private IntPtr pSD = IntPtr.Zero; // LPSECURITY_DESCRIPTOR /// <summary> /// Constructor. /// </summary> /// <param name="access">The type of descriptor to create.</param> public SecurityAttributes(SecurityAccess access) { #if WINFULL switch (access) { case SecurityAccess.Unrestricted: pSD = Marshal.AllocHGlobal(new IntPtr(WinApi.SECURITY_DESCRIPTOR_MIN_LENGTH)); if (pSD == IntPtr.Zero) { throw new Exception("Security descriptor cannot be allocated."); } if (!WinApi.InitializeSecurityDescriptor(pSD, WinApi.SECURITY_DESCRIPTOR_REVISION)) { Marshal.FreeHGlobal(pSD); pSD = IntPtr.Zero; throw new Exception("Security descriptor cannot be initialized."); } if (!WinApi.SetSecurityDescriptorDacl(pSD, true, IntPtr.Zero, false)) { Marshal.FreeHGlobal(pSD); pSD = IntPtr.Zero; throw new Exception("Cannot set the discretionary ACL."); } WinApi.SECURITY_ATTRIBUTES sa; sa = new WinApi.SECURITY_ATTRIBUTES(pSD); pSA = Marshal.AllocHGlobal(sizeof(WinApi.SECURITY_ATTRIBUTES)); if (pSA == IntPtr.Zero) { throw new Exception("Security attributes cannot be allocated."); } Marshal.StructureToPtr(sa, pSA, false); break; case SecurityAccess.CurrentAccount: pSA = IntPtr.Zero; pSD = IntPtr.Zero; break; default: Assertion.Fail("Unexpected security access type."); break; } #endif // WINFULL }
static IntPtr getPrimaryToken(int processId) { IntPtr hToken = IntPtr.Zero; try { IntPtr primaryToken = IntPtr.Zero; Process p = Process.GetProcessById(processId); //Gets impersonation token if (!WinApi.Advapi32.OpenProcessToken(p.Handle, WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE, out hToken)) { throw new Exception("!OpenProcessToken()", ErrorRoutines.GetLastError()); } WinApi.SECURITY_ATTRIBUTES sa = new WinApi.SECURITY_ATTRIBUTES(); sa.nLength = Marshal.SizeOf(sa); //Convert the impersonation token into Primary token if (!WinApi.Advapi32.DuplicateTokenEx( hToken, WinApi.Advapi32.DesiredAccess.TOKEN_ASSIGN_PRIMARY | WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE | WinApi.Advapi32.DesiredAccess.TOKEN_QUERY, sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, out primaryToken )) { throw new Exception("!DuplicateTokenEx()", ErrorRoutines.GetLastError()); } return(primaryToken); } //catch(Exception e) //{ //} finally { if (hToken != IntPtr.Zero) { WinApi.Kernel32.CloseHandle(hToken); } } }
private static bool getActiveSessionUserToken(ref IntPtr phUserToken) { var bResult = false; var hImpersonationToken = IntPtr.Zero; var activeSessionId = Wts.INVALID_SESSION_ID; var pSessionInfo = IntPtr.Zero; var sessionCount = 0; // Get a handle to the user access token for the current active session. if (Wts.WTSEnumerateSessions(Wts.WTS_CURRENT_SERVER_HANDLE, 0, 1, ref pSessionInfo, ref sessionCount) != 0) { var arrayElementSize = Marshal.SizeOf(typeof(Wts.WTS_SESSION_INFO)); var current = pSessionInfo; for (var i = 0; i < sessionCount; i++) { var si = (Wts.WTS_SESSION_INFO)Marshal.PtrToStructure((IntPtr)current, typeof(Wts.WTS_SESSION_INFO)); current += arrayElementSize; if (si.State == Wts.WTS_CONNECTSTATE_CLASS.WTSActive) { activeSessionId = si.SessionID; } } } // If enumerating did not work, fall back to the old method if (activeSessionId == Wts.INVALID_SESSION_ID) { activeSessionId = Wts.WTSGetActiveConsoleSessionId(); } if (Wts.WTSQueryUserToken(activeSessionId, ref hImpersonationToken) != 0) { // Convert the impersonation token to a primary token var sa = new WinApi.SECURITY_ATTRIBUTES(); bResult = Advapi32.DuplicateTokenEx(hImpersonationToken, 0, sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, out phUserToken); Kernel32.CloseHandle(hImpersonationToken); } return(bResult); }
