public ProcessEntry(NativeHandle handle)
{
Handle = handle;
Pid = NativeBridge.GetPidForProcess(handle);
Threads = NativeBridge.GetThreadsForProcess(handle).Select(h => new ThreadEntry(h)).ToArray();
Array.Sort(Threads, (a, b) => a.Tid - b.Tid);
SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle);
StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor);
ImagePath = String.Empty;
if (Pid == 0)
{
Name = "Idle";
}
else if (Pid == 4)
{
Name = "System";
}
else
{
ImagePath = NativeBridge.GetProcessPath(handle);
Name = Path.GetFileNameWithoutExtension(ImagePath);
}
NativeHandle token = NativeBridge.OpenProcessToken(handle);
if (token != null)
{
Token = new TokenEntry(token);
}
}
public TokenEntry(NativeHandle handle)
{
Handle = handle;
SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle);
StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor);
UserName = NativeBridge.GetUserNameForToken(handle);
}
public ThreadEntry(NativeHandle handle)
{
Handle = handle;
SecurityDescriptor = NativeBridge.GetSecurityDescriptorForHandle(handle);
StringSecurityDescriptor = NativeBridge.GetStringSecurityDescriptor(SecurityDescriptor);
Tid = NativeBridge.GetTidForThread(handle);
NativeHandle token = NativeBridge.OpenThreadToken(handle);
if (token != null)
{
Token = new TokenEntry(token);
}
}
static void Main(string[] args)
{
bool show_help = false;
uint standard_filter = 0;
int pid = Process.GetCurrentProcess().Id;
try
{
OptionSet opts = new OptionSet() {
{ "r", "Recursive tree directory listing",
v => _recursive = v != null },
{ "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null },
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) },
{ "w", "Show only write permissions granted", v => _show_write_only = v != null },
{ "f=", String.Format("Filter on a specific file right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileAccessRights)))), v => _file_filter |= ParseRight(v, typeof(FileAccessRights)) },
{ "d=", String.Format("Filter on a specific directory right [{0}]",
String.Join(",", Enum.GetNames(typeof(FileDirectoryAccessRights)))), v => _dir_filter |= ParseRight(v, typeof(FileDirectoryAccessRights)) },
{ "s=", String.Format("Filter on a standard right [{0}]",
String.Join(",", Enum.GetNames(typeof(StandardAccessRights)))), v => standard_filter |= ParseRight(v, typeof(StandardAccessRights)) },
{ "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v.ToLower()) },
{ "q", "Don't print errors", v => _quiet = v != null },
{ "onlydirs", "Only check the permissions of directories", v => _only_dirs = v != null },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
List<string> paths = opts.Parse(args);
if (show_help || (paths.Count == 0))
{
ShowHelp(opts);
}
else
{
_type = ObjectTypeInfo.GetTypeByName("file");
_token = NativeBridge.OpenProcessToken(pid);
_file_filter |= standard_filter;
_dir_filter |= standard_filter;
foreach (string path in paths)
{
if ((File.GetAttributes(path) & FileAttributes.Directory) == FileAttributes.Directory)
{
DumpDirectory(new DirectoryInfo(path));
}
else
{
DumpFile(new FileInfo(path));
}
}
}
}
catch(Exception e)
{
Console.WriteLine(e.Message);
}
}
static void Main(string[] args)
{
bool show_help = false;
int pid = Process.GetCurrentProcess().Id;
OptionSet opts = new OptionSet() {
{ "r", "Recursive tree directory listing",
v => _recursive = v != null },
{ "sddl", "Print full SDDL security descriptors", v => _print_sddl = v != null },
{ "p|pid=", "Specify a PID of a process to impersonate when checking", v => pid = int.Parse(v.Trim()) },
{ "w", "Show only write permissions granted", v => _show_write_only = v != null },
{ "k=", String.Format("Filter on a specific directory right [{0}]",
String.Join(",", Enum.GetNames(typeof(DirectoryAccessRights)))), v => _dir_rights |= ParseRight(v, typeof(DirectoryAccessRights)) },
{ "s=", String.Format("Filter on a standard right [{0}]",
String.Join(",", Enum.GetNames(typeof(StandardAccessRights)))), v => _dir_rights |= ParseRight(v, typeof(StandardAccessRights)) },
{ "x=", "Specify a base path to exclude from recursive search", v => _walked.Add(v.ToLower()) },
{ "t=", "Specify a type of object to include", v => _type_filter.Add(v.ToLower()) },
{ "h|help", "show this message and exit", v => show_help = v != null },
};
List<string> paths = opts.Parse(args);
if (show_help || (paths.Count == 0))
{
ShowHelp(opts);
}
else
{
try
{
_token = NativeBridge.OpenProcessToken(pid);
foreach (string path in paths)
{
ObjectDirectory dir = ObjectNamespace.OpenDirectory(path);
DumpDirectory(dir);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
}
