Пример #1
0
        private IntPtr pSD = IntPtr.Zero;      // LPSECURITY_DESCRIPTOR

        /// <summary>
        /// Constructor.
        /// </summary>
        /// <param name="access">The type of descriptor to create.</param>
        public SecurityAttributes(SecurityAccess access)
        {
#if WINFULL
            switch (access)
            {
            case SecurityAccess.Unrestricted:

                pSD = Marshal.AllocHGlobal(new IntPtr(WinApi.SECURITY_DESCRIPTOR_MIN_LENGTH));
                if (pSD == IntPtr.Zero)
                {
                    throw new Exception("Security descriptor cannot be allocated.");
                }

                if (!WinApi.InitializeSecurityDescriptor(pSD, WinApi.SECURITY_DESCRIPTOR_REVISION))
                {
                    Marshal.FreeHGlobal(pSD);
                    pSD = IntPtr.Zero;
                    throw new Exception("Security descriptor cannot be initialized.");
                }

                if (!WinApi.SetSecurityDescriptorDacl(pSD, true, IntPtr.Zero, false))
                {
                    Marshal.FreeHGlobal(pSD);
                    pSD = IntPtr.Zero;
                    throw new Exception("Cannot set the discretionary ACL.");
                }

                WinApi.SECURITY_ATTRIBUTES sa;

                sa  = new WinApi.SECURITY_ATTRIBUTES(pSD);
                pSA = Marshal.AllocHGlobal(sizeof(WinApi.SECURITY_ATTRIBUTES));
                if (pSA == IntPtr.Zero)
                {
                    throw new Exception("Security attributes cannot be allocated.");
                }

                Marshal.StructureToPtr(sa, pSA, false);
                break;

            case SecurityAccess.CurrentAccount:

                pSA = IntPtr.Zero;
                pSD = IntPtr.Zero;
                break;

            default:

                Assertion.Fail("Unexpected security access type.");
                break;
            }
#endif // WINFULL
        }
Пример #2
0
        static IntPtr getPrimaryToken(int processId)
        {
            IntPtr hToken = IntPtr.Zero;

            try
            {
                IntPtr  primaryToken = IntPtr.Zero;
                Process p            = Process.GetProcessById(processId);

                //Gets impersonation token
                if (!WinApi.Advapi32.OpenProcessToken(p.Handle, WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE, out hToken))
                {
                    throw new Exception("!OpenProcessToken()", ErrorRoutines.GetLastError());
                }

                WinApi.SECURITY_ATTRIBUTES sa = new WinApi.SECURITY_ATTRIBUTES();
                sa.nLength = Marshal.SizeOf(sa);

                //Convert the impersonation token into Primary token
                if (!WinApi.Advapi32.DuplicateTokenEx(
                        hToken,
                        WinApi.Advapi32.DesiredAccess.TOKEN_ASSIGN_PRIMARY | WinApi.Advapi32.DesiredAccess.TOKEN_DUPLICATE | WinApi.Advapi32.DesiredAccess.TOKEN_QUERY,
                        sa,
                        WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification,
                        WinApi.Advapi32.TOKEN_TYPE.TokenPrimary,
                        out primaryToken
                        ))
                {
                    throw new Exception("!DuplicateTokenEx()", ErrorRoutines.GetLastError());
                }
                return(primaryToken);
            }
            //catch(Exception e)
            //{

            //}
            finally
            {
                if (hToken != IntPtr.Zero)
                {
                    WinApi.Kernel32.CloseHandle(hToken);
                }
            }
        }
Пример #3
0
        private static bool getActiveSessionUserToken(ref IntPtr phUserToken)
        {
            var bResult             = false;
            var hImpersonationToken = IntPtr.Zero;
            var activeSessionId     = Wts.INVALID_SESSION_ID;
            var pSessionInfo        = IntPtr.Zero;
            var sessionCount        = 0;

            // Get a handle to the user access token for the current active session.
            if (Wts.WTSEnumerateSessions(Wts.WTS_CURRENT_SERVER_HANDLE, 0, 1, ref pSessionInfo, ref sessionCount) != 0)
            {
                var arrayElementSize = Marshal.SizeOf(typeof(Wts.WTS_SESSION_INFO));
                var current          = pSessionInfo;

                for (var i = 0; i < sessionCount; i++)
                {
                    var si = (Wts.WTS_SESSION_INFO)Marshal.PtrToStructure((IntPtr)current, typeof(Wts.WTS_SESSION_INFO));
                    current += arrayElementSize;

                    if (si.State == Wts.WTS_CONNECTSTATE_CLASS.WTSActive)
                    {
                        activeSessionId = si.SessionID;
                    }
                }
            }

