internal static extern bool AccessCheck( [In] byte[] securityDescriptor, [In] SafeCloseHandle clientToken, [In] int desiredAccess, [In] GENERIC_MAPPING genericMapping, out PRIVILEGE_SET privilegeSet, [In, Out] ref uint privilegeSetLength, out uint grantedAccess, out bool accessStatus);
internal static extern bool AccessCheck( SecurityDescriptor securityDescriptor, IntPtr clientToken, int desiredAccess, GENERIC_MAPPING genericMapping, PRIVILEGE_SET privilegeSet, ref int privilegeSetLength, out int grandtedAccess, [MarshalAs(UnmanagedType.Bool)] out bool accessStatus);
public static extern bool AccessCheck( [MarshalAs(UnmanagedType.LPArray)] byte[] pSecurityDescriptor, IntPtr ClientToken, uint DesiredAccess, [In] ref GENERIC_MAPPING GenericMapping, IntPtr PrivilegeSet, ref uint PrivilegeSetLength, out uint GrantedAccess, out bool AccessStatus);
public static List <string> GetInheritedFrom(string path, ObjectSecurity sd, bool isContainer) { var inheritedFrom = new List <string>(); path = Path.GetLongPath(path); uint returnValue = 0; GENERIC_MAPPING genericMap = new GENERIC_MAPPING(); genericMap.GenericRead = (uint)MappedGenericRights.FILE_GENERIC_READ; genericMap.GenericWrite = (uint)MappedGenericRights.FILE_GENERIC_WRITE; genericMap.GenericExecute = (uint)MappedGenericRights.FILE_GENERIC_EXECUTE; genericMap.GenericAll = (uint)MappedGenericRights.FILE_GENERIC_ALL; var sdBytes = sd.GetSecurityDescriptorBinaryForm(); var commonSd = new CommonSecurityDescriptor(isContainer, false, sdBytes, 0); var aclBytes = new byte[commonSd.DiscretionaryAcl.BinaryLength]; commonSd.DiscretionaryAcl.GetBinaryForm(aclBytes, 0); var pInheritInfo = Marshal.AllocHGlobal(commonSd.DiscretionaryAcl.Count * Marshal.SizeOf(typeof(PINHERITED_FROM))); returnValue = GetInheritanceSource( path, ResourceType.FileObject, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, isContainer, IntPtr.Zero, 0, aclBytes, IntPtr.Zero, ref genericMap, pInheritInfo ); if (returnValue != 0) { throw new System.ComponentModel.Win32Exception((int)returnValue); } for (int i = 0; i < commonSd.DiscretionaryAcl.Count; i++) { var inheritInfo = pInheritInfo.ElementAt <PINHERITED_FROM>(i); inheritedFrom.Add( !string.IsNullOrEmpty(inheritInfo.AncestorName) && inheritInfo.AncestorName.StartsWith(@"\\?\") ? inheritInfo.AncestorName.Substring(4) : inheritInfo.AncestorName ); } FreeInheritedFromArray(pInheritInfo, (ushort)commonSd.DiscretionaryAcl.Count, IntPtr.Zero); Marshal.FreeHGlobal(pInheritInfo); return(inheritedFrom); }
public static extern UInt32 GetInheritanceSource( [MarshalAs(UnmanagedType.LPTStr)] string pObjectName, ResourceType ObjectType, SECURITY_INFORMATION SecurityInfo, [MarshalAs(UnmanagedType.Bool)] bool Container, IntPtr pObjectClassGuids, UInt32 GuidCount, byte[] pAcl, IntPtr pfnArray, ref GENERIC_MAPPING pGenericMapping, IntPtr pInheritArray);
public static extern bool AccessCheck ( IntPtr pSecurityDescriptor, IntPtr ClientToken, uint DesiredAccess, ref GENERIC_MAPPING GenericMapping, ref PRIVILEGE_SET PrivilegeSet, ref int PrivilegeSetLength, out uint GrantedAccess, out bool AccessStatus );
public static FileSystemRights GetEffectivePermissions( WindowsIdentity clientIdentity, FileSecurity securityDescriptor) { bool isAccessAllowed = false; byte[] binaryForm = securityDescriptor.GetSecurityDescriptorBinaryForm(); SafeCloseHandle newToken = null; SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false); try { if (IsPrimaryToken(token) && !DuplicateTokenEx( token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, TokenType.TokenImpersonation, out newToken)) { int err = Marshal.GetLastWin32Error(); CloseInvalidOutSafeHandle(newToken); throw new Win32Exception(err, "DuplicateTokenExFailed"); } GENERIC_MAPPING genericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET structPrivilegeSet = new PRIVILEGE_SET(); uint privilegeSetLength = (uint)Marshal.SizeOf(structPrivilegeSet); uint grantedAccess = 0; if (!AccessCheck( binaryForm, newToken ?? token, 0x2000000, genericMapping, out structPrivilegeSet, ref privilegeSetLength, out grantedAccess, out isAccessAllowed)) { throw new Win32Exception(Marshal.GetLastWin32Error(), "AccessCheckFailed"); } return((FileSystemRights)grantedAccess); } finally { if (newToken != null) { newToken.Dispose(); } } }
static extern Boolean AccessCheck( [MarshalAs(UnmanagedType.LPArray)] byte[] pSecurityDescriptor, IntPtr ClientToken, [MarshalAs(UnmanagedType.U4)] TokenAccessLevels accessmask, [In] ref GENERIC_MAPPING GenericMapping, IntPtr PrivilegeSet, ref Int32 PrivilegeSetLength, out uint GrantedAccess, [MarshalAs(UnmanagedType.Bool)] out Boolean AccessStatus);
