internal static SecurityIdentifier GetWindowsServiceSid(string name)
{
short num3;
string accountName = string.Format(CultureInfo.InvariantCulture, @"NT Service\{0}", new object[] { name });
byte[] sid = null;
uint cbSid = 0;
uint cchReferencedDomainName = 0;
int error = 0;
if (!ListenerUnsafeNativeMethods.LookupAccountName(null, accountName, sid, ref cbSid, null, ref cchReferencedDomainName, out num3))
{
error = Marshal.GetLastWin32Error();
if (error != 0x7a)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
sid = new byte[cbSid];
StringBuilder referencedDomainName = new StringBuilder((int)cchReferencedDomainName);
if (!ListenerUnsafeNativeMethods.LookupAccountName(null, accountName, sid, ref cbSid, referencedDomainName, ref cchReferencedDomainName, out num3))
{
error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
return(new SecurityIdentifier(sid, 0));
}
internal static SecurityIdentifier GetWindowsServiceSid(string name)
{
Fx.Assert(OSEnvironmentHelper.IsVistaOrGreater, "This method can be called only on Vista or greater.");
string accountName = string.Format(CultureInfo.InvariantCulture, WindowsServiceAccountFormat, name);
byte[] sid = null;
uint cbSid = 0;
uint cchReferencedDomainName = 0;
short peUse;
int error = UnsafeNativeMethods.ERROR_SUCCESS;
if (!ListenerUnsafeNativeMethods.LookupAccountName(null, accountName, sid, ref cbSid,
null, ref cchReferencedDomainName, out peUse))
{
error = Marshal.GetLastWin32Error();
if (error != ListenerUnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
sid = new byte[cbSid];
StringBuilder referencedDomainName = new StringBuilder((int)cchReferencedDomainName);
if (!ListenerUnsafeNativeMethods.LookupAccountName(null, accountName, sid, ref cbSid,
referencedDomainName, ref cchReferencedDomainName, out peUse))
{
error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
return(new SecurityIdentifier(sid, 0));
}
internal static unsafe void KeepOnlyPrivilegeInProcess(string privilege)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
SafeCloseHandle processToken = GetProcessToken(process, 0x20028);
try
{
LUID luid;
if (!ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
byte[] tokenInformation = new byte[GetTokenInformationLength(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges)];
try
{
fixed(byte *numRef = tokenInformation)
{
GetTokenInformation(processToken, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges, tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *newState = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)numRef;
LUID_AND_ATTRIBUTES *luid_and_attributesPtr = &newState->Privileges;
int index = 0;
for (int i = 0; i < newState->PrivilegeCount; i++)
{
if (!luid_and_attributesPtr[i].Luid.Equals(luid))
{
luid_and_attributesPtr[index].Attributes = PrivilegeAttribute.SE_PRIVILEGE_DISABLED | PrivilegeAttribute.SE_PRIVILEGE_REMOVED;
luid_and_attributesPtr[index].Luid = luid_and_attributesPtr[i].Luid;
index++;
}
}
newState->PrivilegeCount = index;
bool flag = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(processToken, false, newState, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero);
int num5 = Marshal.GetLastWin32Error();
if (!flag || (num5 != 0))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num5));
}
}
}
finally
{
numRef = null;
}
}
finally
{
processToken.Close();
}
}
finally
{
process.Close();
}
}
internal static void KeepOnlyPrivilegeInProcess(string privilege)
{
SafeCloseHandle process = OpenCurrentProcessForWrite();
try
{
SafeCloseHandle token = GetProcessToken(process, ListenerUnsafeNativeMethods.TOKEN_QUERY | ListenerUnsafeNativeMethods.TOKEN_ADJUST_PRIVILEGES | ListenerUnsafeNativeMethods.READ_CONTROL);
try
{
LUID luid;
bool success = ListenerUnsafeNativeMethods.LookupPrivilegeValue(IntPtr.Zero, privilege, &luid);
if (!success)
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
int length = GetTokenInformationLength(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges);
byte[] tokenInformation = new byte[length];
fixed(byte *pTokenPrivileges = tokenInformation)
{
GetTokenInformation(token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS.TokenPrivileges,
tokenInformation);
ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *pTP = (ListenerUnsafeNativeMethods.TOKEN_PRIVILEGES *)pTokenPrivileges;