            // If enumerating did not work, fall back to the old method
            if (activeSessionId == Wts.INVALID_SESSION_ID)
            {
                activeSessionId = Wts.WTSGetActiveConsoleSessionId();
            }

            if (Wts.WTSQueryUserToken(activeSessionId, ref hImpersonationToken) != 0)
            {
                // Convert the impersonation token to a primary token
                var sa = new WinApi.SECURITY_ATTRIBUTES();
                bResult = Advapi32.DuplicateTokenEx(hImpersonationToken, 0, sa, WinApi.Advapi32.SECURITY_IMPERSONATION_LEVEL.SecurityIdentification, WinApi.Advapi32.TOKEN_TYPE.TokenPrimary, out phUserToken);
                Kernel32.CloseHandle(hImpersonationToken);
            }

            return(bResult);
        }
Пример #4
0
        /// <summary>
        /// Starts the main debug loop, optionally creating a process from the supplied file path.
        /// </summary>
        /// <param name="arguments">An optional set of arguments that dictate how an executable is debugged.</param>
        private void StartDebugLoop(object arguments = null)
        {
            string filePath;
            string parameters;
            if (arguments == null)
            {
                filePath = string.Empty;
                parameters = string.Empty;
            }
            else if (arguments is DebugLoopArguments)
            {
                DebugLoopArguments dla = (DebugLoopArguments)arguments;
                filePath = dla.FilePath;
                parameters = dla.Parameters;
            }
            else
            {
                filePath = string.Empty;
                parameters = string.Empty;
            }

            if (arguments == null)
            {
                if (!this.IsOpen)
                {
                    return;
                }

                if (!WinApi.DebugActiveProcess((uint)this.PID))
                {
#if DEBUG
                    this.Status.Log("Cannot debug. Error: " + Marshal.GetLastWin32Error(), Logger.Level.HIGH);
#endif
                    return;
                }
                else if (!WinApi.DebugSetProcessKillOnExit(false))
                {
#if DEBUG
                    this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM);
#endif
                }
                else
                {
                    this.allowedToDebug = true;
                    this.threadMayExit = false;
                }

                WinApi.ThreadAccess thread_rights =
                    WinApi.ThreadAccess.SET_CONTEXT | WinApi.ThreadAccess.GET_CONTEXT | WinApi.ThreadAccess.SUSPEND_RESUME;
                IntPtr threadHandle = WinApi.OpenThread(thread_rights, false, (uint)this.ThreadID);
                WinApi.CONTEXT cx = new WinApi.CONTEXT();
                cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS;
                WinApi.GetThreadContext(threadHandle, ref cx);
                cx.ContextFlags = WinApi.CONTEXT_FLAGS.DEBUG_REGISTERS;
                cx.Dr7 =
                    (uint)(Debugger.DRegSettings.reg0w | Debugger.DRegSettings.reg0len4 | Debugger.DRegSettings.reg0set);
                bool stc = WinApi.SetThreadContext(threadHandle, ref cx);
                WinApi.CloseHandle(threadHandle);
                this.SetDebuggerArchitecture();
                this.DebugLoop();
                return;
            }
            else
            {
                if (!SysInteractor.IsInitialized)
                {
                    SysInteractor.Init();
                }

                bool res = false;
                string application = filePath;
                string commandLine = string.Empty;
                if (!string.IsNullOrEmpty(parameters))
                {
                    commandLine = '"' + filePath + "\" " + parameters;
                }

                WinApi.PROCESS_INFORMATION procInfo = new WinApi.PROCESS_INFORMATION();
                WinApi.STARTUPINFO startupInfo = new WinApi.STARTUPINFO();
                WinApi.SECURITY_ATTRIBUTES processSecurity = new WinApi.SECURITY_ATTRIBUTES();
                WinApi.SECURITY_ATTRIBUTES threadSecurity = new WinApi.SECURITY_ATTRIBUTES();
                processSecurity.nLength = Marshal.SizeOf(processSecurity);
                threadSecurity.nLength = Marshal.SizeOf(threadSecurity);

                // Open the process.
                res = WinApi.CreateProcess(
                    application,
                    commandLine,
                    ref processSecurity,
                    ref threadSecurity,
                    false,
                    (uint)WinApi.ProcessCreationFlags.DEBUG_PROCESS,
                    IntPtr.Zero,
                    null,
                    ref startupInfo,
                    out procInfo);
                if (!res)
                {
                    return;
                }

                this.ProcHandle = procInfo.hProcess;
                if (this.ProcHandle != null)
                {
                    try
                    {
                        this.Proc = System.Diagnostics.Process.GetProcessById(procInfo.dwProcessId);
                    }
                    catch (ArgumentException)
                    {
                        WinApi.CloseHandle(this.ProcHandle);
                        return;
                    }

                    if (!WinApi.DebugSetProcessKillOnExit(false))
                    {
#if DEBUG
                        this.Status.Log("Cannot exit cleanly in the future.", Logger.Level.MEDIUM);
#endif
                    }
                    else
                    {
                        this.allowedToDebug = true;
                        this.threadMayExit = false;
                    }

                    this.SetDebuggerArchitecture();
                    this.DebugLoop();

                    return;
                }

                this.Status.Log("Unable to open the target process.", Logger.Level.HIGH);
            }
        }