/// <summary>
/// Revert impersonation back to the current user.
/// </summary>
public void Revert()
{
if (_thread != null)
{
using (_thread)
{
_thread.SetImpersonationToken(null, false);
}
_thread = null;
}
}
internal CreateThreadDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
: base(debug_event, debug)
{
var info = debug_event.StateInfo.CreateThread;
Thread = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread);
var thread = info.NewThread;
ThreadSubSystemKey = thread.SubSystemKey;
ThreadStartAddress = thread.StartAddress.ToInt64();
}
/// <summary>
/// Revert impersonation back to the current user.
/// </summary>
public void Revert()
{
try
{
_thread.SetImpersonationToken(null);
_thread.Dispose();
_thread = null;
}
catch
{
}
}
/// <summary>
/// Revert impersonation back to the current user.
/// </summary>
public void Revert()
{
if (_container)
{
NtThread.DetachContainer(false);
}
else if (!_thread.Handle.IsClosed)
{
using (_thread) {
_thread.SetImpersonationToken(null, false);
}
}
}
internal CreateUserProcessResult(SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info,
SectionImageInformation image_info, ClientId client_id)
{
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.Success.FileHandle, true));
SectionHandle = new NtSection(new SafeKernelObjectHandle(create_info.Success.SectionHandle, true));
ImageInfo = image_info;
ClientId = client_id;
CreateInfo = create_info;
CreateState = ProcessCreateState.Success;
}
/// <summary>
/// Revert impersonation back to the current user.
/// </summary>
public void Revert()
{
if (_thread != null)
{
try
{
_thread.SetImpersonationToken(null);
}
catch
{
}
finally
{
_thread.Dispose();
_thread = null;
}
}
}
internal CreateProcessDebugEvent(DbgUiWaitStatusChange debug_event, NtDebug debug)
: base(debug_event, debug)
{
var info = debug_event.StateInfo.CreateProcess;
Process = info.HandleToProcess == IntPtr.Zero ? null : NtProcess.FromHandle(info.HandleToProcess);
Thread = info.HandleToThread == IntPtr.Zero ? null : NtThread.FromHandle(info.HandleToThread);
var new_proc = info.NewProcess;
ProcessSubSystemKey = new_proc.SubSystemKey;
File = new_proc.FileHandle == IntPtr.Zero ? null : NtFile.FromHandle(new_proc.FileHandle);
BaseOfImage = new_proc.BaseOfImage.ToInt64();
DebugInfoFileOffset = new_proc.DebugInfoFileOffset;
DebugInfoSize = new_proc.DebugInfoSize;
var thread = new_proc.InitialThread;
ThreadSubSystemKey = thread.SubSystemKey;
ThreadStartAddress = thread.StartAddress.ToInt64();
}
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose)
{
Status = status;
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = create_info.Success.FileHandle != IntPtr.Zero ?
NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null;
SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ?
NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null;
OutputFlags = create_info.Success.OutputFlags;
UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative;
UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64;
CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags;
PebAddressNative = (long)create_info.Success.PebAddressNative;
PebAddressWow64 = create_info.Success.PebAddressWow64;
ManifestAddress = (long)create_info.Success.ManifestAddress;
ManifestSize = (int)create_info.Success.ManifestSize;
ImageInfo = image_info;
ClientId = client_id;
DllCharacteristics = image_info.DllCharacteristics;
CreateState = ProcessCreateState.Success;
TerminateOnDispose = terminate_on_dispose;
}
internal ThreadImpersonationContext(NtThread thread)
: this(false) {
_thread = thread;
}
internal ThreadImpersonationContext(NtThread thread)
{
_thread = thread;
}
