static void Main(string[] args)
{
bool show_help = false;
_pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet() {
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => _pid = int.Parse(v.Trim()) },
{ "n", "Specifes the list of arguments represents names instead of pids", v => _named_process = v != null },
{ "i", "Use an indentify level token when impersonating", v => _identify_only = v != null },
{ "t", "Dump accessible threads for process", v => _dump_threads = v != null },
{ "k", "Dump tokens for accessible objects", v => _dump_token = v != null },
{ "sddl", "Dump SDDL strings for objects", v => _print_sddl = v != null },
{ "h|help", "show this message and exit",
v => show_help = v != null },
};
List<string> pids = opts.Parse(args).Select(s => s.ToLower()).ToList();
if (show_help)
{
ShowHelp(opts);
}
else
{
IEnumerable<ProcessEntry> processes = new ProcessEntry[0];
if (pids.Count > 0 && !_named_process)
{
List<ProcessEntry> procs = new List<ProcessEntry>();
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
foreach (string pid_name in pids)
{
try
{
procs.Add(new ProcessEntry(NativeBridge.OpenProcess(int.Parse(pid_name))));
}
catch (Win32Exception ex)
{
Console.WriteLine("Error opening pid {0} - {1}", pid_name, ex.Message);
}
}
}
processes = procs;
}
else
{
try
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
processes = NativeBridge.GetProcesses().Select(h => new ProcessEntry(h));
}
if (_named_process && pids.Count > 0)
{
processes = processes.Where(p => pids.Contains(p.Name.ToLower()));
}
}
catch (Win32Exception ex)
{
Console.WriteLine(ex);
}
}
List<ProcessEntry> ps = processes.ToList();
ps.Sort((a, b) => a.Pid - b.Pid);
processes = ps;
foreach (ProcessEntry process in processes)
{
Console.WriteLine("{0}: {1} {2}", process.Pid, process.Name, process.GetGrantedAccess());
if (_print_sddl && process.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("SDDL: {0}", process.StringSecurityDescriptor);
}
if (_dump_token && process.Token != null)
{
Console.WriteLine("User: {0}", process.Token.UserName);
if (_print_sddl && process.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("Token SDDL: {0}", process.Token.StringSecurityDescriptor);
}
}
if (_dump_threads)
{
foreach (ThreadEntry thread in process.Threads)
{
Console.WriteLine("-- Thread {0}: {1}", thread.Tid, thread.GetGrantedAccess());
if (_print_sddl && thread.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- SDDL: {0}", thread.StringSecurityDescriptor);
}
if (_dump_token && thread.Token != null)
{
Console.WriteLine("---- Impersonating {0}", thread.Token.UserName);
if (_print_sddl && thread.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- Token SDDL: {0}", thread.Token.StringSecurityDescriptor);
}
}
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
static void Main(string[] args)
{
bool show_help = false;
_pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet()
{
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => _pid = int.Parse(v.Trim()) },
{ "n", "Specifes the list of arguments represents names instead of pids", v => _named_process = v != null },
{ "i", "Use an indentify level token when impersonating", v => _identify_only = v != null },
{ "t", "Dump accessible threads for process", v => _dump_threads = v != null },
{ "k", "Dump tokens for accessible objects", v => _dump_token = v != null },
{ "sddl", "Dump SDDL strings for objects", v => _print_sddl = v != null },
{ "h|help", "show this message and exit",
v => show_help = v != null },
};
List <string> pids = opts.Parse(args).Select(s => s.ToLower()).ToList();
if (show_help)
{
ShowHelp(opts);
}
else
{
IEnumerable <ProcessEntry> processes = new ProcessEntry[0];
if (pids.Count > 0 && !_named_process)
{
List <ProcessEntry> procs = new List <ProcessEntry>();
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
foreach (string pid_name in pids)
{
try
{
procs.Add(new ProcessEntry(NativeBridge.OpenProcess(int.Parse(pid_name))));
}
catch (Win32Exception ex)
{
Console.WriteLine("Error opening pid {0} - {1}", pid_name, ex.Message);
}
}
}
processes = procs;
}
else
{
try
{
using (ImpersonateProcess imp = NativeBridge.Impersonate(_pid,
_identify_only ? TokenSecurityLevel.Identification : TokenSecurityLevel.Impersonate))
{
processes = NativeBridge.GetProcesses().Select(h => new ProcessEntry(h));
}
if (_named_process && pids.Count > 0)
{
processes = processes.Where(p => pids.Contains(p.Name.ToLower()));
}
}
catch (Win32Exception ex)
{
Console.WriteLine(ex);
}
}
List <ProcessEntry> ps = processes.ToList();
ps.Sort((a, b) => a.Pid - b.Pid);
processes = ps;
foreach (ProcessEntry process in processes)
{
Console.WriteLine("{0}: {1} {2}", process.Pid, process.Name, process.GetGrantedAccess());
if (_print_sddl && process.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("SDDL: {0}", process.StringSecurityDescriptor);
}
if (_dump_token && process.Token != null)
{
Console.WriteLine("User: {0}", process.Token.UserName);
