//////////////////////////////////////////////////////////////////////////////// // Displays the users associated with a token //////////////////////////////////////////////////////////////////////////////// public void GetTokenDefaultDacl() { uint returnLength; advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, IntPtr.Zero, 0, out returnLength); hTokenDefaultDacl = Marshal.AllocHGlobal((int)returnLength); try { if (!advapi32.GetTokenInformation(hWorkingToken, Winnt._TOKEN_INFORMATION_CLASS.TokenDefaultDacl, hTokenDefaultDacl, returnLength, out returnLength)) { Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl) - Pass 2"); return; } tokenDefaultDacl = (Winnt._TOKEN_DEFAULT_DACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL)); if (IntPtr.Zero == tokenDefaultDacl.DefaultDacl) { Misc.GetWin32Error("PtrToStructure"); } tokenDefaultDaclAcl = (Winnt._TOKEN_DEFAULT_DACL_ACL)Marshal.PtrToStructure(hTokenDefaultDacl, typeof(Winnt._TOKEN_DEFAULT_DACL_ACL)); } catch (Exception ex) { Misc.GetWin32Error("GetTokenInformation (TokenDefaultDacl - Pass 2"); Console.WriteLine(ex.Message); return; } string primaryGroup = Marshal.PtrToStringUni(tokenPrimaryGroup.PrimaryGroup); Console.WriteLine("[+] ACL Count: {0}", tokenDefaultDaclAcl.DefaultDacl.AceCount); return; }
private bool CreateTokenDefaultDACL(out Winnt._TOKEN_DEFAULT_DACL tokenDefaultDacl) { Console.WriteLine("[*] _TOKEN_DEFAULT_DACL"); tokenDefaultDacl = new Winnt._TOKEN_DEFAULT_DACL() { DefaultDacl = IntPtr.Zero }; return(true); }
public static extern uint NtCreateToken( out IntPtr TokenHandle, uint DesiredAccess, ref wudfwdm._OBJECT_ATTRIBUTES ObjectAttributes, Winnt._TOKEN_TYPE TokenType, ref Winnt._LUID AuthenticationId, //From NtAllocateLocallyUniqueId ref long ExpirationTime, ref Ntifs._TOKEN_USER TokenUser, ref Ntifs._TOKEN_GROUPS_DYNAMIC TokenGroups, ref Winnt._TOKEN_PRIVILEGES_ARRAY TokenPrivileges, ref Ntifs._TOKEN_OWNER TokenOwner, ref Winnt._TOKEN_PRIMARY_GROUP TokenPrimaryGroup, ref Winnt._TOKEN_DEFAULT_DACL TokenDefaultDacl, ref Winnt._TOKEN_SOURCE TokenSource );