internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory)
{
Index = id;
Name = info.Name.ToString();
InvalidAttributes = info.InvalidAttributes;
GenericMapping = info.GenericMapping;
ValidAccess = info.ValidAccess;
SecurityRequired = info.SecurityRequired != 0;
TotalNumberOfObjects = info.TotalNumberOfObjects;
TotalNumberOfHandles = info.TotalNumberOfHandles;
TotalPagedPoolUsage = info.TotalPagedPoolUsage;
TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage;
TotalNamePoolUsage = info.TotalNamePoolUsage;
TotalHandleTableUsage = info.TotalHandleTableUsage;
HighWaterNumberOfObjects = info.HighWaterNumberOfObjects;
HighWaterNumberOfHandles = info.HighWaterNumberOfHandles;
HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage;
HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage;
HighWaterNamePoolUsage = info.HighWaterNamePoolUsage;
HighWaterHandleTableUsage = info.HighWaterHandleTableUsage;
MaintainHandleCount = info.MaintainHandleCount != 0;
MaintainTypeList = info.MaintainTypeList;
PoolType = info.PoolType;
PagedPoolUsage = info.PagedPoolUsage;
NonPagedPoolUsage = info.NonPagedPoolUsage;
_type_factory = type_factory;
GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, _type_factory.AccessRightsType, false);
GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, _type_factory.AccessRightsType, false);
GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, _type_factory.AccessRightsType, false);
GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, _type_factory.AccessRightsType, false);
}
private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
int type_size = GetTypeSize();
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(type_size, true))
{
int alignment = IntPtr.Size - 1;
NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation,
type_info, type_info.Length, out int return_length).ToNtException();
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
}
}
internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory)
{
Index = id;
Name = info.Name.ToString();
InvalidAttributes = info.InvalidAttributes;
GenericMapping = info.GenericMapping;
ValidAccess = info.ValidAccess;
SecurityRequired = info.SecurityRequired != 0;
TotalNumberOfObjects = info.TotalNumberOfObjects;
TotalNumberOfHandles = info.TotalNumberOfHandles;
TotalPagedPoolUsage = info.TotalPagedPoolUsage;
TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage;
TotalNamePoolUsage = info.TotalNamePoolUsage;
TotalHandleTableUsage = info.TotalHandleTableUsage;
HighWaterNumberOfObjects = info.HighWaterNumberOfObjects;
HighWaterNumberOfHandles = info.HighWaterNumberOfHandles;
HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage;
HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage;
HighWaterNamePoolUsage = info.HighWaterNamePoolUsage;
HighWaterHandleTableUsage = info.HighWaterHandleTableUsage;
MaintainHandleCount = info.MaintainHandleCount != 0;
MaintainTypeList = info.MaintainTypeList;
PoolType = info.PoolType;
PagedPoolUsage = info.PagedPoolUsage;
NonPagedPoolUsage = info.NonPagedPoolUsage;
_type_factory = type_factory;
}
internal NtType(int index, ObjectTypeInformation info, NtTypeFactory type_factory)
{
Name = info.Name.ToString();
InvalidAttributes = info.InvalidAttributes;
GenericMapping = info.GenericMapping;
ValidAccess = info.ValidAccess;
SecurityRequired = info.SecurityRequired != 0;
TotalNumberOfObjects = info.TotalNumberOfObjects;
TotalNumberOfHandles = info.TotalNumberOfHandles;
TotalPagedPoolUsage = info.TotalPagedPoolUsage;
TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage;
TotalNamePoolUsage = info.TotalNamePoolUsage;
TotalHandleTableUsage = info.TotalHandleTableUsage;
HighWaterNumberOfObjects = info.HighWaterNumberOfObjects;
HighWaterNumberOfHandles = info.HighWaterNumberOfHandles;
HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage;
HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage;
HighWaterNamePoolUsage = info.HighWaterNamePoolUsage;
HighWaterHandleTableUsage = info.HighWaterHandleTableUsage;
