public Enumerator(Dictionary <int, RegisterStorage> regs, ArmRewriter outer)
{
this.bytes = outer.rdr.Bytes;
ulong addr = outer.rdr.Address.ToLinear();
this.hBytes = GCHandle.Alloc(bytes, GCHandleType.Pinned);
this.m = new RtlEmitter(new List <RtlInstruction>());
this.ntf = new NativeTypeFactory();
this.rtlEmitter = new NativeRtlEmitter(m, ntf, outer.host);
this.host = new ArmNativeRewriterHost(regs, outer.binder, outer.host, this.ntf, rtlEmitter);
this.iRtlEmitter = GetCOMInterface(rtlEmitter, IID_IRtlEmitter);
this.iNtf = GetCOMInterface(ntf, IID_INativeTypeFactory);
this.iHost = GetCOMInterface(host, IID_INativeRewriterHost);
IntPtr unk = CreateNativeRewriter(hBytes.AddrOfPinnedObject(), bytes.Length, (int)outer.rdr.Offset, addr, iRtlEmitter, iNtf, iHost);
this.native = (INativeRewriter)Marshal.GetObjectForIUnknown(unk);
}
private void permissionsMenuItem_Click(object sender, EventArgs e)
{
if (listObjects.SelectedItems.Count != 1)
{
return;
}
string objectName = this.NormalizePath(
treeDirectories.SelectedNode.FullPath + "\\" + listObjects.SelectedItems[0].Text
);
SecurityEditor.EditSecurity(
this,
SecurityEditor.GetSecurableWrapper((access) => NativeUtils.OpenObject((int)access, objectName, 0, null)),
objectName,
NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(
listObjects.SelectedItems[0].SubItems[1].Text
))
);
}
public ArmNativeRewriterHost(Dictionary <int, RegisterStorage> regs, IStorageBinder frame, IRewriterHost host, NativeTypeFactory ntf, NativeRtlEmitter m)
{
Debug.Assert(regs != null);
this.regs = regs;
this.coprocregs = new Dictionary <int, RegisterStorage>();
this.frame = frame;
this.host = host;
this.ntf = ntf;
this.m = m;
}
public static void ShowHandleProperties(SystemHandleEntry handleInfo)
{
try
{
IntPtr handle = new IntPtr(handleInfo.Handle);
ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle);
GenericHandle dupHandle = null;
// Try to get a handle, since we need one for security editing.
try
{
dupHandle = new GenericHandle(phandle, handle, 0);
}
catch
{ }
PropSheetHeader64 header = new PropSheetHeader64
{
dwSize = (uint)PropSheetHeader64.SizeOf,
nPages = 2,
dwFlags = (uint)PropSheetFlags.PSH_DEFAULT,
pszCaption = "Handle Properties"
};
using (HandleDetails hw = new HandleDetails())
{
hw.ObjectHandle = handleInfo;
hw.HandlePropertiesCallback += (control, name, typeName) =>
{
switch (typeName.ToLowerInvariant())
{
// Objects with separate property windows:
case "file":
case "job":
case "key":
case "token":
case "process":
{
Button b = new Button
{
FlatStyle = FlatStyle.System,
Text = "Properties"
};
b.Click += (sender, e) =>
{
try
{
switch (typeName.ToLowerInvariant())
{
case "file":
{
FileUtils.ShowProperties(name);
}
break;
case "job":
{
dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query);
(new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog();
}
break;
case "key":
{
try
{
PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name);
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to open the Registry Editor", ex);
}
}
break;
case "token":
{
using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle)))
{
twindow.ShowDialog();
}
}
break;
case "process":
{
dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess);
int pid = ProcessHandle.FromHandle(dupHandle).ProcessId;
Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow);
}
break;
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show object properties", ex);
}
};
control.Controls.Add(b);
}
break;
case "event":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState);
var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle));
control.Controls.Add(eventProps);
}
break;
case "eventpair":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All);
var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle));
control.Controls.Add(eventPairProps);
}
break;
case "mutant":
{
dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState);
var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle));
control.Controls.Add(mutantProps);
}
break;
case "section":
{
dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query);
var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle));
control.Controls.Add(sectionProps);
}
break;
case "semaphore":
{
dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState);
var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle));
control.Controls.Add(semaphoreProps);
}
break;
case "timer":
{
dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState);
var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle));
control.Controls.Add(timerProps);
}
break;
case "tmrm":
{
dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation);
var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle));
control.Controls.Add(tmRmProps);
}
break;
case "tmtm":
{
dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation);
var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle));
control.Controls.Add(tmTmProps);
}
break;
}
};
hw.Init();
IntPtr[] pages = new IntPtr[2];
pages[0] = hw.CreatePageHandle();
pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2(
null,
SecurityEditor.GetSecurableWrapper(dupHandle),
hw._name,
NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName))
));
GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned);
header.phpage = gch.AddrOfPinnedObject();
PropertySheetW(ref header);
if (dupHandle != null)
{
dupHandle.Dispose();
}
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show handle properties", ex);
}
}
public static ISecurable GetSecurable(NativeTypeFactory.ObjectType objectType, Func <StandardRights, NativeHandle> openMethod)
{
return(new GenericSecurableObject(NativeTypeFactory.GetSeObjectType(objectType), openMethod));
}
public void Init()
{
try
{
ObjectInformation handleInfo = ObjectHandle.GetHandleInfo();
_name = textName.Text = handleInfo.BestName;
if (string.IsNullOrEmpty(textName.Text))
{
textName.Text = "(unnamed object)";
}
_typeName = textType.Text = handleInfo.TypeName;
textAddress.Text = "0x" + ObjectHandle.Object.ToString("x");
textGrantedAccess.Text = "0x" + ObjectHandle.GrantedAccess.ToString("x");
if (ObjectHandle.GrantedAccess != 0)
{
try
{
Type accessEnumType = NativeTypeFactory.GetAccessType(handleInfo.TypeName);
textGrantedAccess.Text += " (" + NativeTypeFactory.GetAccessString(accessEnumType, ObjectHandle.GrantedAccess) + ")";
}
catch (NotSupportedException)
{
}
}
ObjectBasicInformation basicInfo = ObjectHandle.GetBasicInfo();
labelReferences.Text = "References: " + (basicInfo.PointerCount - 1);
labelHandles.Text = "Handles: " + basicInfo.HandleCount.ToString();
labelPaged.Text = "Paged: " + basicInfo.PagedPoolUsage.ToString();
labelNonPaged.Text = "Non-Paged: " + basicInfo.NonPagedPoolUsage.ToString();
if (HandlePropertiesCallback != null)
{
try
{
HandlePropertiesCallback(groupObjectInfo, _name, _typeName);
}
catch
{
}
if (groupObjectInfo.Controls.Count == 0)
{
groupObjectInfo.Visible = false;
}
else if (groupObjectInfo.Controls.Count == 1)
{
Control control = groupObjectInfo.Controls[0];
// If it's a user control, dock it.
if (control is UserControl)
{
control.Dock = DockStyle.Fill;
control.Margin = new Padding(3);
}
else
{
control.Location = new System.Drawing.Point(10, 20);
}
}
}
}
catch (Exception)
{ }
this.ActiveControl = this.label1;
}