public MainForm()
{
InitializeComponent();
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
listViewThreads.ListViewItemSorter = new ListItemComparer(0);
listViewSessions.ListViewItemSorter = new ListItemComparer(0);
listViewHandles.ListViewItemSorter = new ListItemComparer(0);
RefreshProcessList(null, false);
using (NtToken token = NtProcess.Current.OpenToken())
{
if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
RefreshSessionList();
}
else
{
tabControlTests.TabPages.Remove(tabPageSessions);
groupBoxServiceAccounts.Visible = false;
}
}
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service);
comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network;
TokenForm.RegisterMainForm(this);
}
public MainForm()
{
InitializeComponent();
listViewProcesses.ListViewItemSorter = new ListItemComparer(0);
listViewThreads.ListViewItemSorter = new ListItemComparer(0);
listViewSessions.ListViewItemSorter = new ListItemComparer(0);
listViewHandles.ListViewItemSorter = new ListItemComparer(0);
listViewServices.ListViewItemSorter = new ListItemComparer(0);
AddGrouping("Name", p => p.Name);
AddGrouping("Session ID", p => $"Session {p.SessionId}");
AddGrouping("Sandbox", p => GetSandboxName(p.ProcessToken));
AddGrouping("Integrity Level", p => p.ProcessToken.IntegrityLevel.ToString());
AddGrouping("User", p => p.ProcessToken.User.Name);
AddGrouping("Elevation Type", p => GetElevationTypeName(p.ProcessToken));
AddGrouping("Authentication ID", p => p.ProcessToken.AuthenticationId.ToString());
AddGrouping("Origin ID", p => p.ProcessToken.Origin.ToString());
AddGrouping("Flags", p => p.ProcessToken.Flags.ToString());
AddGrouping("Package Name", p =>
{
if (!p.ProcessToken.AppContainer)
{
return("None");
}
if (!string.IsNullOrWhiteSpace(p.ProcessToken.PackageFullName))
{
return(p.ProcessToken.PackageFullName);
}
return(p.ProcessToken.AppContainerSid.Name);
});
AddGrouping("Security Descriptor", p => GetSecurityDescriptor(p.ProcessToken));
AddGrouping("Process Security Descriptor", p => GetSecurityDescriptor(p.ProcessSecurity));
AddGrouping("Trust Level", p => p.ProcessToken.TrustLevel?.Name ?? "Untrusted");
AddGrouping("No Child Process", p => p.ProcessToken.NoChildProcess ? "No Child Process" : "Unrestricted");
AddGrouping("Chrome Sandbox Type", p => GetChromeSandboxType(p));
RefreshProcessList(null, false, false);
using (NtToken token = NtProcess.Current.OpenToken())
{
if (token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled))
{
RefreshSessionList();
}
else
{
tabControlTests.TabPages.Remove(tabPageSessions);
groupBoxServiceAccounts.Visible = false;
}
}
RefreshServiceList();
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Batch);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Interactive);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Network);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NetworkCleartext);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.NewCredentials);
comboBoxS4ULogonType.Items.Add(SecurityLogonType.Service);
comboBoxS4ULogonType.SelectedItem = SecurityLogonType.Network;
TokenForm.RegisterMainForm(this);
}
private void enablePrivilegeToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listViewPrivs.SelectedItems.Count > 0)
{
bool multi_enable = listViewPrivs.SelectedItems.Count > 1;
bool all_enabled = AllPrivsEnabled(listViewPrivs.SelectedItems.OfType <ListViewItem>());
foreach (TokenPrivilege priv in
listViewPrivs.SelectedItems.OfType <ListViewItem>().Select(i => i.Tag))
{
try
{
if (priv != null)
{
_token.SetPrivilege(priv.Luid, !all_enabled);
}
}
catch (Exception ex)
{
if (!multi_enable)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
UpdatePrivileges();
}
}
/// <summary>
/// Override for begin processing.
/// </summary>
protected override void BeginProcessing()
{
using (NtToken process_token = NtToken.OpenProcessToken())
{
_open_for_backup = process_token.SetPrivilege(TokenPrivilegeValue.SeBackupPrivilege, PrivilegeAttributes.Enabled);
if (!_open_for_backup)
{
WriteWarning("Current process doesn't have SeBackupPrivilege, results may be inaccurate");
}
}
base.BeginProcessing();
}
private void ModifyPrivileges(IEnumerable <TokenPrivilege> privs, PrivilegeAttributes attributes)
{
bool multi = privs.Count() > 1;
foreach (TokenPrivilege priv in privs)
{
try
{
_token.SetPrivilege(priv.Luid, attributes);
}
catch (Exception ex)
{
if (!multi)
{
MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
UpdatePrivileges();
}
private void RunAccessCheckHandles(IEnumerable <TokenEntry> tokens)
{
var type_filter = GetTypeFilter();
using (NtToken process_token = NtToken.OpenProcessToken())
{
if (!process_token.SetPrivilege(TokenPrivilegeValue.SeDebugPrivilege, PrivilegeAttributes.Enabled))
{
WriteWarning("Current process doesn't have SeDebugPrivilege, results may be inaccurate");
}
}
if (type_filter.Count == 0)
{
WriteWarning("Checking handle access without any type filtering can hang. Perhaps specify the types using -TypeFilter.");
}
HashSet <ulong> checked_objects = new HashSet <ulong>();
var handles = NtSystemInfo.GetHandles(-1, false).Where(h => IsTypeFiltered(h.ObjectType, type_filter)).GroupBy(h => h.ProcessId);
foreach (var group in handles)
{
if (Stopping)
{
return;
}
using (var proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle, false))
{
if (proc.IsSuccess)
{
CheckHandles(tokens, type_filter, checked_objects, proc.Result, group);
}
}
}
}
