private ThreadImpersonationContext GetTcbPrivilege()
{
if (!WithTcb)
{
return(null);
}
if (NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeTcbPrivilege))
{
return(null);
}
return(PSUtils.ImpersonateSystem());
}
private NtToken GetSessionToken(TokenAccessRights desired_access, int session_id)
{
if (!NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeTcbPrivilege))
{
WriteWarning("Getting session token requires SeTcbPrivilege");
}
if (session_id < 0)
{
session_id = NtProcess.Current.SessionId;
}
using (var token = TokenUtils.GetSessionToken(session_id))
{
if (desired_access == TokenAccessRights.MaximumAllowed)
{
return(token.Duplicate());
}
return(token.Duplicate(desired_access));
}
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
NtToken.EnableEffectivePrivilege(TokenPrivilegeValue.SeCreateSymbolicLinkPrivilege);
Options |= FileOpenOptions.OpenReparsePoint;
if (ParameterSetName != "ReparseBuffer")
{
string target_path = Relative ? TargetPath : ResolvePath(SessionState, TargetPath, Win32Path);
switch (ParameterSetName)
{
case "MountPoint":
Directory = true;
ReparseBuffer = new MountPointReparseBuffer(target_path, PrintName);
break;
case "Symlink":
ReparseBuffer = new SymlinkReparseBuffer(target_path, string.IsNullOrEmpty(PrintName)
? target_path : PrintName, Relative ? SymlinkReparseBufferFlags.Relative : SymlinkReparseBufferFlags.None);
break;
case "RawBytes":
ReparseBuffer = ReparseBuffer.FromByteArray(Bytes);
break;
}
}
using (NtFile file = (NtFile)base.CreateObject(obj_attributes))
{
if (Flags != ReparseBufferExFlags.None || ExistingTag != 0 || ExistingGuid != Guid.Empty)
{
file.SetReparsePointEx(ReparseBuffer, Flags, ExistingTag, ExistingGuid);
}
else
{
file.SetReparsePoint(ReparseBuffer);
}
}
return(null);
}
