public unsafe byte[] ToTOKEN_PRIVILEGES() { if (Count == 0) { return(null); } int bufferSize = (Marshal.SizeOf(typeof(TOKEN_PRIVILEGES))) + (Marshal.SizeOf(typeof(LUID_AND_ATTRIBUTES)) * (Count - 1)); byte[] buffer = new byte[bufferSize]; fixed(void *ptr = buffer) { TOKEN_PRIVILEGES * tp = (TOKEN_PRIVILEGES *)(ptr); LUID_AND_ATTRIBUTES *la = &tp->Privileges; tp->PrivilegeCount = Count; for (int i = 0; i < Count; i++) { *la++ = this[i].Value; } } return(buffer); }
public unsafe TokenPrivilegeCollection(WindowsIdentity identity) { int bufferSize = 1024; byte[] buffer = new byte[bufferSize]; using (SafeTokenHandle tokenHandle = new SafeTokenHandle(identity.Token, false)) { if (!TryGetTokenPrivileges(tokenHandle, buffer, out bufferSize)) { buffer = new byte[bufferSize]; if (!TryGetTokenPrivileges(tokenHandle, buffer, out bufferSize)) { throw PscxException.LastWin32Exception(); } } } fixed(void *ptr = buffer) { TOKEN_PRIVILEGES * tp = (TOKEN_PRIVILEGES *)(ptr); LUID_AND_ATTRIBUTES *la = &tp->Privileges; int remaining = tp->PrivilegeCount; while (remaining-- > 0) { Add(new TokenPrivilege(*la++)); } } }
public unsafe static LUID_AND_ATTRIBUTES[] MarshalFromIntPtr(IntPtr pNativeData) { if (pNativeData == IntPtr.Zero) { return(null); } int count = Marshal.ReadInt32(pNativeData); LUID_AND_ATTRIBUTES[] ary = new LUID_AND_ATTRIBUTES[count]; IntPtr pArrayData = new IntPtr(pNativeData.ToInt64() + 4); LUID_AND_ATTRIBUTES *src = (LUID_AND_ATTRIBUTES *)pArrayData.ToPointer(); fixed(LUID_AND_ATTRIBUTES *dst_base = ary) { LUID_AND_ATTRIBUTES *dst = dst_base; for (int i = 0; i < count; i++) { *dst = *src; dst++; src++; } } return(ary); }
public unsafe static IntPtr MarshalManagedToNative(LUID_AND_ATTRIBUTES[] attributes) { if (attributes == null) { return(IntPtr.Zero); } int total_size = 4 + attributes.Length * Marshal.SizeOf(typeof(LUID_AND_ATTRIBUTES)); IntPtr pNativeData = Marshal.AllocHGlobal(total_size); Marshal.WriteInt32(pNativeData, attributes.Length); IntPtr pArrayData = new IntPtr(pNativeData.ToInt64() + 4); LUID_AND_ATTRIBUTES *dst = (LUID_AND_ATTRIBUTES *)pArrayData.ToPointer(); fixed(LUID_AND_ATTRIBUTES *src_base = attributes) { LUID_AND_ATTRIBUTES *src = src_base; for (int i = 0; i < attributes.Length; i++) { *dst = *src; dst++; src++; } } return(pNativeData); }
internal static unsafe void KeepOnlyPrivilegeInProcess(string privilege) { SafeCloseHandle process = OpenCurrentProcessForWrite(); try { SafeCloseHandle processToken = GetProcessToken(process, 0x20028); try { LUID luid; if (!ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges)]; try { fixed(byte *numRef = tokenInformation) { GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *newState = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)numRef; LUID_AND_ATTRIBUTES *luid_and_attributesPtr = &newState->Privileges; int index = 0; for (int i = 0; i < newState->PrivilegeCount; i++) { if (!luid_and_attributesPtr[i].Luid.Equals(luid)) { luid_and_attributesPtr[index].Attributes = PrivilegeAttribute.SE_PRIVILEGE_DISABLED | PrivilegeAttribute.SE_PRIVILEGE_REMOVED; luid_and_attributesPtr[index].Luid = luid_and_attributesPtr[i].Luid; index++; } } newState->PrivilegeCount = index; bool flag = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(processToken, false, newState, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero); int num5 = Marshal.GetLastWin32Error(); if (!flag || (num5 != 0)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num5)); } } } finally { numRef = null; } } finally { processToken.Close(); } } finally { process.Close(); } }
internal static void KeepOnlyPrivilegeInProcess(string privilege) { SafeCloseHandle process = OpenCurrentProcessForWrite(); try { SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY | ListenerUnsafeNativeMethods.TOKEN_ADJUST_PRIVILEGES | ListenerUnsafeNativeMethods.READ_CONTROL); try { LUID luid; bool success = ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid); if (!success) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges); byte[] tokenInformation = new byte[length]; fixed(byte *pTokenPrivileges = tokenInformation) { GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges, tokenInformation); ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *pTP = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)pTokenPrivileges; LUID_AND_ATTRIBUTES *pLuidAndAttributes = (LUID_AND_ATTRIBUTES *)(&(pTP->Privileges)); int privilegeCount = 0; for (int i = 0; i < pTP->PrivilegeCount; i++) { if (!pLuidAndAttributes[i].Luid.Equals(luid)) { pLuidAndAttributes[privilegeCount].Attributes = PrivilegeAttribute.SE_PRIVILEGE_REMOVED; pLuidAndAttributes[privilegeCount].Luid = pLuidAndAttributes[i].Luid; privilegeCount++; } } pTP->PrivilegeCount = privilegeCount; success = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(token, false, pTP, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero); int error = Marshal.GetLastWin32Error(); if (!success || error != UnsafeNativeMethods.ERROR_SUCCESS) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error)); } } } finally { token.Close(); } } finally { process.Close(); } }
public static extern int CreateRestrictedToken([NativeTypeName("HANDLE")] IntPtr ExistingTokenHandle, [NativeTypeName("DWORD")] uint Flags, [NativeTypeName("DWORD")] uint DisableSidCount, [NativeTypeName("PSID_AND_ATTRIBUTES")] SID_AND_ATTRIBUTES *SidsToDisable, [NativeTypeName("DWORD")] uint DeletePrivilegeCount, [NativeTypeName("PLUID_AND_ATTRIBUTES")] LUID_AND_ATTRIBUTES *PrivilegesToDelete, [NativeTypeName("DWORD")] uint RestrictedSidCount, [NativeTypeName("PSID_AND_ATTRIBUTES")] SID_AND_ATTRIBUTES *SidsToRestrict, [NativeTypeName("PHANDLE")] IntPtr *NewTokenHandle);