private void SetupAppIdEntry(COMAppIDEntry entry)
{
textBoxAppIdName.Text = entry.Name;
textBoxAppIdGuid.Text = entry.AppId.FormatGuid();
textBoxLaunchPermission.Text = entry.LaunchPermission;
textBoxAccessPermission.Text = entry.AccessPermission;
textBoxAppIDRunAs.Text = GetStringValue(entry.RunAs);
textBoxAppIDService.Text = GetStringValue(entry.IsService ? entry.LocalService.Name : null);
textBoxAppIDFlags.Text = entry.Flags.ToString();
textBoxDllSurrogate.Text = GetStringValue(entry.DllSurrogate);
btnViewAccessPermissions.Enabled = entry.HasAccessPermission;
btnViewLaunchPermissions.Enabled = entry.HasLaunchPermission;
tabControlProperties.TabPages.Add(tabPageAppID);
if (entry.IsService)
{
textBoxServiceName.Text = entry.LocalService.Name;
textBoxServiceDisplayName.Text = GetStringValue(entry.LocalService.DisplayName);
textBoxServiceType.Text = entry.LocalService.ServiceType.ToString();
textBoxServiceImagePath.Text = entry.LocalService.ImagePath;
textBoxServiceDll.Text = GetStringValue(entry.LocalService.ServiceDll);
textBoxServiceUserName.Text = GetStringValue(entry.LocalService.UserName);
textBoxServiceProtectionLevel.Text = entry.LocalService.ProtectionLevel.ToString();
tabControlProperties.TabPages.Add(tabPageService);
}
m_appid = entry;
}
public static string GetAccessPermission(ICOMAccessSecurity obj)
{
if (obj is COMProcessEntry process)
{
return(process.AccessPermissions);
}
else if (obj is COMAppIDEntry || obj is COMCLSIDEntry)
{
COMAppIDEntry appid = obj as COMAppIDEntry;
if (appid == null && obj is COMCLSIDEntry clsid)
{
appid = clsid.AppIDEntry;
if (appid == null)
{
throw new ArgumentException("No AppID available for class");
}
}
if (appid.HasAccessPermission)
{
return(appid.AccessPermission);
}
throw new ArgumentException("AppID doesn't have an access permission");
}
throw new ArgumentException("Can't get access permission for object");
}
private void LoadAppIDs(RegistryKey rootKey)
{
m_appid = new SortedDictionary <Guid, COMAppIDEntry>();
using (RegistryKey appIdKey = rootKey.OpenSubKey("AppID"))
{
if (appIdKey != null)
{
string[] subkeys = appIdKey.GetSubKeyNames();
foreach (string key in subkeys)
{
Guid appid;
if (Guid.TryParse(key, out appid))
{
if (!m_appid.ContainsKey(appid))
{
using (RegistryKey regKey = appIdKey.OpenSubKey(key))
{
if (regKey != null)
{
COMAppIDEntry ent = new COMAppIDEntry(appid, regKey);
m_appid.Add(appid, ent);
}
}
}
}
}
}
}
}
private void SetupAppIdEntry(COMAppIDEntry entry)
{
textBoxAppIdName.Text = entry.Name;
textBoxAppIdGuid.Text = entry.AppId.ToString("B");
textBoxLaunchPermission.Text = entry.LaunchPermissionString ?? String.Empty;
textBoxAccessPermission.Text = entry.AccessPermissionString ?? String.Empty;
lblAppIdRunAs.Text = String.Format("Run As: {0}", entry.RunAs ?? "N/A");
lblService.Text = String.Format("Service: {0}", entry.LocalService ?? "N/A");
textBoxDllSurrogate.Text = entry.DllSurrogate ?? "N/A";
tabControlProperties.TabPages.Add(tabPageAppID);
}
public static string GetLaunchPermission(ICOMAccessSecurity obj)
{
if (obj is COMAppIDEntry || obj is COMCLSIDEntry)
{
COMAppIDEntry appid = obj as COMAppIDEntry;
if (appid == null && obj is COMCLSIDEntry clsid)
{
appid = clsid.AppIDEntry;
if (appid == null)
{
throw new ArgumentException("No AppID available for class");
}
}
if (appid.HasLaunchPermission)
{
return(appid.LaunchPermission);
}
throw new ArgumentException("AppID doesn't have an launch permission");
