public TMProcessBuilder UsingExistingProcessToken(int processId)
{
var hProc = TMProcessHandle.FromProcessId(processId);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_DUPLICATE, TokenAccess.TOKEN_QUERY);
var hDuplicate = hToken.DuplicatePrimaryToken();
this.TokenHandle = hDuplicate;
return(this);
}
/// <summary>
/// Duplicates and impersonates the process token of the specified PID.
/// This replaces the current thread token. Call RevertToSelf() to get back
/// previous access token.
/// </summary>
/// <param name="pid"></param>
public static void ImpersonateProcessToken(int pid)
{
var hProc = TMProcessHandle.FromProcessId(pid, ProcessAccessFlags.QueryInformation);
var hToken = AccessTokenHandle.FromProcessHandle(hProc, TokenAccess.TOKEN_IMPERSONATE, TokenAccess.TOKEN_DUPLICATE);
var hDuplicate = hToken.DuplicateImpersonationToken(TokenAccess.TOKEN_ALL_ACCESS);
if (!Advapi32.SetThreadToken(IntPtr.Zero, hDuplicate.GetHandle()))
{
Console.WriteLine($"{Kernel32.GetLastError()}");
}
}
public void Execute()
{
TMProcessHandle hProcess;
if (this.options.ProcessID.HasValue)
{
hProcess = TMProcessHandle.FromProcessId(this.options.ProcessID.Value, TokenManage.API.ProcessAccessFlags.QueryInformation);
}
else
{
hProcess = TMProcessHandle.GetCurrentProcessHandle();
}
var hToken = AccessTokenHandle.FromProcessHandle(hProcess, TokenAccess.TOKEN_QUERY);
if (this.options.ShowUser || this.options.ShowAll)
{
ShowUser(hToken);
}
if (this.options.ShowGroups || this.options.ShowAll)
{
ShowGroups(hToken);
}
if (this.options.ShowPrivileges || this.options.ShowAll)
{
ShowPrivileges(hToken);
}
if (this.options.ShowLogonSid || this.options.ShowAll)
{
ShowLogonSid(hToken);
}
if (this.options.ShowOwner || this.options.ShowAll)
{
ShowOwner(hToken);
}
if (this.options.ShowPrimaryGroup || this.options.ShowAll)
{
ShowPrimaryGroup(hToken);
}
if (this.options.ShowSessionID || this.options.ShowAll)
{
ShowSessionID(hToken);
}
}
