private static string FormatText(NtHandle ent)
{
string size = String.Empty;
try
{
using (NtSection section = NtSection.DuplicateFrom(ent.ProcessId, new IntPtr(ent.Handle), SectionAccessRights.Query))
{
size = section.Size.ToString();
}
}
catch (NtException)
{
size = "Unknown";
}
StringBuilder builder = new StringBuilder();
NtType section_type = NtType.GetTypeByName("section");
if (section_type.HasReadPermission(ent.GrantedAccess))
{
builder.Append("R");
}
if (section_type.HasWritePermission(ent.GrantedAccess))
{
builder.Append("W");
}
return(String.Format("[{0}/0x{0:X}] {1} Size: {2} Access: {3}", ent.Handle, ent.Name, size, builder.ToString()));
}
static void CheckAccess(string full_path, NtFile entry)
{
try
{
if (!entry.IsAccessGranted(FileAccessRights.ReadControl))
{
return;
}
SecurityDescriptor sd = entry.SecurityDescriptor;
bool is_dir = entry.IsDirectory;
AccessMask granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type,
_dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type,
_file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access.HasAccess)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'),
is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
catch (NtException)
{
}
}
static void CheckAccess(string path, byte[] sd, NtType type)
{
try
{
if (_type_filter.Count > 0)
{
if (!_type_filter.Contains(type.Name.ToLower()))
{
return;
}
}
if (sd.Length > 0)
{
uint granted_access = 0;
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, type, (uint)_dir_rights, sd);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, type, sd);
}
if (granted_access != 0)
{
// As we can get all the rights for the directory get maximum
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, type, sd);
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, path, granted_access, AccessMaskToString(type, granted_access));
if (_print_sddl)
{
Console.WriteLine("{0}", NtSecurity.SecurityDescriptorToSddl(sd, SecurityInformation.AllBasic));
}
}
}
}
}
catch (Exception)
{
}
}
static void CheckAccess(NtToken token, NtObject obj)
{
if (!obj.IsAccessMaskGranted(GenericAccessRights.ReadControl))
{
return;
}
try
{
SecurityDescriptor sd = obj.SecurityDescriptor;
AccessMask granted_access;
NtType type = obj.NtType;
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token,
_dir_rights, type.GenericMapping);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping);
}
if (!granted_access.IsEmpty)
{
// As we can get all the rights for the directory get maximum
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping);
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, obj.FullPath,
granted_access, type.AccessMaskToString(granted_access, _map_to_generic));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
catch (NtException)
{
}
}
static void CheckAccess(FileSystemInfo entry)
{
try
{
SecurityDescriptor sd = NtSecurity.FromNamedObject(@"\??\" + entry.FullName, "file");
if (sd != null)
{
bool is_dir = entry is DirectoryInfo;
uint granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access != 0)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", entry.FullName, is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
}
catch (Exception)
{
}
}
static void CheckAccess(string full_path, NtFile entry)
{
try
{
SecurityDescriptor sd = entry.GetSecurityDescriptor(SecurityInformation.AllBasic);
if (sd != null)
{
bool is_dir = entry.IsDirectory;
uint granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access != 0)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'),
is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
}
catch { }
}
static void CheckAccess(NtToken token, NtKey key)
{
NtType type = key.NtType;
if (!key.IsAccessGranted(KeyAccessRights.ReadControl))
{
return;
}
SecurityDescriptor sd = key.SecurityDescriptor;
AccessMask granted_access;
if (_key_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(token, type,
_key_rights, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray());
}
if (!granted_access.IsEmpty)
{
// As we can get all the rights for the key get maximum
if (_key_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray());
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("{0} : {1:X08} {2}", key.FullPath, granted_access, AccessMaskToString(granted_access, type));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