}
else if (obj is COMRuntimeClassEntry runtime_class)
{
if (runtime_class.HasPermission)
{
return(runtime_class.Permissions);
}
else if (runtime_class.ActivationType == ActivationType.OutOfProcess && runtime_class.HasServerPermission)
{
return(runtime_class.ServerPermissions);
}
throw new ArgumentException("RuntimeClass doesn't have an launch permission");
}
else if (obj is COMRuntimeServerEntry runtime_server)
{
if (runtime_server.HasPermission)
{
return(runtime_server.Permissions);
}
throw new ArgumentException("RuntimeServer doesn't have an launch permission");
}
throw new ArgumentException("Can't get launch permission for object");
}
public static void ViewSecurity(IWin32Window parent, COMAppIDEntry appid, bool access)
{
ViewSecurity(parent, String.Format("{0} {1}", appid.Name, access ? "Access" : "Launch"),
access ? appid.AccessPermission : appid.LaunchPermission, access);
}
public static void ViewSecurity(COMRegistry registry, COMAppIDEntry appid, bool access)
{
ViewSecurity(registry, string.Format("{0} {1}", appid.Name, access ? "Access" : "Launch"),
access ? appid.AccessPermission : appid.LaunchPermission, access);
}
public bool AccessCheck(
ICOMAccessSecurity obj)
{
if (obj == null)
{
return(false);
}
string launch_sddl = m_ignore_default ? string.Empty : obj.DefaultLaunchPermission;
string access_sddl = m_ignore_default ? string.Empty : obj.DefaultAccessPermission;
bool check_launch = true;
string principal = m_principal;
if (obj is COMProcessEntry process)
{
access_sddl = process.AccessPermissions;
principal = process.UserSid;
check_launch = false;
}
else if (obj is COMAppIDEntry || obj is COMCLSIDEntry)
{
COMAppIDEntry appid = obj as COMAppIDEntry;
if (appid == null && obj is COMCLSIDEntry clsid)
{
appid = clsid.AppIDEntry;
if (appid == null)
{
return(false);
}
}
if (appid.HasLaunchPermission)
{
launch_sddl = appid.LaunchPermission;
}
if (appid.HasAccessPermission)
{
access_sddl = appid.AccessPermission;
}
}
else if (obj is COMRuntimeClassEntry runtime_class)
{
if (runtime_class.HasPermission)
{
launch_sddl = runtime_class.Permissions;
}
else if (runtime_class.ActivationType == ActivationType.OutOfProcess && runtime_class.HasServerPermission)
{
launch_sddl = runtime_class.ServerPermissions;
}
else if (runtime_class.TrustLevel == TrustLevel.PartialTrust)
{
launch_sddl = COMRuntimeClassEntry.DefaultActivationPermission;
}
else
{
// Set to denied access.
launch_sddl = "O:SYG:SYD:";
}
access_sddl = launch_sddl;
}
else if (obj is COMRuntimeServerEntry runtime_server)
{
if (runtime_server.HasPermission)
{
launch_sddl = runtime_server.Permissions;
}
else
{
launch_sddl = "O:SYG:SYD:";
}
access_sddl = launch_sddl;
}
else
{
return(false);
}
if (!m_access_cache.ContainsKey(access_sddl))
{
if (m_access_rights == 0)
{
m_access_cache[access_sddl] = true;
}
else
{
m_access_cache[access_sddl] = COMSecurity.IsAccessGranted(access_sddl,
principal, m_access_token, false, false, m_access_rights);
}
}
if (check_launch && !m_launch_cache.ContainsKey(launch_sddl))
{
if (m_launch_rights == 0)
{
m_launch_cache[launch_sddl] = true;
}
else
{
m_launch_cache[launch_sddl] = COMSecurity.IsAccessGranted(launch_sddl, principal, m_access_token,
true, true, m_launch_rights);
}
}
if (m_access_cache[access_sddl] && (!check_launch || m_launch_cache[launch_sddl]))
{
return(true);
}
return(false);
}
private void LoadAppIDs(bool filterIL, bool filterAC)
{
