public static extern NtStatus NtAlpcOpenSenderThread(
out SafeKernelObjectHandle ThreadHandle,
SafeKernelObjectHandle PortHandle,
AlpcPortMessage PortMessage,
AlpcOpenSenderThreadFlags Flags,
ThreadAccessRights DesiredAccess,
ObjectAttributes ObjectAttributes
);
public static extern NtStatus NtGetNextThread(
SafeKernelObjectHandle ProcessHandle,
SafeKernelObjectHandle ThreadHandle,
ThreadAccessRights DesiredAccess,
AttributeFlags HandleAttributes,
int Flags,
out SafeKernelObjectHandle NewThreadHandle
);
public static extern NtStatus NtCreateThread(
out SafeKernelObjectHandle ThreadHandle,
ThreadAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
SafeKernelObjectHandle ProcessHandle,
out ClientIdStruct ClientId,
IntPtr ThreadContext,
IntPtr InitialTeb,
bool CreateSuspended
);
/// <summary>
/// Constructor
/// </summary>
public CreateUserProcess()
{
DesktopInfo = @"WinSta0\Default";
ShellInfo = "";
RuntimeData = "";
WindowTitle = "";
AdditionalAttributes = new List <ProcessAttribute>();
ProcessDesiredAccess = ProcessAccessRights.MaximumAllowed;
ThreadDesiredAccess = ThreadAccessRights.MaximumAllowed;
}
public static SafeNativeHandle OpenThread(ThreadAccessRights access, bool inherit, int tid)
{
var handle = NativeOpenThread(access, inherit, tid);
if (handle.IsInvalid)
{
throw new Win32Exception();
}
return(handle);
}
/// <summary>
/// Get accessible threads for a process.
/// </summary>
/// <param name="desired_access">The desired access for the threads</param>
/// <returns>The list of threads</returns>
public IEnumerable <NtThread> GetThreads(ThreadAccessRights desired_access)
{
List <NtThread> handles = new List <NtThread>();
SafeKernelObjectHandle current_handle = new SafeKernelObjectHandle(IntPtr.Zero, false);
NtStatus status = NtSystemCalls.NtGetNextThread(Handle, current_handle, desired_access, AttributeFlags.None, 0, out current_handle);
while (status == NtStatus.STATUS_SUCCESS)
{
handles.Add(new NtThread(current_handle));
status = NtSystemCalls.NtGetNextThread(Handle, current_handle, desired_access, AttributeFlags.None, 0, out current_handle);
}
return(handles);
}
public static extern NtStatus NtCreateUserProcess(
out SafeKernelObjectHandle ProcessHandle,
out SafeKernelObjectHandle ThreadHandle,
ProcessAccessRights ProcessDesiredAccess,
ThreadAccessRights ThreadDesiredAccess,
ObjectAttributes ProcessObjectAttributes,
ObjectAttributes ThreadObjectAttributes,
ProcessCreateFlags ProcessFlags,
ThreadCreateFlags ThreadFlags,
IntPtr ProcessParameters,
[In, Out] ProcessCreateInfo CreateInfo,
[In, Out] ProcessAttributeList AttributeList
);
public static extern NtStatus NtCreateThreadEx(
out SafeKernelObjectHandle ThreadHandle,
ThreadAccessRights DesiredAccess,
[In] ObjectAttributes ObjectAttributes,
SafeKernelObjectHandle ProcessHandle,
IntPtr StartRoutine,
IntPtr Argument,
ThreadCreateFlags CreateFlags,
IntPtr ZeroBits,
IntPtr StackSize,
IntPtr MaximumStackSize,
ProcessAttributeList AttributeList
);
private static NtThread GetCurrentThread(ThreadAccessRights access, bool pseudo_handle)
{
if (pseudo_handle)
{
return(NtThread.Current);
}
else if ((access & ThreadAccessRights.MaximumAllowed) == ThreadAccessRights.MaximumAllowed)
{
return(NtThread.Current.Duplicate());
}
return(NtThread.Current.Duplicate(access));
}
static SafeFileHandle Open(this ProcessThread thread, ThreadAccessRights access)
{
if (thread == null)
{
throw new ArgumentNullException("thread");
}
IntPtr handle = OpenThread(access, false, thread.Id);
if (handle == IntPtr.Zero)
{
throw new Win32Exception();
}
return(new SafeFileHandle(handle, true));
}
public static extern NtStatus NtOpenThread(out SafeKernelObjectHandle ThreadHandle,
ThreadAccessRights DesiredAccess, ObjectAttributes ObjectAttributes, ClientId ClientId);
public static extern IntPtr OpenThread(ThreadAccessRights dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
public static extern IntPtr OpenThread(ThreadAccessRights accessMask, bool inheritHandle, int tid);
/// <summary>
/// Constructor.
/// </summary>
public GetNtThreadCmdlet()
{
Access = ThreadAccessRights.MaximumAllowed;
ThreadId = -1;
ProcessId = -1;
}
private static extern SafeNativeHandle NativeOpenThread(
ThreadAccessRights dwDesiredAccess,
bool bInheritHandle,
int dwThreadId
);
static extern IntPtr OpenThread(ThreadAccessRights access, bool inheritHandle, int threadID);
public void AddAuditRule(IdentityReference identityReference, ThreadAccessRights accessMask, AuditFlags flags)
{
AddAuditRule(new ThreadAuditRule(identityReference, accessMask, flags));
}
/// <summary>
/// Constructor.
/// </summary>
public GetNtThreadCmdlet()
{
Access = ThreadAccessRights.MaximumAllowed;
ThreadId = -1;
ProcessId = -1;
}
public void AddAuditRule(IdentityReference identityReference, ThreadAccessRights accessMask, AuditFlags flags)
{
AddAuditRule(new ThreadAuditRule(identityReference, accessMask, flags));
}
internal static extern IntPtr OpenThread(
[In] ThreadAccessRights dwDesiredAccess,
[In, MarshalAs(UnmanagedType.Bool)] bool bInheritHandle,
[In] int dwProcessId);
public ThreadAuditRule(IdentityReference identity, ThreadAccessRights accessRights, AuditFlags type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public void AddAccessRule(IdentityReference identityReference, ThreadAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new ThreadAccessRule(identityReference, accessMask, type));
}
public void AddAccessRule(IdentityReference identityReference, ThreadAccessRights accessMask, AccessControlType type)
{
AddAccessRule(new ThreadAccessRule(identityReference, accessMask, type));
}
public ThreadAuditRule(IdentityReference identity, ThreadAccessRights accessRights, AuditFlags type)
: base(identity, (int)accessRights, false, InheritanceFlags.None, PropagationFlags.None, type)
{
}