internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory) { Index = id; Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; MaintainTypeList = info.MaintainTypeList; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, _type_factory.AccessRightsType, false); GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, _type_factory.AccessRightsType, false); GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, _type_factory.AccessRightsType, false); GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, _type_factory.AccessRightsType, false); }
private static Dictionary <string, NtType> LoadTypes() { var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly()); int type_size = GetTypeSize(); Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(type_size, true)) { int alignment = IntPtr.Size - 1; NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation, type_info, type_info.Length, out int return_length).ToNtException(); ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); string name = info.Name.ToString(); NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory; NtType ti = new NtType(count + 2, info, factory); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } return(ret); } }
internal NtType(int id, ObjectTypeInformation info, NtTypeFactory type_factory) { Index = id; Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; MaintainTypeList = info.MaintainTypeList; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; }
internal NtType(int index, ObjectTypeInformation info, NtTypeFactory type_factory) { Name = info.Name.ToString(); InvalidAttributes = info.InvalidAttributes; GenericMapping = info.GenericMapping; ValidAccess = info.ValidAccess; SecurityRequired = info.SecurityRequired != 0; TotalNumberOfObjects = info.TotalNumberOfObjects; TotalNumberOfHandles = info.TotalNumberOfHandles; TotalPagedPoolUsage = info.TotalPagedPoolUsage; TotalNonPagedPoolUsage = info.TotalNonPagedPoolUsage; TotalNamePoolUsage = info.TotalNamePoolUsage; TotalHandleTableUsage = info.TotalHandleTableUsage; HighWaterNumberOfObjects = info.HighWaterNumberOfObjects; HighWaterNumberOfHandles = info.HighWaterNumberOfHandles; HighWaterPagedPoolUsage = info.HighWaterPagedPoolUsage; HighWaterNonPagedPoolUsage = info.HighWaterNonPagedPoolUsage; HighWaterNamePoolUsage = info.HighWaterNamePoolUsage; HighWaterHandleTableUsage = info.HighWaterHandleTableUsage; MaintainHandleCount = info.MaintainHandleCount != 0; Index = index; PoolType = info.PoolType; PagedPoolUsage = info.PagedPoolUsage; NonPagedPoolUsage = info.NonPagedPoolUsage; _type_factory = type_factory; GenericRead = NtSecurity.AccessMaskToString(GenericMapping.GenericRead, _type_factory.AccessRightsType); GenericWrite = NtSecurity.AccessMaskToString(GenericMapping.GenericWrite, _type_factory.AccessRightsType); GenericExecute = NtSecurity.AccessMaskToString(GenericMapping.GenericExecute, _type_factory.AccessRightsType); GenericAll = NtSecurity.AccessMaskToString(GenericMapping.GenericAll, _type_factory.AccessRightsType); DefaultMandatoryAccess = NtSecurity.AccessMaskToString(GetDefaultMandatoryAccess(), _type_factory.AccessRightsType); }
internal NtType(int id, string name) { Index = id; Name = name; if (Name == null) { Name = String.Format("Unknown {0}", id); } System.Diagnostics.Debug.WriteLine(String.Format("Generating Fake Type for {0}", Name)); _type_factory = _generic_factory; }
private static Dictionary <string, NtType> LoadTypes() { var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly()); Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase); int size = 0x8000; NtStatus status = NtStatus.STATUS_INFO_LENGTH_MISMATCH; // repeatly try to fill out ObjectTypes buffer by increasing it's size between each attempt while (size < 0x1000000) { using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(size, true)) { status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation, type_info, type_info.Length, out int return_length); switch (status) { // if the input buffer is too small, double it's size and retry case NtStatus.STATUS_INFO_LENGTH_MISMATCH: size *= 2; break; // From this point, the return values of NtSystemCalls.NtQueryObject are considered correct case NtStatus.STATUS_SUCCESS: int alignment = IntPtr.Size - 1; ObjectAllTypesInformation result = type_info.Result; IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size; for (int count = 0; count < result.NumberOfTypes; ++count) { ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation)); string name = info.Name.ToString(); NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory; NtType ti = new NtType(count + 2, info, factory); ret[ti.Name] = ti; int offset = (info.Name.MaximumLength + alignment) & ~alignment; curr_typeinfo = info.Name.Buffer + offset; } return(ret); default: throw new NtException(status); } } } // raise exception if the candidate buffer is over a MB. throw new NtException(NtStatus.STATUS_INSUFFICIENT_RESOURCES); }
internal NtType(string name, GenericMapping generic_mapping, Type access_rights_type) { if (!access_rights_type.IsEnum) { throw new ArgumentException("Specify an enumerated type", "access_rights_type"); } _type_factory = new NtTypeFactory(access_rights_type, typeof(object)); Name = name; GenericMapping = generic_mapping; GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, access_rights_type, false); GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, access_rights_type, false); GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, access_rights_type, false); GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, access_rights_type, false); }
internal NtType(int id, string name) { Index = id; Name = name; if (Name == null) { Name = $"Unknown {id}"; } System.Diagnostics.Debug.WriteLine($"Generating Fake Type for {Name}"); _type_factory = _generic_factory; GenericRead = String.Empty; GenericWrite = String.Empty; GenericExecute = String.Empty; GenericAll = String.Empty; }
internal NtType(string name, GenericMapping generic_mapping, Type access_rights_type, Type container_access_rights_type, MandatoryLabelPolicy default_policy) { if (!access_rights_type.IsEnum) { throw new ArgumentException("Specify an enumerated type", "access_rights_type"); } _type_factory = new NtTypeFactory(access_rights_type, container_access_rights_type, typeof(object), false, default_policy); Name = name; ValidAccess = CalculateValidAccess(access_rights_type) | CalculateValidAccess(container_access_rights_type); GenericMapping = generic_mapping; GenericRead = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericRead, GenericMapping, access_rights_type, false); GenericWrite = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericWrite, GenericMapping, access_rights_type, false); GenericExecute = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericExecute, GenericMapping, access_rights_type, false); GenericAll = NtObjectUtils.GrantedAccessAsString(GenericMapping.GenericAll, GenericMapping, access_rights_type, false); DefaultMandatoryAccess = NtObjectUtils.GrantedAccessAsString(GetDefaultMandatoryAccess(), generic_mapping, access_rights_type, false); }