if (_print_sddl && process.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("Token SDDL: {0}", process.Token.StringSecurityDescriptor);
}
}
if (_dump_threads)
{
foreach (ThreadEntry thread in process.Threads)
{
Console.WriteLine("-- Thread {0}: {1}", thread.Tid, thread.GetGrantedAccess());
if (_print_sddl && thread.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- SDDL: {0}", thread.StringSecurityDescriptor);
}
if (_dump_token && thread.Token != null)
{
Console.WriteLine("---- Impersonating {0}", thread.Token.UserName);
if (_print_sddl && thread.Token.StringSecurityDescriptor.Length > 0)
{
Console.WriteLine("---- Token SDDL: {0}", thread.Token.StringSecurityDescriptor);
}
}
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
static void Main(string[] args)
{
bool show_help = false;
_pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet()
{
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => _pid = int.Parse(v.Trim()) },
{ "n", "Specifes the list of arguments represents names instead of pids", v => _named_process = v != null },
{ "i", "Use an indentify level token when impersonating", v => _identify_only = v != null },
{ "t", "Dump accessible threads for process", v => _dump_threads = v != null },
{ "k", "Dump tokens for accessible objects", v => _dump_token = v != null },
{ "a", "Start with all accessible threads instead of processes", v => _dump_threads = _all_threads = v != null },
{ "sddl", "Dump SDDL strings for objects", v => _print_sddl = v != null },
{ "h|help", "show this message and exit",
v => show_help = v != null },
};
List <string> pids = opts.Parse(args).Select(s => s.ToLower()).ToList();
if (show_help)
{
ShowHelp(opts);
}
else
{
IEnumerable <ProcessEntry> processes = new ProcessEntry[0];
if (_all_threads)
{
NtThread[] all_threads = null;
using (var imp = NtToken.Impersonate(_pid,
_identify_only ? SecurityImpersonationLevel.Identification : SecurityImpersonationLevel.Impersonation))
{
if (pids.Count > 0)
{
List <NtThread> ths = new List <NtThread>();
foreach (string pid_name in pids)
{
try
{
ths.Add(NtThread.Open(int.Parse(pid_name), ThreadAccessRights.MaximumAllowed));
}
catch (NtException ex)
{
Console.WriteLine("Error opening tid {0} - {1}", pid_name, ex.Message);
}
}
all_threads = ths.ToArray();
}
else
{
all_threads = NtThread.GetThreads(ThreadAccessRights.MaximumAllowed).ToArray();
}
List <ProcessEntry> procs = new List <ProcessEntry>();
foreach (var group in all_threads.GroupBy(t => t.ProcessId))
{
ProcessEntry entry = null;
NtThread[] threads = group.ToArray();
try
{
entry = new ProcessEntry(NtProcess.Open(group.Key, ProcessAccessRights.MaximumAllowed), threads);
}
catch (NtException)
{
entry = new ProcessEntry(group.Key, threads);
}
procs.Add(entry);
}
processes = procs;
}
}
else
{
if (pids.Count > 0 && !_named_process)
{
List <ProcessEntry> procs = new List <ProcessEntry>();
using (var imp = NtToken.Impersonate(_pid,
_identify_only ? SecurityImpersonationLevel.Identification : SecurityImpersonationLevel.Impersonation))
{
foreach (string pid_name in pids)
{
try
{
procs.Add(new ProcessEntry(NtProcess.Open(int.Parse(pid_name), ProcessAccessRights.MaximumAllowed)));
}
catch (NtException ex)
{
Console.WriteLine("Error opening pid {0} - {1}", pid_name, ex.Message);
}
}
}
processes = procs;
}
else
{
try
{
using (var imp = NtToken.Impersonate(_pid,
_identify_only ? SecurityImpersonationLevel.Identification : SecurityImpersonationLevel.Impersonation))
{
processes = NtProcess.GetProcesses(ProcessAccessRights.MaximumAllowed).Select(h => new ProcessEntry(h));
}
if (_named_process && pids.Count > 0)
{
processes = processes.Where(p => pids.Contains(p.Name.ToLower()));
}
}
catch (NtException ex)
{
Console.WriteLine(ex);
}
}
}
List <ProcessEntry> ps = processes.ToList();
ps.Sort((a, b) => a.Pid - b.Pid);
processes = ps;
foreach (ProcessEntry process in processes)
{
Console.WriteLine("{0}: {1} {2}", process.Pid, process.Name, process.GetGrantedAccessString());
if (_print_sddl && process.Handle.IsAccessGranted(ProcessAccessRights.ReadControl))
{
Console.WriteLine("SDDL: {0}", process.Handle.GetSddl());
}
if (_dump_token && process.Token != null)
{
Console.WriteLine("User: {0}", process.Token.User);
if (_print_sddl && process.Token.IsAccessGranted(TokenAccessRights.ReadControl))
{
Console.WriteLine("Token SDDL: {0}", process.Token.GetSddl());
}
}
if (_dump_threads)
{
foreach (ThreadEntry thread in process.Threads)
{
Console.WriteLine("-- Thread {0}: {1}", thread.Tid, thread.Handle.GetGrantedAccessString());
if (_print_sddl && thread.Handle.IsAccessGranted(ThreadAccessRights.ReadControl))
{
Console.WriteLine("---- SDDL: {0}", thread.Handle.GetSddl());
}
if (_dump_token && thread.Token != null)
{
Console.WriteLine("---- Impersonating {0}", thread.Token.User);
if (_print_sddl && thread.Token.IsAccessGranted(TokenAccessRights.ReadControl))
{
Console.WriteLine("---- Token SDDL: {0}", thread.Token.GetSddl());
}
}
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
}