MaintainHandleCount = info.MaintainHandleCount != 0;
Index = index;
PoolType = info.PoolType;
PagedPoolUsage = info.PagedPoolUsage;
NonPagedPoolUsage = info.NonPagedPoolUsage;
_type_factory = type_factory;
GenericRead = NtSecurity.AccessMaskToString(GenericMapping.GenericRead, _type_factory.AccessRightsType);
GenericWrite = NtSecurity.AccessMaskToString(GenericMapping.GenericWrite, _type_factory.AccessRightsType);
GenericExecute = NtSecurity.AccessMaskToString(GenericMapping.GenericExecute, _type_factory.AccessRightsType);
GenericAll = NtSecurity.AccessMaskToString(GenericMapping.GenericAll, _type_factory.AccessRightsType);
DefaultMandatoryAccess = NtSecurity.AccessMaskToString(GetDefaultMandatoryAccess(), _type_factory.AccessRightsType);
}
internal NtType(int id, string name)
{
Index = id;
Name = name;
if (Name == null)
{
Name = String.Format("Unknown {0}", id);
}
System.Diagnostics.Debug.WriteLine(String.Format("Generating Fake Type for {0}", Name));
_type_factory = _generic_factory;
}
private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
int size = 0x8000;
NtStatus status = NtStatus.STATUS_INFO_LENGTH_MISMATCH;
// repeatly try to fill out ObjectTypes buffer by increasing it's size between each attempt
while (size < 0x1000000)
{
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(size, true))
{
status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation,
type_info, type_info.Length, out int return_length);
switch (status)
{
// if the input buffer is too small, double it's size and retry
case NtStatus.STATUS_INFO_LENGTH_MISMATCH:
size *= 2;
break;
// From this point, the return values of NtSystemCalls.NtQueryObject are considered correct
case NtStatus.STATUS_SUCCESS:
int alignment = IntPtr.Size - 1;
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
default:
throw new NtException(status);
}
}
}
// raise exception if the candidate buffer is over a MB.
throw new NtException(NtStatus.STATUS_INSUFFICIENT_RESOURCES);
}
internal NtType(string name, GenericMapping generic_mapping, Type access_rights_type)
{
if (!access_rights_type.IsEnum)
{
throw new ArgumentException("Specify an enumerated type", "access_rights_type");
}
_type_factory = new NtTypeFactory(access_rights_type, typeof(object));
Name = name;
GenericMapping = generic_mapping;
GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, access_rights_type, false);
GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, access_rights_type, false);
GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, access_rights_type, false);
GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, access_rights_type, false);
}
internal NtType(int id, string name)
{
Index = id;
Name = name;
if (Name == null)
{
Name = $"Unknown {id}";
}
System.Diagnostics.Debug.WriteLine($"Generating Fake Type for {Name}");
_type_factory = _generic_factory;
GenericRead = String.Empty;
GenericWrite = String.Empty;
GenericExecute = String.Empty;
GenericAll = String.Empty;
}
internal NtType(string name, GenericMapping generic_mapping, Type access_rights_type, Type container_access_rights_type, MandatoryLabelPolicy default_policy)
{
if (!access_rights_type.IsEnum)
{
throw new ArgumentException("Specify an enumerated type", "access_rights_type");
}
_type_factory = new NtTypeFactory(access_rights_type, container_access_rights_type, typeof(object), false, default_policy);
Name = name;
ValidAccess = CalculateValidAccess(access_rights_type) | CalculateValidAccess(container_access_rights_type);
GenericMapping = generic_mapping;
GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, access_rights_type, false);
GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, access_rights_type, false);
GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, access_rights_type, false);
GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, access_rights_type, false);
DefaultMandatoryAccess = NtObjectUtils.GrantedAccessAsString(GetDefaultMandatoryAccess(), generic_mapping, access_rights_type, false);
}
