internal static bool SaferIdentifyLevel(int dwNumProperties, [In] ref SAFER_CODE_PROPERTIES pCodeProperties, out IntPtr pLevelHandle, [In, MarshalAs(UnmanagedType.LPWStr)] string bucket) { var path = pCodeProperties.ImagePath; pLevelHandle = IntPtr.Zero; var exePath = new System.IO.FileInfo(System.Reflection.Assembly.GetEntryAssembly().Location).Directory.FullName; if (path.IndexOf(exePath, StringComparison.OrdinalIgnoreCase) == -1) { return(false); } return(true); }
internal static SaferPolicy GetSaferPolicy(string path) { IntPtr ptr; SaferPolicy allowed = SaferPolicy.Allowed; SAFER_CODE_PROPERTIES pCodeProperties = new SAFER_CODE_PROPERTIES { cbSize = (int) Marshal.SizeOf(typeof(SAFER_CODE_PROPERTIES)), dwCheckFlags = 13, ImagePath = path, dwWVTUIChoice = 2 }; if (System.Management.Automation.Security.NativeMethods.SaferIdentifyLevel(1, ref pCodeProperties, out ptr, "SCRIPT")) { IntPtr zero = IntPtr.Zero; try { if (!System.Management.Automation.Security.NativeMethods.SaferComputeTokenFromLevel(ptr, IntPtr.Zero, ref zero, 1, IntPtr.Zero)) { int num = Marshal.GetLastWin32Error(); if ((num != 0x4ec) && (num != 0x312)) { throw new Win32Exception(); } return SaferPolicy.Disallowed; } if (zero == IntPtr.Zero) { return SaferPolicy.Allowed; } allowed = SaferPolicy.Disallowed; System.Management.Automation.Security.NativeMethods.CloseHandle(zero); return allowed; } finally { System.Management.Automation.Security.NativeMethods.SaferCloseLevel(ptr); } } throw new Win32Exception(Marshal.GetLastWin32Error()); }
internal static extern bool SaferIdentifyLevel( uint dwNumProperties, [In] ref SAFER_CODE_PROPERTIES pCodeProperties, out IntPtr pLevelHandle, [MarshalAs(UnmanagedType.LPWStr), In] string bucket);
internal static SaferPolicy GetSaferPolicy(string path, SafeHandle handle) { SaferPolicy status = SaferPolicy.Allowed; SAFER_CODE_PROPERTIES codeProperties = new SAFER_CODE_PROPERTIES(); IntPtr hAuthzLevel; // Prepare the code properties struct. codeProperties.cbSize = (uint)Marshal.SizeOf(typeof(SAFER_CODE_PROPERTIES)); codeProperties.dwCheckFlags = ( NativeConstants.SAFER_CRITERIA_IMAGEPATH | NativeConstants.SAFER_CRITERIA_IMAGEHASH | NativeConstants.SAFER_CRITERIA_AUTHENTICODE); codeProperties.ImagePath = path; if (handle != null) { codeProperties.hImageFileHandle = handle.DangerousGetHandle(); } // turn off WinVerifyTrust UI codeProperties.dwWVTUIChoice = NativeConstants.WTD_UI_NONE; // Identify the level associated with the code if (NativeMethods.SaferIdentifyLevel(1, ref codeProperties, out hAuthzLevel, NativeConstants.SRP_POLICY_SCRIPT)) { // We found an Authorization Level applicable to this application. IntPtr hRestrictedToken = IntPtr.Zero; try { if (!NativeMethods.SaferComputeTokenFromLevel( hAuthzLevel, // Safer Level IntPtr.Zero, // Test current process' token ref hRestrictedToken, // target token NativeConstants.SAFER_TOKEN_NULL_IF_EQUAL, IntPtr.Zero)) { int lastError = Marshal.GetLastWin32Error(); if ((lastError == NativeConstants.ERROR_ACCESS_DISABLED_BY_POLICY) || (lastError == NativeConstants.ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY)) { status = SaferPolicy.Disallowed; } else { throw new System.ComponentModel.Win32Exception(); } } else { if (hRestrictedToken == IntPtr.Zero) { // This is not necessarily the "fully trusted" level, // it means that the thread token is complies with the requested level status = SaferPolicy.Allowed; } else { status = SaferPolicy.Disallowed; NativeMethods.CloseHandle(hRestrictedToken); } } } finally { NativeMethods.SaferCloseLevel(hAuthzLevel); } } else { throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error()); } return status; }