Esempio n. 1
0
        public void NtConnectPort()
        {
            var    handle           = new AlpcPortHandle();
            var    name             = "\\" + this.GetType().Name + MethodBase.GetCurrentMethod().Name;
            IntPtr optional         = IntPtr.Zero;
            uint   maxMessageLenght = 100;
            var    SecurityQos      = new SECURITY_QUALITY_OF_SERVICE();
            int    status           = NativeMethods.NtConnectPort(out handle, name, ref SecurityQos, out optional, out optional, ref maxMessageLenght, out optional, out optional);

            AlpcErrorHandler.Check(status);
        }
Esempio n. 2
0
        internal static unsafe (uint status, IntPtr handle) NtCreateFile(ReadOnlySpan <char> path, FileMode mode, FileAccess access, FileShare share, FileOptions options, long preallocationSize)
        {
            // For mitigating local elevation of privilege attack through named pipes
            // make sure we always call NtCreateFile with SECURITY_ANONYMOUS so that the
            // named pipe server can't impersonate a high privileged client security context
            SECURITY_QUALITY_OF_SERVICE securityQualityOfService = new SECURITY_QUALITY_OF_SERVICE(
                ImpersonationLevel.Anonymous, // SECURITY_ANONYMOUS
                ContextTrackingMode.Static,
                effectiveOnly: false);

            return(CreateFile(
                       path: path,
                       rootDirectory: IntPtr.Zero,
                       createDisposition: GetCreateDisposition(mode),
                       desiredAccess: GetDesiredAccess(access, mode, options),
                       shareAccess: GetShareAccess(share),
                       fileAttributes: GetFileAttributes(options),
                       createOptions: GetCreateOptions(options),
                       objectAttributes: GetObjectAttributes(share),
                       preallocationSize: &preallocationSize,
                       securityQualityOfService: &securityQualityOfService));
        }
Esempio n. 3
0
        public void NtCreate_Listen_AcceptConnect_Connect()
        {
            var name = "\\" + this.GetType().Name + MethodBase.GetCurrentMethod().Name;

            NAlpc.AlpcPortHandle serverConnectionPort = null;
            var  attributes             = new OBJECT_ATTRIBUTES();
            uint maxMessageLenght       = 30;
            int  serverCreatePortStatus = NativeMethods.NtCreatePort(out serverConnectionPort, ref attributes, 50, maxMessageLenght, 10);

            AlpcErrorHandler.Check(serverCreatePortStatus);
            var msg  = new MY_TRANSFERRED_MESSAGE();
            var wait = Task.Factory.StartNew(() =>
            {
                var serverListenPortStatus = NativeMethods.NtListenPort(serverConnectionPort, ref msg.Header);
                AlpcErrorHandler.Check(serverListenPortStatus);
                NAlpc.AlpcPortHandle serverComuicationPort = null;
                IntPtr optional1            = IntPtr.Zero;
                int serverAcceptConnectPort = NativeMethods.NtAcceptConnectPort(out serverComuicationPort, optional1, ref msg.Header, true, optional1,
                                                                                optional1);
                AlpcErrorHandler.Check(serverAcceptConnectPort);
            });
            var listenBlocksThread = wait.Wait(150);


            IntPtr optional = IntPtr.Zero;

            var            SecurityQos = SECURITY_QUALITY_OF_SERVICE.Create(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, false, true);
            AlpcPortHandle clientHandle;

            int status = NativeMethods.NtConnectPort(out clientHandle, name, ref SecurityQos, out optional, out optional, ref maxMessageLenght, out optional, out optional);
            var ex     = new Win32Exception(status);
            var err    = Marshal.GetLastWin32Error();
            var ex2    = new Win32Exception(err);

            Assert.IsFalse(listenBlocksThread);
            serverConnectionPort.Dispose();
        }