List <IGrouping <Guid, COMCLSIDEntry> > clsidsByAppId = m_reg.ClsidsByAppId.ToList();
IDictionary <Guid, COMAppIDEntry> appids = m_reg.AppIDs;
List <TreeNode> serverNodes = new List <TreeNode>();
foreach (IGrouping <Guid, COMCLSIDEntry> pair in clsidsByAppId)
{
if (appids.ContainsKey(pair.Key))
{
COMAppIDEntry appidEnt = appids[pair.Key];
if (filterIL && String.IsNullOrWhiteSpace(COMUtilities.GetILForSD(appidEnt.AccessPermission)) &&
String.IsNullOrWhiteSpace(COMUtilities.GetILForSD(appidEnt.LaunchPermission)))
{
continue;
}
if (filterAC && !COMUtilities.SDHasAC(appidEnt.AccessPermission) && !COMUtilities.SDHasAC(appidEnt.LaunchPermission))
{
continue;
}
TreeNode node = new TreeNode(appidEnt.Name);
node.Tag = appidEnt;
StringBuilder builder = new StringBuilder();
AppendFormatLine(builder, "AppID: {0}", pair.Key);
if (!String.IsNullOrWhiteSpace(appidEnt.RunAs))
{
AppendFormatLine(builder, "RunAs: {0}", appidEnt.RunAs);
}
if (!String.IsNullOrWhiteSpace(appidEnt.LocalService))
{
AppendFormatLine(builder, "LocalService: {0}", appidEnt.LocalService);
}
string perm = appidEnt.LaunchPermissionString;
if (perm != null)
{
AppendFormatLine(builder, "Launch: {0}", LimitString(perm, 64));
}
perm = appidEnt.AccessPermissionString;
if (perm != null)
{
AppendFormatLine(builder, "Access: {0}", LimitString(perm, 64));
}
node.ToolTipText = builder.ToString();
int count = pair.Count();
TreeNode[] clsidNodes = new TreeNode[count];
string[] nodeNames = new string[count];
int j = 0;
foreach (COMCLSIDEntry ent in pair)
{
clsidNodes[j] = CreateClsidNode(ent);
nodeNames[j] = ent.Name;
j++;
}
Array.Sort(nodeNames, clsidNodes);
node.Nodes.AddRange(clsidNodes);
serverNodes.Add(node);
}
}
treeComRegistry.Nodes.AddRange(serverNodes.ToArray());
Text = "AppIDs";
}
private void LoadLocalServices()
{
List <IGrouping <Guid, COMCLSIDEntry> > clsidsByAppId = m_reg.ClsidsByAppId.ToList();
IDictionary <Guid, COMAppIDEntry> appids = m_reg.AppIDs;
Dictionary <string, ServiceController> services;
try
{
services = ServiceController.GetServices().ToDictionary(s => s.ServiceName.ToLower());
}
catch (Win32Exception)
{
services = new Dictionary <string, ServiceController>();
}
List <TreeNode> serverNodes = new List <TreeNode>();
foreach (IGrouping <Guid, COMCLSIDEntry> pair in clsidsByAppId)
{
if (appids.ContainsKey(pair.Key) && !String.IsNullOrWhiteSpace(appids[pair.Key].LocalService))
{
COMAppIDEntry appidEnt = appids[pair.Key];
string name = appidEnt.LocalService;
if (services.ContainsKey(name.ToLower()))
{
try
{
ServiceController sc = services[name.ToLower()];
string displayName = sc.DisplayName;
if (!String.IsNullOrWhiteSpace(displayName))
{
name = displayName;
}
}
catch (Win32Exception)
{
}
}
TreeNode node = new TreeNode(name);
StringBuilder builder = new StringBuilder();
AppendFormatLine(builder, "AppID: {0}", pair.Key);
if (!String.IsNullOrWhiteSpace(appidEnt.RunAs))
{
AppendFormatLine(builder, "RunAs: {0}", appidEnt.RunAs);
}
node.ToolTipText = builder.ToString();
node.Tag = appidEnt;
int count = pair.Count();
TreeNode[] clsidNodes = new TreeNode[count];
string[] nodeNames = new string[count];
int j = 0;
foreach (COMCLSIDEntry ent in pair)
{
clsidNodes[j] = CreateClsidNode(ent);
nodeNames[j] = ent.Name;
j++;
}
Array.Sort(nodeNames, clsidNodes);
node.Nodes.AddRange(clsidNodes);
serverNodes.Add(node);
}
}
treeComRegistry.Nodes.AddRange(serverNodes.ToArray());
Text = "Local Services";
}
