private static NtResult <NtEvent> CreateEvent(int session_id, string name, bool throw_on_error) { using (var obja = CreateObjectAttributes(session_id, name)) { return(NtEvent.Create(obja, EventType.SynchronizationEvent, false, EventAccessRights.MaximumAllowed, throw_on_error)); } }
public override NtObject NewItem(string relative_path, string item_type_name, object new_item_value) { switch (item_type_name.ToLower()) { case "event": return(NtEvent.Create(relative_path, _dir, EventType.NotificationEvent, false)); case "directory": return(NtDirectory.Create(relative_path, _dir, DirectoryAccessRights.MaximumAllowed)); case "symboliclink": case "link": if (new_item_value == null) { throw new ArgumentNullException(nameof(new_item_value), "Must specify value for the symbolic link"); } return(NtSymbolicLink.Create(relative_path, _dir, new_item_value.ToString())); case "mutant": return(NtMutant.Create(relative_path, _dir, false)); case "semaphore": int max_count = 1; if (new_item_value != null) { max_count = Convert.ToInt32(new_item_value); } return(NtSemaphore.Create(relative_path, _dir, 0, max_count)); default: throw new ArgumentException($"Can't create new object of type {item_type_name}"); } }
private static NtEvent OpenEvent(string name, bool read_only) { EventAccessRights access = EventAccessRights.QueryState; if (!read_only) { access |= EventAccessRights.ModifyState; } return(NtEvent.Open(name, null, access)); }
private Win32DebugConsole(int session_id, NtEvent buffer_ready, NtEvent data_ready, NtSection buffer, NtMappedSection mapped_buffer) { _session_id = session_id; _buffer_ready = buffer_ready; _data_ready = data_ready; _buffer = buffer; _mapped_buffer = mapped_buffer; _data_ready_wait = data_ready.DuplicateAsWaitHandle(); _symlinks = new Dictionary <int, DisposableList <NtSymbolicLink> >(); }
/// <summary> /// Overridden method to create a new item. /// </summary> /// <param name="path">The drive path to create.</param> /// <param name="itemTypeName">The NT object type to create.</param> /// <param name="newItemValue">Additional item value data.</param> protected override void NewItem(string path, string itemTypeName, object newItemValue) { if (itemTypeName == null) { throw new ArgumentNullException("itemTypeName", "Must specify a typename"); } NtObject obj = null; string relative_path = GetRelativePath(PSPathToNT(path)); bool container = false; switch (itemTypeName.ToLower()) { case "event": obj = NtEvent.Create(relative_path, GetDrive().DirectoryRoot, EventType.NotificationEvent, false); break; case "directory": obj = NtDirectory.Create(relative_path, GetDrive().DirectoryRoot, DirectoryAccessRights.MaximumAllowed); container = true; break; case "symboliclink": case "link": if (newItemValue == null) { throw new ArgumentNullException("newItemValue", "Must specify value for the symbolic link"); } obj = NtSymbolicLink.Create(relative_path, GetDrive().DirectoryRoot, newItemValue.ToString()); break; case "mutant": obj = NtMutant.Create(relative_path, GetDrive().DirectoryRoot, false); break; case "semaphore": int max_count = 1; if (newItemValue != null) { max_count = Convert.ToInt32(newItemValue); } obj = NtSemaphore.Create(relative_path, GetDrive().DirectoryRoot, 0, max_count); break; default: throw new ArgumentException(String.Format("Can't create new object of type {0}", itemTypeName)); } WriteItemObject(obj, path, container); }
private void setNamedEventToolStripMenuItem_Click(object sender, EventArgs e) { using (NamedObjectForm frm = new NamedObjectForm("Event")) { if (frm.ShowDialog(this) == DialogResult.OK) { using (NtEvent handle = (NtEvent)frm.ObjectHandle) { try { handle.Set(); } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } } }
static void Main() { SetTokenPriv.EnablePrivilege(); //using var _ = new ApplicationPrivilege(new[] { // TokenPrivilegeValue.SeAssignPrimaryTokenPrivilege, // TokenPrivilegeValue.SeTakeOwnershipPrivilege, // TokenPrivilegeValue.SeLoadDriverPrivilege, // TokenPrivilegeValue.SeSecurityPrivilege, // TokenPrivilegeValue.SeTcbPrivilege, // TokenPrivilegeValue.SeBackupPrivilege, // TokenPrivilegeValue.SeRestorePrivilege, //}); //WaitForDebugger(); using var evt = NtEvent.Create(null, EventType.NotificationEvent, false); using var job = NtJob.CreateServerSilo(SiloObjectRootDirectoryControlFlags.All, @"C:\Windows", evt, false); using (var root = NtDirectory.Open(job.SiloRootDirectory)) { Console.WriteLine(root); SetupRootDirectory(root); } //Debugger.Break(); //NotifySM(job, 7); //ProcessExtensions.GetSessionUserToken(out var tok); var config = new NtProcessCreateConfig { ImagePath = @"\SystemRoot\System32\cmd.exe", ConfigImagePath = @"C:\Windows\System32\cmd.exe", CurrentDirectory = @"C:\Windows\System32", WindowTitle = "Demo", ParentProcess = NtProcess.Current, TerminateOnDispose = true, ThreadFlags = ThreadCreateFlags.Suspended, }; config.AddAttribute(ProcessAttribute.JobList(new[] { job })); using var proc = NtProcess.Create(config); proc.Thread.Resume(); proc.Process.Wait().ToNtException(); Console.WriteLine($"status: {proc.Process.ExitNtStatus}"); }
/// <summary> /// Method to create an object from a set of object attributes. /// </summary> /// <param name="obj_attributes">The object attributes to create/open from.</param> /// <returns>The newly created object.</returns> protected override object CreateObject(ObjectAttributes obj_attributes) { return(NtEvent.Open(obj_attributes, Access)); }
/// <summary> /// Method to create an object from a set of object attributes. /// </summary> /// <param name="obj_attributes">The object attributes to create/open from.</param> /// <returns>The newly created object.</returns> protected override object CreateObject(ObjectAttributes obj_attributes) { return(NtEvent.Create(obj_attributes, EventType, InitialState, Access)); }