
{
hProcess = new IntPtr(2400),
hThread = new IntPtr(2416),
dwProcessId = 5400,
dwThreadId = 4544
};
PrisonTestsHelper.PrisonCreateProcessAsUserFakes(processInfo);
ShimPrison.GetCurrentSessionId = () => { return(12); };
ShimPrison.InitChangeSessionServiceString = (tempSeriviceId) => { return; };
StubIExecutor exec = new StubIExecutor();
ShimChannelFactory <IExecutor> .AllInstances.CreateChannel = (executor) => { return(exec); };
exec.ExecuteProcessPrisonStringStringDictionaryOfStringString =
(fakePrison, filename, arguments, extraEnvironmentVariables) =>
{
return(processInfo.dwProcessId);
};
var shimedProcess = new ShimProcess();
shimedProcess.IdGet = () => { return(processInfo.dwProcessId); };
var raisingEventsChangedTo = false;
shimedProcess.EnableRaisingEventsSetBoolean = (value) => { raisingEventsChangedTo = value; };
ShimProcess.GetProcessByIdInt32 = (id) => { return((Process)shimedProcess); };
ShimPrison.AllInstances.CloseRemoteSessionIExecutor = (fakePrison, executor) => { return; };
var processIdResumed = 0;
ShimPrison.AllInstances.ResumeProcessProcess = (fakePrison, pProcess) => { processIdResumed = pProcess.Id; };
ShimPrison.RemoveChangeSessionServiceString = (sessionId) => { return; };
// Act
Process process = prison.Execute(
@"c:\windows\system32\cmd.exe",
@"/c echo test");
// Assert
Assert.AreEqual(processInfo.dwProcessId, process.Id);
Assert.AreEqual(processInfo.dwProcessId, processIdResumed);
Assert.AreEqual(true, raisingEventsChangedTo);
}
}
