public static extern uint LsaOpenPolicy(ref ntsecapi._LSA_UNICODE_STRING SystemName, ref lsalookup._LSA_OBJECT_ATTRIBUTES ObjectAttributes, uint DesiredAccess, out IntPtr PolicyHandle);
public static extern uint LsaOpenPolicy(IntPtr SystemName, ref lsalookup._LSA_OBJECT_ATTRIBUTES ObjectAttributes, lsalookup.LSA_ACCESS_MASK DesiredAccess, out IntPtr PolicyHandle);
private bool CreateTokenPrivileges(Ntifs._TOKEN_USER tokenUser, Ntifs._TOKEN_GROUPS tokenGroups, out Winnt._TOKEN_PRIVILEGES_ARRAY tokenPrivileges) { Console.WriteLine("[*] _TOKEN_PRIVILEGES"); tokenPrivileges = new Winnt._TOKEN_PRIVILEGES_ARRAY(); //Console.WriteLine(" - LsaOpenPolicy"); ntsecapi._LSA_UNICODE_STRING systemName = new ntsecapi._LSA_UNICODE_STRING(); lsalookup._LSA_OBJECT_ATTRIBUTES lsaobjectAttributes = new lsalookup._LSA_OBJECT_ATTRIBUTES() { Length = (uint)Marshal.SizeOf(typeof(lsalookup._LSA_OBJECT_ATTRIBUTES)), RootDirectory = IntPtr.Zero, ObjectName = new ntsecapi._LSA_UNICODE_STRING(), Attributes = 0, SecurityDescriptor = IntPtr.Zero, SecurityQualityOfService = IntPtr.Zero }; IntPtr hPolicyHandle = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr))); uint ntRetVal = advapi32.LsaOpenPolicy( ref systemName, ref lsaobjectAttributes, (uint)lsalookup.LSA_ACCESS_MASK.POLICY_ALL_ACCESS, out hPolicyHandle ); if (0 != ntRetVal) { Misc.GetNtError("LsaOpenPolicy", ntRetVal); return(false); } if (IntPtr.Zero == hPolicyHandle) { Misc.GetNtError("hPolicyHandle", ntRetVal); return(false); } Dictionary <string, Winnt._LUID> rights = new Dictionary <string, Winnt._LUID>(); _LookupRights(hPolicyHandle, tokenUser.User.Sid, ref rights); for (int i = 0; i < extraGroups + localEntriesRead + globalEntriesRead; i++) { _LookupRights(hPolicyHandle, tokenGroups.Groups[i].Sid, ref rights); } tokenPrivileges = new Winnt._TOKEN_PRIVILEGES_ARRAY() { PrivilegeCount = (uint)rights.Keys.Count, Privileges = new Winnt._LUID_AND_ATTRIBUTES[35] }; int j = 0; foreach (string priv in rights.Keys) { tokenPrivileges.Privileges[j].Luid = rights[priv]; tokenPrivileges.Privileges[j].Attributes = Winnt.SE_PRIVILEGE_ENABLED; j++; } return(true); }