public static SafeNativeHandle DuplicatePrimaryToken(Process process)
{
SafeNativeHandle processToken;
if (
!AdvancedAPI.OpenProcessToken(process.Handle, TokenAccessLevels.Duplicate | TokenAccessLevels.Query,
out processToken))
{
throw new Win32Exception();
}
using (processToken)
{
var tokenRights = TokenAccessLevels.Query | TokenAccessLevels.AssignPrimary |
TokenAccessLevels.Duplicate | TokenAccessLevels.AdjustDefault |
TokenAccessLevels.AdjustSessionId;
SafeNativeHandle token;
if (
!AdvancedAPI.DuplicateTokenEx(processToken, tokenRights, IntPtr.Zero,
TokenImpersonationLevel.Impersonation, TokenType.TokenPrimary, out token))
{
throw new Win32Exception();
}
return(token);
}
}
// ReSharper disable once FlagArgument
public static void EnablePrivilegeOnProcess(Process process, SecurityEntities privilege)
{
if (!AdvancedAPI.OpenProcessToken(process.Handle, TokenAccessLevels.AdjustPrivileges,
out var processToken))
{
throw new Win32Exception();
}
using (processToken)
{
if (!AdvancedAPI.LookupPrivilegeValue(null, privilege.ToString(), out var luid))
{
throw new Win32Exception();
}
var tkp = new TokenPrivileges(PrivilegeAttributes.Enabled, luid);
if (
!AdvancedAPI.AdjustTokenPrivileges(processToken, false, ref tkp, (uint)Marshal.SizeOf(tkp),
IntPtr.Zero, IntPtr.Zero) ||
Marshal.GetLastWin32Error() != 0)
{
throw new Win32Exception();
}
}
}
/// <summary>
/// Returns a <see cref="WindowsIdentity" /> object containing information about the owner of a specific
/// <see cref="Process" />
/// </summary>
/// <param name="process">
/// <see cref="Process" /> to be used for creating the corresponding <see cref="WindowsIdentity" />
/// object
/// </param>
/// <returns>A newly created <see cref="WindowsIdentity" /> object</returns>
public static WindowsIdentity GetProcessOwner(Process process)
{
SafeNativeHandle token;
if (
!AdvancedAPI.OpenProcessToken(process.Handle, TokenAccessLevels.Query | TokenAccessLevels.Duplicate,
out token))
{
throw new Win32Exception();
}
using (token)
{
return(new WindowsIdentity(token.DangerousGetHandle()));
}
}