LUID_AND_ATTRIBUTES *pLuidAndAttributes = (LUID_AND_ATTRIBUTES *)(&(pTP->Privileges));
int privilegeCount = 0;
for (int i = 0; i < pTP->PrivilegeCount; i++)
{
if (!pLuidAndAttributes[i].Luid.Equals(luid))
{
pLuidAndAttributes[privilegeCount].Attributes = PrivilegeAttribute.SE_PRIVILEGE_REMOVED;
pLuidAndAttributes[privilegeCount].Luid = pLuidAndAttributes[i].Luid;
privilegeCount++;
}
}
pTP->PrivilegeCount = privilegeCount;
success = ListenerUnsafeNativeMethods.AdjustTokenPrivileges(token, false, pTP, tokenInformation.Length, IntPtr.Zero, IntPtr.Zero);
int error = Marshal.GetLastWin32Error();
if (!success || error != UnsafeNativeMethods.ERROR_SUCCESS)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
}
finally
{
token.Close();
}
}
finally
{
process.Close();
}
}
private static void GetTokenInformation(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic, byte[] tokenInformation)
{
int num;
if (!ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, tokenInformation, tokenInformation.Length, out num))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
private static SafeServiceHandle OpenSCManager()
{
SafeServiceHandle handle = ListenerUnsafeNativeMethods.OpenSCManager(null, null, 1);
if (handle.IsInvalid)
{
Exception exception = new Win32Exception();
handle.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(handle);
}
static SafeServiceHandle OpenService(SafeServiceHandle scManager, string serviceName, int purpose)
{
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
SafeServiceHandle service = ListenerUnsafeNativeMethods.OpenService(scManager, serviceName, purpose);
if (service.IsInvalid)
{
Exception exception = new Win32Exception();
service.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(service);
}
static SafeServiceHandle OpenSCManager()
{
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
SafeServiceHandle scManager = ListenerUnsafeNativeMethods.OpenSCManager(null, null, ListenerUnsafeNativeMethods.SC_MANAGER_CONNECT);
if (scManager.IsInvalid)
{
Exception exception = new Win32Exception();
scManager.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(scManager);
}
private static SafeServiceHandle OpenService(SafeServiceHandle scManager, string serviceName, int purpose)
{
SafeServiceHandle handle = ListenerUnsafeNativeMethods.OpenService(scManager, serviceName, purpose);
if (handle.IsInvalid)
{
Exception exception = new Win32Exception();
handle.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(handle);
}
static SafeCloseHandle OpenProcessForQuery(int pid)
{
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
SafeCloseHandle process = ListenerUnsafeNativeMethods.OpenProcess(ListenerUnsafeNativeMethods.PROCESS_QUERY_INFORMATION, false, pid);
if (process.IsInvalid)
{
Exception exception = new Win32Exception();
process.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(process);
}
private static SafeCloseHandle OpenProcessForQuery(int pid)
{
SafeCloseHandle handle = ListenerUnsafeNativeMethods.OpenProcess(0x400, false, pid);
if (handle.IsInvalid)
{
Exception exception = new Win32Exception();
handle.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(handle);
}
private static SafeCloseHandle GetProcessToken(SafeCloseHandle process, int requiredAccess)
{
SafeCloseHandle handle;
bool flag = ListenerUnsafeNativeMethods.OpenProcessToken(process, requiredAccess, out handle);
int error = Marshal.GetLastWin32Error();
if (!flag)
{
System.ServiceModel.Diagnostics.Utility.CloseInvalidOutSafeHandle(handle);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
return(handle);
}
private static SafeCloseHandle OpenCurrentProcessForWrite()
{
int id = Process.GetCurrentProcess().Id;
SafeCloseHandle handle = ListenerUnsafeNativeMethods.OpenProcess(0x60400, false, id);
if (handle.IsInvalid)
{
Exception exception = new Win32Exception();
handle.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(handle);
}
private static int GetTokenInformationLength(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic)
{
int num;
if (!ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, null, 0, out num))
{
int error = Marshal.GetLastWin32Error();
if (error != 0x7a)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
return(num);
}
