private IntPtr pSD = IntPtr.Zero; // LPSECURITY_DESCRIPTOR
/// <summary>
/// Constructor.
/// </summary>
/// <param name="access">The type of descriptor to create.</param>
public SecurityAttributes(SecurityAccess access)
{
#if WINFULL
switch (access)
{
case SecurityAccess.Unrestricted:
pSD = Marshal.AllocHGlobal(new IntPtr(WinApi.SECURITY_DESCRIPTOR_MIN_LENGTH));
if (pSD == IntPtr.Zero)
{
throw new Exception("Security descriptor cannot be allocated.");
}
if (!WinApi.InitializeSecurityDescriptor(pSD, WinApi.SECURITY_DESCRIPTOR_REVISION))
{
Marshal.FreeHGlobal(pSD);
pSD = IntPtr.Zero;
throw new Exception("Security descriptor cannot be initialized.");
}
if (!WinApi.SetSecurityDescriptorDacl(pSD, true, IntPtr.Zero, false))
{
Marshal.FreeHGlobal(pSD);
pSD = IntPtr.Zero;
throw new Exception("Cannot set the discretionary ACL.");
}
WinApi.SECURITY_ATTRIBUTES sa;
sa = new WinApi.SECURITY_ATTRIBUTES(pSD);
pSA = Marshal.AllocHGlobal(sizeof(WinApi.SECURITY_ATTRIBUTES));
if (pSA == IntPtr.Zero)
{
throw new Exception("Security attributes cannot be allocated.");
}
Marshal.StructureToPtr(sa, pSA, false);
break;
case SecurityAccess.CurrentAccount:
pSA = IntPtr.Zero;
pSD = IntPtr.Zero;
break;
default:
Assertion.Fail("Unexpected security access type.");
break;
}
#endif // WINFULL
}
static IntPtr getPrimaryToken(int processId)
{
IntPtr hToken = IntPtr.Zero;
try
{
IntPtr primaryToken = IntPtr.Zero;
Process p = Process.GetProcessById(processId);
//Gets impersonation token
if (!WinApi.Advapi32.OpenProcessToken(p.Handle, WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE, out hToken))
{
throw new Exception("!OpenProcessToken()", ErrorRoutines.GetLastError());
}
WinApi.SECURITY_ATTRIBUTES sa = new WinApi.SECURITY_ATTRIBUTES();
sa.nLength = Marshal.SizeOf(sa);
//Convert the impersonation token into Primary token
if (!WinApi.Advapi32.DuplicateTokenEx(
hToken,
WinApi.Advapi32.DesiredAccess.TOKEN_ASSIGN_PRIMARY | WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE | WinApi.Advapi32.DesiredAccess.TOKEN_QUERY,
sa,
WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification,
WinApi.Advapi32.TOKEN_TYPE.TokenPrimary,
out primaryToken
))
{
throw new Exception("!DuplicateTokenEx()", ErrorRoutines.GetLastError());
}
return(primaryToken);
}
//catch(Exception e)
//{
//}
finally
{
if (hToken != IntPtr.Zero)
{
WinApi.Kernel32.CloseHandle(hToken);
}
}
}
private static bool getActiveSessionUserToken(ref IntPtr phUserToken)
{
var bResult = false;
var hImpersonationToken = IntPtr.Zero;
var activeSessionId = Wts.INVALID_SESSION_ID;
var pSessionInfo = IntPtr.Zero;
var sessionCount = 0;
// Get a handle to the user access token for the current active session.
if (Wts.WTSEnumerateSessions(Wts.WTS_CURRENT_SERVER_HANDLE, 0, 1, ref pSessionInfo, ref sessionCount) != 0)
{
var arrayElementSize = Marshal.SizeOf(typeof(Wts.WTS_SESSION_INFO));
var current = pSessionInfo;
for (var i = 0; i < sessionCount; i++)
{
var si = (Wts.WTS_SESSION_INFO)Marshal.PtrToStructure((IntPtr)current, typeof(Wts.WTS_SESSION_INFO));
current += arrayElementSize;
if (si.State == Wts.WTS_CONNECTSTATE_CLASS.WTSActive)
{
activeSessionId = si.SessionID;
}
}
}
// If enumerating did not work, fall back to the old method
if (activeSessionId == Wts.INVALID_SESSION_ID)
{
activeSessionId = Wts.WTSGetActiveConsoleSessionId();
}
if (Wts.WTSQueryUserToken(activeSessionId, ref hImpersonationToken) != 0)
{
// Convert the impersonation token to a primary token
var sa = new WinApi.SECURITY_ATTRIBUTES();
bResult = Advapi32.DuplicateTokenEx(hImpersonationToken, 0, sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, out phUserToken);
Kernel32.CloseHandle(hImpersonationToken);
}
return(bResult);
}
/// <summary>
/// Starts the main debug loop, optionally creating a process from the supplied file path.
