public void NtConnectPort() { var handle = new AlpcPortHandle(); var name = "\\" + this.GetType().Name + MethodBase.GetCurrentMethod().Name; IntPtr optional = IntPtr.Zero; uint maxMessageLenght = 100; var SecurityQos = new SECURITY_QUALITY_OF_SERVICE(); int status = NativeMethods.NtConnectPort(out handle, name, ref SecurityQos, out optional, out optional, ref maxMessageLenght, out optional, out optional); AlpcErrorHandler.Check(status); }
internal static unsafe (uint status, IntPtr handle) NtCreateFile(ReadOnlySpan <char> path, FileMode mode, FileAccess access, FileShare share, FileOptions options, long preallocationSize) { // For mitigating local elevation of privilege attack through named pipes // make sure we always call NtCreateFile with SECURITY_ANONYMOUS so that the // named pipe server can't impersonate a high privileged client security context SECURITY_QUALITY_OF_SERVICE securityQualityOfService = new SECURITY_QUALITY_OF_SERVICE( ImpersonationLevel.Anonymous, // SECURITY_ANONYMOUS ContextTrackingMode.Static, effectiveOnly: false); return(CreateFile( path: path, rootDirectory: IntPtr.Zero, createDisposition: GetCreateDisposition(mode), desiredAccess: GetDesiredAccess(access, mode, options), shareAccess: GetShareAccess(share), fileAttributes: GetFileAttributes(options), createOptions: GetCreateOptions(options), objectAttributes: GetObjectAttributes(share), preallocationSize: &preallocationSize, securityQualityOfService: &securityQualityOfService)); }
public void NtCreate_Listen_AcceptConnect_Connect() { var name = "\\" + this.GetType().Name + MethodBase.GetCurrentMethod().Name; NAlpc.AlpcPortHandle serverConnectionPort = null; var attributes = new OBJECT_ATTRIBUTES(); uint maxMessageLenght = 30; int serverCreatePortStatus = NativeMethods.NtCreatePort(out serverConnectionPort, ref attributes, 50, maxMessageLenght, 10); AlpcErrorHandler.Check(serverCreatePortStatus); var msg = new MY_TRANSFERRED_MESSAGE(); var wait = Task.Factory.StartNew(() => { var serverListenPortStatus = NativeMethods.NtListenPort(serverConnectionPort, ref msg.Header); AlpcErrorHandler.Check(serverListenPortStatus); NAlpc.AlpcPortHandle serverComuicationPort = null; IntPtr optional1 = IntPtr.Zero; int serverAcceptConnectPort = NativeMethods.NtAcceptConnectPort(out serverComuicationPort, optional1, ref msg.Header, true, optional1, optional1); AlpcErrorHandler.Check(serverAcceptConnectPort); }); var listenBlocksThread = wait.Wait(150); IntPtr optional = IntPtr.Zero; var SecurityQos = SECURITY_QUALITY_OF_SERVICE.Create(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, false, true); AlpcPortHandle clientHandle; int status = NativeMethods.NtConnectPort(out clientHandle, name, ref SecurityQos, out optional, out optional, ref maxMessageLenght, out optional, out optional); var ex = new Win32Exception(status); var err = Marshal.GetLastWin32Error(); var ex2 = new Win32Exception(err); Assert.IsFalse(listenBlocksThread); serverConnectionPort.Dispose(); }