static SafeCloseHandle OpenCurrentProcessForWrite()
{
int processId = Process.GetCurrentProcess().Id;
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
SafeCloseHandle process = ListenerUnsafeNativeMethods.OpenProcess(ListenerUnsafeNativeMethods.PROCESS_QUERY_INFORMATION | ListenerUnsafeNativeMethods.WRITE_DAC | ListenerUnsafeNativeMethods.READ_CONTROL, false, processId);
if (process.IsInvalid)
{
Exception exception = new Win32Exception();
process.SetHandleAsInvalid();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(exception);
}
return(process);
}
static int GetTokenInformationLength(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic)
{
int lengthNeeded;
bool success = ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, null, 0, out lengthNeeded);
if (!success)
{
int error = Marshal.GetLastWin32Error();
if (error != ListenerUnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
return lengthNeeded;
}
static int GetTokenInformationLength(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic)
{
int lengthNeeded;
bool success = ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, null, 0, out lengthNeeded);
if (!success)
{
int error = Marshal.GetLastWin32Error();
if (error != ListenerUnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
return(lengthNeeded);
}
private static unsafe ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS GetStatusForService(string serviceName)
{
ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS service_status_process;
SafeServiceHandle scManager = OpenSCManager();
try
{
SafeServiceHandle hService = OpenService(scManager, serviceName, 4);
try
{
int num;
if (!ListenerUnsafeNativeMethods.QueryServiceStatusEx(hService, 0, null, 0, out num))
{
int error = Marshal.GetLastWin32Error();
if (error != 0x7a)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
byte[] pBuffer = new byte[num];
if (!ListenerUnsafeNativeMethods.QueryServiceStatusEx(hService, 0, pBuffer, pBuffer.Length, out num))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
try
{
fixed(byte *numRef = pBuffer)
{
service_status_process = (ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS)Marshal.PtrToStructure((IntPtr)numRef, typeof(ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS));
}
}
finally
{
numRef = null;
}
}
finally
{
hService.Close();
}
}
finally
{
scManager.Close();
}
return(service_status_process);
}
// Do not use this method unless you understand the consequnces of lack of synchronization
static void EditKernelObjectSecurity(SafeCloseHandle kernelObject, List <SecurityIdentifier> accounts, SecurityIdentifier account, int right, bool add)
{
// take the SECURITY_DESCRIPTOR from the kernelObject
int lpnLengthNeeded;
bool success = ListenerUnsafeNativeMethods.GetKernelObjectSecurity(kernelObject, ListenerUnsafeNativeMethods.DACL_SECURITY_INFORMATION, null, 0, out lpnLengthNeeded);
if (!success)
{
int errorCode = Marshal.GetLastWin32Error();
if (errorCode != ListenerUnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(errorCode));
}
}
byte[] pSecurityDescriptor = new byte[lpnLengthNeeded];
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
success = ListenerUnsafeNativeMethods.GetKernelObjectSecurity(kernelObject, ListenerUnsafeNativeMethods.DACL_SECURITY_INFORMATION, pSecurityDescriptor, pSecurityDescriptor.Length, out lpnLengthNeeded);
if (!success)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
CommonSecurityDescriptor securityDescriptor = new CommonSecurityDescriptor(false, false, pSecurityDescriptor, 0);
DiscretionaryAcl dacl = securityDescriptor.DiscretionaryAcl;
// add ACEs to the SECURITY_DESCRIPTOR of the kernelObject
if (account != null)
{
EditDacl(dacl, account, right, add);
}
else if (accounts != null)
{
foreach (SecurityIdentifier accountInList in accounts)
{
EditDacl(dacl, accountInList, right, add);
}
}
lpnLengthNeeded = securityDescriptor.BinaryLength;
pSecurityDescriptor = new byte[lpnLengthNeeded];
securityDescriptor.GetBinaryForm(pSecurityDescriptor, 0);
// set the SECURITY_DESCRIPTOR on the kernelObject
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
success = ListenerUnsafeNativeMethods.SetKernelObjectSecurity(kernelObject, ListenerUnsafeNativeMethods.DACL_SECURITY_INFORMATION, pSecurityDescriptor);