/// </summary>
/// <param name="arguments">An optional set of arguments that dictate how an executable is debugged.</param>
private void StartDebugLoop(object arguments = null)
{
string filePath;
string parameters;
if (arguments == null)
{
filePath = string.Empty;
parameters = string.Empty;
}
else if (arguments is DebugLoopArguments)
{
DebugLoopArguments dla = (DebugLoopArguments)arguments;
filePath = dla.FilePath;
parameters = dla.Parameters;
}
else
{
filePath = string.Empty;
parameters = string.Empty;
}
if (arguments == null)
{
if (!this.IsOpen)
{
return;
}
if (!WinApi.DebugActiveProcess((uint)this.PID))
{
#if DEBUG
this.Status.Log("Cannot debug. Error: " + Marshal.GetLastWin32Error(), Logger.Level.HIGH);
#endif
return;
}
else if (!WinApi.DebugSetProcessKillOnExit(false))
{
#if DEBUG
this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM);
#endif
}
else
{
this.allowedToDebug = true;
this.threadMayExit = false;
}
WinApi.ThreadAccess thread_rights =
WinApi.ThreadAccess.SET_CONTEXT | WinApi.ThreadAccess.GET_CONTEXT | WinApi.ThreadAccess.SUSPEND_RESUME;
IntPtr threadHandle = WinApi.OpenThread(thread_rights, false, (uint)this.ThreadID);
WinApi.CONTEXT cx = new WinApi.CONTEXT();
cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS;
WinApi.GetThreadContext(threadHandle, ref cx);
cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS;
cx.Dr7 =
(uint)(Debugger.DRegSettings.reg0w | Debugger.DRegSettings.reg0len4 | Debugger.DRegSettings.reg0set);
bool stc = WinApi.SetThreadContext(threadHandle, ref cx);
WinApi.CloseHandle(threadHandle);
this.SetDebuggerArchitecture();
this.DebugLoop();
return;
}
else
{
if (!SysInteractor.IsInitialized)
{
SysInteractor.Init();
}
bool res = false;
string application = filePath;
string commandLine = string.Empty;
if (!string.IsNullOrEmpty(parameters))
{
commandLine = '"' + filePath + "\" " + parameters;
}
WinApi.PROCESS_INFORMATION procInfo = new WinApi.PROCESS_INFORMATION();
WinApi.STARTUPINFO startupInfo = new WinApi.STARTUPINFO();
WinApi.SECURITY_ATTRIBUTES processSecurity = new WinApi.SECURITY_ATTRIBUTES();
WinApi.SECURITY_ATTRIBUTES threadSecurity = new WinApi.SECURITY_ATTRIBUTES();
processSecurity.nLength = Marshal.SizeOf(processSecurity);
threadSecurity.nLength = Marshal.SizeOf(threadSecurity);
// Open the process.
res = WinApi.CreateProcess(
application,
commandLine,
ref processSecurity,
ref threadSecurity,
false,
(uint)WinApi.ProcessCreationFlags.DEBUG_PROCESS,
IntPtr.Zero,
null,
ref startupInfo,
out procInfo);
if (!res)
{
return;
}
this.ProcHandle = procInfo.hProcess;
if (this.ProcHandle != null)
{
try
{
this.Proc = System.Diagnostics.Process.GetProcessById(procInfo.dwProcessId);
}
catch (ArgumentException)
{
WinApi.CloseHandle(this.ProcHandle);
return;
}
if (!WinApi.DebugSetProcessKillOnExit(false))
{
#if DEBUG
this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM);
#endif
}
else
{
this.allowedToDebug = true;
this.threadMayExit = false;
}
this.SetDebuggerArchitecture();
this.DebugLoop();
return;
}
this.Status.Log("Unable to open the target process.", Logger.Level.HIGH);
}
}