internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory) { Index = id; Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; MaintainTypeList = info.MaintainTypeList; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, _type_factory.AccessRightsType, false); GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, _type_factory.AccessRightsType, false); GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, _type_factory.AccessRightsType, false); GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, _type_factory.AccessRightsType, false); }
private static Dictionary <string, NtType> LoadTypes() { var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly()); int type_size = GetTypeSize(); Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(type_size, true)) { int alignment = IntPtr.Size - 1; NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation, type_info, type_info.Length, out int return_length).ToNtException(); ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); string name = info.Name.ToString(); NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory; NtType ti = new NtType(count + 2, info, factory); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } return(ret); } }
internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory) { Index = id; Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; MaintainTypeList = info.MaintainTypeList; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; }
internal NtType(int index, ObjectTypeInformation info, NtTypeFactory type_factory) { Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; Index = index; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; GenericRead = NtSecurity.AccessMaskToString(GenericMapping.GenericRead, _type_factory.AccessRightsType); GenericWrite = NtSecurity.AccessMaskToString(GenericMapping.GenericWrite, _type_factory.AccessRightsType); GenericExecute = NtSecurity.AccessMaskToString(GenericMapping.GenericExecute, _type_factory.AccessRightsType); GenericAll = NtSecurity.AccessMaskToString(GenericMapping.GenericAll, _type_factory.AccessRightsType); DefaultMandatoryAccess = NtSecurity.AccessMaskToString(GetDefaultMandatoryAccess(), _type_factory.AccessRightsType); }
private static Dictionary <string, NtType> LoadTypes() { var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly()); Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); int size = 0x8000; NtStatus status = NtStatus.STATUS_INFO_LENGTH_MISMATCH; // repeatly try to fill out ObjectTypes buffer by increasing it's size between each attempt while (size < 0x1000000) { using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(size, true)) { status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation, type_info, type_info.Length, out int return_length); switch (status) { // if the input buffer is too small, double it's size and retry case NtStatus.STATUS_INFO_LENGTH_MISMATCH: size *= 2; break; // From this point, the return values of NtSystemCalls.NtQueryObject are considered correct case NtStatus.STATUS_SUCCESS: int alignment = IntPtr.Size - 1; ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); string name = info.Name.ToString(); NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory; NtType ti = new NtType(count + 2, info, factory); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } return(ret); default: throw new NtException(status); } } } // raise exception if the candidate buffer is over a MB. throw new NtException(NtStatus.STATUS_INSUFFICIENT_RESOURCES); }
private static void LoadTypes() { if (_types == null) { SafeStructureInOutBuffer <ObjectAllTypesInformation> type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(); try { Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); int return_length; NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation, type_info.DangerousGetHandle(), type_info.Length, out return_length); if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH) { status.ToNtException(); } type_info.Close(); type_info = null; type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(return_length, false); int alignment = IntPtr.Size - 1; NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation, type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException(); ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); NtType ti = new NtType(count + 2, info); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } _types = ret; } finally { if (type_info != null) { type_info.Close(); } } } }
internal NtType(int id, ObjectTypeInformation info) { Index = id; Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; MaintainTypeList = info.MaintainTypeList; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; }