////////////////////////////////////////////////////////////////////////////////
// Displays the users associated with a token
////////////////////////////////////////////////////////////////////////////////
public void GetTokenSource()
{
uint returnLength;
advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenSource, IntPtr.Zero, 0, out returnLength);
hTokenSource = Marshal.AllocHGlobal((int)returnLength);
try
{
if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenSource, hTokenSource, returnLength, out returnLength))
{
Misc.GetWin32Error("GetTokenInformation (TokenSource) - Pass 2");
return;
}
tokenSource = (Winnt._TOKEN_SOURCE)Marshal.PtrToStructure(hTokenSource, typeof(Winnt._TOKEN_SOURCE));
if (0 == tokenSource.SourceName.Length)
{
Misc.GetWin32Error("PtrToStructure");
}
}
catch (Exception ex)
{
Misc.GetWin32Error("GetTokenInformation (TokenSource) - Pass 2");
Console.WriteLine(ex.Message);
return;
}
Console.WriteLine("[+] Source: " + new string(tokenSource.SourceName));
return;
}
private bool CreateTokenSource(out Winnt._TOKEN_SOURCE tokenSource)
{
Console.WriteLine("[*] _TOKEN_SOURCE");
tokenSource = new Winnt._TOKEN_SOURCE();
uint ntRetVal = ntdll.NtAllocateLocallyUniqueId(ref tokenSource.SourceIdentifier);
if (0 != ntRetVal)
{
Misc.GetNtError("NtAllocateLocallyUniqueId", ntRetVal);
return(false);
}
return(true);
}
public static extern uint NtCreateToken(
out IntPtr TokenHandle,
uint DesiredAccess,
ref wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes,
Winnt._TOKEN_TYPE TokenType,
ref Winnt._LUID AuthenticationId, //From NtAllocateLocallyUniqueId
ref long ExpirationTime,
ref Ntifs._TOKEN_USER TokenUser,
ref Ntifs._TOKEN_GROUPS_DYNAMIC TokenGroups,
ref Winnt._TOKEN_PRIVILEGES_ARRAY TokenPrivileges,
ref Ntifs._TOKEN_OWNER TokenOwner,
ref Winnt._TOKEN_PRIMARY_GROUP TokenPrimaryGroup,
ref Winnt._TOKEN_DEFAULT_DACL TokenDefaultDacl,
ref Winnt._TOKEN_SOURCE TokenSource
);