if (!success)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
}
static ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS GetStatusForService(string serviceName)
{
SafeServiceHandle scManager = OpenSCManager();
try
{
SafeServiceHandle service = OpenService(scManager, serviceName, ListenerUnsafeNativeMethods.SERVICE_QUERY_STATUS);
try
{
int lpnLengthNeeded;
bool success = ListenerUnsafeNativeMethods.QueryServiceStatusEx(service, ListenerUnsafeNativeMethods.SC_STATUS_PROCESS_INFO, null, 0, out lpnLengthNeeded);
if (!success)
{
int errorCode = Marshal.GetLastWin32Error();
if (errorCode != ListenerUnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(errorCode));
}
}
byte[] serviceStatusProcess = new byte[lpnLengthNeeded];
#pragma warning suppress 56523 // Microsoft, Win32Exception ctor calls Marshal.GetLastWin32Error()
success = ListenerUnsafeNativeMethods.QueryServiceStatusEx(service, ListenerUnsafeNativeMethods.SC_STATUS_PROCESS_INFO, serviceStatusProcess, serviceStatusProcess.Length, out lpnLengthNeeded);
if (!success)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
fixed(byte *pServiceStatusProcess = serviceStatusProcess)
{
return((ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS)Marshal.PtrToStructure((IntPtr)pServiceStatusProcess, typeof(ListenerUnsafeNativeMethods.SERVICE_STATUS_PROCESS)));
}
}
finally
{
service.Close();
}
}
finally
{
scManager.Close();
}
}
private static void EditKernelObjectSecurity(SafeCloseHandle kernelObject, List <SecurityIdentifier> accounts, SecurityIdentifier account, int right, bool add)
{
int num;
if (!ListenerUnsafeNativeMethods.GetKernelObjectSecurity(kernelObject, 4, null, 0, out num))
{
int error = Marshal.GetLastWin32Error();
if (error != 0x7a)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
byte[] pSecurityDescriptor = new byte[num];
if (!ListenerUnsafeNativeMethods.GetKernelObjectSecurity(kernelObject, 4, pSecurityDescriptor, pSecurityDescriptor.Length, out num))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, pSecurityDescriptor, 0);
DiscretionaryAcl discretionaryAcl = descriptor.DiscretionaryAcl;
if (account != null)
{
EditDacl(discretionaryAcl, account, right, add);
}
else if (accounts != null)
{
foreach (SecurityIdentifier identifier in accounts)
{
EditDacl(discretionaryAcl, identifier, right, add);
}
}
pSecurityDescriptor = new byte[descriptor.BinaryLength];
descriptor.GetBinaryForm(pSecurityDescriptor, 0);
if (!ListenerUnsafeNativeMethods.SetKernelObjectSecurity(kernelObject, 4, pSecurityDescriptor))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception());
}
}
public static void WaitForDebugger(string serviceName)
{
bool waitForDebugger = ReadRegistryFlag(serviceName, "WaitForDebugger");
Debug.Print("DebuggableService.DelayStart() serviceName: " + serviceName + " waitForDebugger : " + waitForDebugger);
if (waitForDebugger)
{
for (int sleepCount = 0; sleepCount < 100; sleepCount++)
{
if (ListenerUnsafeNativeMethods.IsDebuggerPresent())
{
ListenerUnsafeNativeMethods.DebugBreak();
break;
}
if (Debugger.IsAttached)
{
Debugger.Break();
break;
}
Thread.Sleep(500);
}
}
}
override protected bool ReleaseHandle()
{
#pragma warning suppress 56523 // Microsoft, should only fail if there is a
return(ListenerUnsafeNativeMethods.CloseServiceHandle(handle));
}
protected override bool ReleaseHandle()
{
return(ListenerUnsafeNativeMethods.CloseServiceHandle(base.handle));
}
private static void GetTokenInformation(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic, byte[] tokenInformation)
{
int num;
if (!ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, tokenInformation, tokenInformation.Length, out num))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
override protected bool ReleaseHandle()
{
#pragma warning suppress 56523 // [....], should only fail if there is a bug (invalid handle); MDA will be raised
return(ListenerUnsafeNativeMethods.CloseServiceHandle(handle));
}
private static int GetTokenInformationLength(SafeCloseHandle token, ListenerUnsafeNativeMethods.TOKEN_INFORMATION_CLASS tic)
{
int num;
if (!ListenerUnsafeNativeMethods.GetTokenInformation(token, tic, null, 0, out num))
{
int error = Marshal.GetLastWin32Error();
if (error != 0x7a)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error));
}
}
return num;
}
