private void QueryValues() { if (_allow_query) { _allow_query = false; NtToken.EnableDebugPrivilege(); using (var obj = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle), 0, DuplicateObjectOptions.SameAccess, false)) { if (!obj.IsSuccess) { return; } NtType = obj.Result.NtType; if (!_force_file_query && obj.Result.NtTypeName == "File") { using (var file = obj.Result.ToTypedObject() as NtFile) { var device_type = file?.DeviceType ?? FileDeviceType.UNKNOWN; switch (device_type) { case FileDeviceType.DISK: case FileDeviceType.CD_ROM: break; default: return; } } } _handle_valid = true; _name = GetName(obj.Result); _sd = GetSecurityDescriptor(obj.Result); } } }
private string GetName(NtGeneric obj) { if (obj == null) { return(String.Empty); } return(obj.FullPath); }
/// <summary> /// Get handle into the current process /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The handle to the object</returns> public NtResult <NtObject> GetObject(bool throw_on_error) { NtToken.EnableDebugPrivilege(); using (var result = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle), 0, DuplicateObjectOptions.SameAccess | DuplicateObjectOptions.SameAttributes, throw_on_error)) { if (!result.IsSuccess) { return(result.Cast <NtObject>()); } NtGeneric generic = result.Result; // Ensure that we get the actual type from the handle. NtType = generic.NtType; return(generic.ToTypedObject(throw_on_error).Cast <NtObject>()); } }
private SecurityDescriptor GetSecurityDescriptor(NtGeneric obj) { try { if (obj != null) { using (NtGeneric dup = obj.Duplicate(GenericAccessRights.ReadControl)) { return(dup.SecurityDescriptor); } } } catch { } return(null); }
/// <summary> /// Get handle into the current process /// </summary> /// <returns>The handle to the object</returns> public NtObject GetObject() { NtToken.EnableDebugPrivilege(); try { using (NtGeneric generic = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle))) { // Ensure that we get the actual type from the handle. NtType = generic.NtType; return(generic.ToTypedObject()); } } catch { } return(null); }
private SecurityDescriptor GetSecurityDescriptor(NtGeneric obj) { if (obj != null) { using (var dup = obj.Duplicate(GenericAccessRights.ReadControl, false)) { if (!dup.IsSuccess) { return(null); } var sd = dup.Result.GetSecurityDescriptor(SecurityInformation.AllBasic, false); if (!sd.IsSuccess) { return(null); } return(sd.Result); } } return(null); }
private void QueryValues() { if (_allow_query) { _allow_query = false; NtToken.EnableDebugPrivilege(); using (var obj = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle), 0, DuplicateObjectOptions.SameAccess, false)) { if (!obj.IsSuccess) { return; } NtType = obj.Result.NtType; _name = GetName(obj.Result); _sd = GetSecurityDescriptor(obj.Result); } } }
private void QueryValues() { if (_allow_query) { _allow_query = false; try { using (NtGeneric obj = NtGeneric.DuplicateFrom(ProcessId, new IntPtr(Handle))) { // Ensure we get the real type, in case it changed _or_ it was wrong to begin with. ObjectType = obj.NtTypeName; _name = GetName(obj); _sd = GetSecurityDescriptor(obj); } } catch (NtException) { } } }