/// <summary> /// Starts the main debug loop, optionally creating a process from the supplied file path. /// </summary> /// <param name="arguments">An optional set of arguments that dictate how an executable is debugged.</param> private void StartDebugLoop(object arguments = null) { string filePath; string parameters; if (arguments == null) { filePath = string.Empty; parameters = string.Empty; } else if (arguments is DebugLoopArguments) { DebugLoopArguments dla = (DebugLoopArguments)arguments; filePath = dla.FilePath; parameters = dla.Parameters; } else { filePath = string.Empty; parameters = string.Empty; } if (arguments == null) { if (!this.IsOpen) { return; } if (!WinApi.DebugActiveProcess((uint)this.PID)) { #if DEBUG this.Status.Log("Cannot debug. Error: " + Marshal.GetLastWin32Error(), Logger.Level.HIGH); #endif return; } else if (!WinApi.DebugSetProcessKillOnExit(false)) { #if DEBUG this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM); #endif } else { this.allowedToDebug = true; this.threadMayExit = false; } WinApi.ThreadAccess thread_rights = WinApi.ThreadAccess.SET_CONTEXT | WinApi.ThreadAccess.GET_CONTEXT | WinApi.ThreadAccess.SUSPEND_RESUME; IntPtr threadHandle = WinApi.OpenThread(thread_rights, false, (uint)this.ThreadID); WinApi.CONTEXT cx = new WinApi.CONTEXT(); cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS; WinApi.GetThreadContext(threadHandle, ref cx); cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS; cx.Dr7 = (uint)(Debugger.DRegSettings.reg0w | Debugger.DRegSettings.reg0len4 | Debugger.DRegSettings.reg0set); bool stc = WinApi.SetThreadContext(threadHandle, ref cx); WinApi.CloseHandle(threadHandle); this.SetDebuggerArchitecture(); this.DebugLoop(); return; } else { if (!SysInteractor.IsInitialized) { SysInteractor.Init(); } bool res = false; string application = filePath; string commandLine = string.Empty; if (!string.IsNullOrEmpty(parameters)) { commandLine = '"' + filePath + "\" " + parameters; } WinApi.PROCESS_INFORMATION procInfo = new WinApi.PROCESS_INFORMATION(); WinApi.STARTUPINFO startupInfo = new WinApi.STARTUPINFO(); WinApi.SECURITY_ATTRIBUTES processSecurity = new WinApi.SECURITY_ATTRIBUTES(); WinApi.SECURITY_ATTRIBUTES threadSecurity = new WinApi.SECURITY_ATTRIBUTES(); processSecurity.nLength = Marshal.SizeOf(processSecurity); threadSecurity.nLength = Marshal.SizeOf(threadSecurity); // Open the process. res = WinApi.CreateProcess( application, commandLine, ref processSecurity, ref threadSecurity, false, (uint)WinApi.ProcessCreationFlags.DEBUG_PROCESS, IntPtr.Zero, null, ref startupInfo, out procInfo); if (!res) { return; } this.ProcHandle = procInfo.hProcess; if (this.ProcHandle != null) { try { this.Proc = System.Diagnostics.Process.GetProcessById(procInfo.dwProcessId); } catch (ArgumentException) { WinApi.CloseHandle(this.ProcHandle); return; } if (!WinApi.DebugSetProcessKillOnExit(false)) { #if DEBUG this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM); #endif } else { this.allowedToDebug = true; this.threadMayExit = false; } this.SetDebuggerArchitecture(); this.DebugLoop(); return; } this.Status.Log("Unable to open the target process.", Logger.Level.HIGH); } }