//////////////////////////////////////////////////////////////////////////////// // Displays the users associated with a token //////////////////////////////////////////////////////////////////////////////// public void GetTokenSource() { uint returnLength; advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenSource, IntPtr.Zero, 0, out returnLength); hTokenSource = Marshal.AllocHGlobal((int)returnLength); try { if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenSource, hTokenSource, returnLength, out returnLength)) { Misc.GetWin32Error("GetTokenInformation (TokenSource) - Pass 2"); return; } tokenSource = (Winnt._TOKEN_SOURCE)Marshal.PtrToStructure(hTokenSource, typeof(Winnt._TOKEN_SOURCE)); if (0 == tokenSource.SourceName.Length) { Misc.GetWin32Error("PtrToStructure"); } } catch (Exception ex) { Misc.GetWin32Error("GetTokenInformation (TokenSource) - Pass 2"); Console.WriteLine(ex.Message); return; } Console.WriteLine("[+] Source: " + new string(tokenSource.SourceName)); return; }
private bool CreateTokenSource(out Winnt._TOKEN_SOURCE tokenSource) { Console.WriteLine("[*] _TOKEN_SOURCE"); tokenSource = new Winnt._TOKEN_SOURCE(); uint ntRetVal = ntdll.NtAllocateLocallyUniqueId(ref tokenSource.SourceIdentifier); if (0 != ntRetVal) { Misc.GetNtError("NtAllocateLocallyUniqueId", ntRetVal); return(false); } return(true); }
public static extern uint NtCreateToken( out IntPtr TokenHandle, uint DesiredAccess, ref wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes, Winnt._TOKEN_TYPE TokenType, ref Winnt._LUID AuthenticationId, //From NtAllocateLocallyUniqueId ref long ExpirationTime, ref Ntifs._TOKEN_USER TokenUser, ref Ntifs._TOKEN_GROUPS_DYNAMIC TokenGroups, ref Winnt._TOKEN_PRIVILEGES_ARRAY TokenPrivileges, ref Ntifs._TOKEN_OWNER TokenOwner, ref Winnt._TOKEN_PRIMARY_GROUP TokenPrimaryGroup, ref Winnt._TOKEN_DEFAULT_DACL TokenDefaultDacl, ref Winnt._TOKEN_SOURCE TokenSource );