internal static NtResult <string> GetFileBasePath(SessionState state)
{
var current_path = state.Path.CurrentLocation;
if (!current_path.Provider.Name.Equals("FileSystem", StringComparison.OrdinalIgnoreCase))
{
return(NtResult <string> .CreateResultFromError(NtStatus.STATUS_OBJECT_PATH_NOT_FOUND, false));
}
return(NtFileUtils.DosFileNameToNt(current_path.Path, false));
}
private static string MapBindingToBindingString(NtResult <SafeRpcBindingHandle> binding, Guid interface_id, Version interface_version)
{
if (!binding.IsSuccess)
{
return(string.Empty);
}
if (ResolveBinding(binding.Result, interface_id, interface_version) != Win32Error.SUCCESS)
{
return(string.Empty);
}
return(binding.Result.ToString());
}
private static IEnumerable <T> EnumFilter <T, U>(FindFirst find_first, FindNext find_next,
FindClose find_close, GetNextOffset <U> get_next, CreateObject <T, U> create) where U : struct
{
using (var buffer = new SafeStructureInOutBuffer <U>(128 * 1024, true))
{
NtStatus no_more_hresult = Win32Error.ERROR_NO_MORE_ITEMS.ToHresult();
NtResult <IntPtr> handle = new NtResult <IntPtr>(no_more_hresult, IntPtr.Zero);
var list = new List <T>();
try
{
handle = find_first(buffer);
var status = handle.Status;
while (status != no_more_hresult)
{
if (status != NtStatus.STATUS_SUCCESS)
{
throw new NtException(status);
}
var next_buffer = buffer;
do
{
list.Add(create(next_buffer));
int offset = get_next(next_buffer);
if (offset == 0)
{
break;
}
next_buffer = next_buffer.GetStructAtOffset <U>(offset);
}while (true);
status = find_next(handle.Result, buffer);
}
}
finally
{
if (handle.IsSuccess)
{
find_close(handle.Result);
}
}
return(list.AsReadOnly());
}
}
/// <summary>
/// Get the base object manager path for the current powershell directory.
/// </summary>
/// <returns>The base path.</returns>
protected virtual NtResult <string> GetBasePath()
{
var current_path = SessionState.Path.CurrentLocation;
if (current_path.Drive is ObjectManagerPSDriveInfo drive)
{
string root_path = drive.DirectoryRoot.FullPath;
if (root_path == @"\")
{
root_path = string.Empty;
}
string relative_path = RemoveDrive(current_path.Path);
if (relative_path.Length == 0)
{
return(NtResult <string> .CreateResult($@"{root_path}"));
}
return(NtResult <string> .CreateResult($@"{root_path}\{relative_path}"));
}
return(NtResult <string> .CreateResultFromError(NtStatus.STATUS_OBJECT_PATH_NOT_FOUND, false));
}
private protected NtResult <O> ReOpen <O, X>(NtObjectWithDuplicate <O, X> obj) where O : NtObject where X : Enum
{
AccessMask mask = GenericAccessRights.MaximumAllowed;
using (var o = obj.ReOpen(mask.ToSpecificAccess <X>(), false))
{
if (o.IsSuccess)
{
return(o.Map(x => (O)x.DuplicateObject()));
}
}
AccessMask granted_mask = 0;
AccessMask valid_access = obj.NtType.ValidAccess;
uint test_mask = 1;
while (test_mask < 0x00200000)
{
if (valid_access.IsAccessGranted(test_mask))
{
mask = test_mask;
using (var o = obj.ReOpen(mask.ToSpecificAccess <X>(), false))
{
if (o.IsSuccess)
{
granted_mask |= test_mask;
}
}
}
test_mask <<= 1;
}
if (granted_mask.IsEmpty)
{
return(NtResult <O> .CreateResultFromError(NtStatus.STATUS_ACCESS_DENIED, false));
}
return(obj.ReOpen(granted_mask.ToSpecificAccess <X>(), false));
}
/// <summary>
/// Resolve the binding string for this service from the local Endpoint Mapper.
/// </summary>
/// <param name="binding">The binding handle.</param>
/// <param name="interface_id">Interface UUID to lookup.</param>
/// <param name="interface_version">Interface version lookup.</param>
/// <remarks>This only will return a valid value if the service is running and registered with the Endpoint Mapper. It can also hang.</remarks>
/// <returns>The RPC binding string. Empty string if it doesn't exist or the lookup failed.</returns>
private static string MapBindingToBindingString(NtResult <SafeRpcBindingHandle> binding, Guid interface_id, Version interface_version)
{
if (!binding.IsSuccess)
{
return(string.Empty);
}
RPC_SERVER_INTERFACE ifspec = new RPC_SERVER_INTERFACE();
ifspec.Length = Marshal.SizeOf(ifspec);
ifspec.InterfaceId.SyntaxGUID = interface_id;
ifspec.InterfaceId.SyntaxVersion = interface_version.ToRpcVersion();
var result = Win32NativeMethods.RpcEpResolveBinding(binding.Result, ref ifspec);
if (result != Win32Error.SUCCESS)
{
return(string.Empty);
}
return(binding.Result.ToString());
}