public static List <string> GetInheritedFrom(string path, byte[] aclBytes, int aceCount, bool isContainer, SECURITY_INFORMATION aclType) { var inheritedFrom = new List <string>(); path = Path.GetLongPath(path); uint returnValue = 0; GENERIC_MAPPING genericMap = new GENERIC_MAPPING(); genericMap.GenericRead = (uint)MappedGenericRights.FILE_GENERIC_READ; genericMap.GenericWrite = (uint)MappedGenericRights.FILE_GENERIC_WRITE; genericMap.GenericExecute = (uint)MappedGenericRights.FILE_GENERIC_EXECUTE; genericMap.GenericAll = (uint)MappedGenericRights.FILE_GENERIC_ALL; var pInheritInfo = Marshal.AllocHGlobal(aceCount * Marshal.SizeOf(typeof(PINHERITED_FROM))); returnValue = GetInheritanceSource( path, ResourceType.FileObject, aclType, isContainer, IntPtr.Zero, 0, aclBytes, IntPtr.Zero, ref genericMap, pInheritInfo ); if (returnValue != 0) { throw new System.ComponentModel.Win32Exception((int)returnValue); } for (int i = 0; i < aceCount; i++) { var inheritInfo = pInheritInfo.ElementAt <PINHERITED_FROM>(i); inheritedFrom.Add( !string.IsNullOrEmpty(inheritInfo.AncestorName) && inheritInfo.AncestorName.StartsWith(@"\\?\") ? inheritInfo.AncestorName.Substring(4) : inheritInfo.AncestorName ); } FreeInheritedFromArray(pInheritInfo, (ushort)aceCount, IntPtr.Zero); Marshal.FreeHGlobal(pInheritInfo); return(inheritedFrom); }
public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes) { var fun = $"{domain}\\{username}"; var pSD = GetSD(fn); var b = GetSecurityDescriptorDacl(pSD, out var daclPresent, out var pAcl, out var defaulted); Assert.That(b, Is.True); Assert.That(daclPresent, Is.True); Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero)); var hardAcl = ((IntPtr)pAcl).ToStructure <ACL>(); var ari = new ACL_REVISION_INFORMATION(); b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation); Assert.That(b, Is.True); Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision)); var asi = new ACL_SIZE_INFORMATION(); b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation); Assert.That(b, Is.True); Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount)); for (var i = 0U; i < asi.AceCount; i++) { b = GetAce(pAcl, i, out var pAce); Assert.That(b, Is.True); var accountSize = 1024; var domainSize = 1024; var outuser = new StringBuilder(accountSize, accountSize); var outdomain = new StringBuilder(domainSize, domainSize); b = LookupAccountSid(null, pAce.GetSid(), outuser, ref accountSize, outdomain, ref domainSize, out _); Assert.That(b, Is.True); TestContext.WriteLine($"Ace{i}: {pAce.GetHeader().AceType}={outdomain}\\{outuser}; {pAce.GetMask()}"); } BuildTrusteeWithName(out var pTrustee, fun); Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, out var accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero); var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS); var ifArray = new SafeInheritedFromArray(hardAcl.AceCount); var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null, 0, pAcl, IntPtr.Zero, map, ifArray); Assert.That(err, Is.EqualTo(0)); TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}"); Assert.That(() => ifArray.Dispose(), Throws.Nothing); }
public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes) { var fun = $"{domain}\\{username}"; var pSD = GetSD(fn); var b = GetSecurityDescriptorDacl(pSD, out bool daclPresent, out IntPtr pAcl, out bool defaulted); Assert.That(b, Is.True); Assert.That(daclPresent, Is.True); Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero)); var hardAcl = pAcl.ToStructure <ACL>(); var ari = new ACL_REVISION_INFORMATION(); b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation); Assert.That(b, Is.True); Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision)); var asi = new ACL_SIZE_INFORMATION(); b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation); Assert.That(b, Is.True); Assert.That(asi.AceCount, Is.GreaterThan(0)); Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount)); b = GetAce(pAcl, 0, out IntPtr pAce); Assert.That(b, Is.True); var accessRights = 0U; var pTrustee = new TRUSTEE(fun); Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, ref accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero); var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS); var ifArray = new SafeInheritedFromArray(hardAcl.AceCount); var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null, 0, pAcl, IntPtr.Zero, ref map, ifArray); Assert.That(err, Is.EqualTo(0)); TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}"); Assert.That(() => ifArray.Dispose(), Throws.Nothing); }
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, ResourceType objectType, SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping) { var objSize = Marshal.SizeOf(typeof(INHERITED_FROM)); var aceCount = GetAceCount(pAcl); using (var pInherit = new SafeCoTaskMemHandle(objSize * (int)aceCount)) { var hr = 0; try { hr = AdvApi32.GetInheritanceSource(objectName, objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, (IntPtr)pInherit); if (hr != 0) { throw new System.ComponentModel.Win32Exception(hr); } return(pInherit.ToIEnum <INHERITED_FROM>((int)aceCount)); } finally { if (hr != 0) { FreeInheritedFromArray((IntPtr)pInherit, (ushort)aceCount, IntPtr.Zero); } } } }
static extern void MapGenericMask([In, MarshalAs(UnmanagedType.U4)] ref TokenAccessLevels AccessMask, [In] ref GENERIC_MAPPING map);
internal static Boolean hasReadAccess(String path) { // Obtain the authenticated user's Identity WindowsIdentity winId = WindowsIdentity.GetCurrent(TokenAccessLevels.Duplicate | TokenAccessLevels.Query); WindowsImpersonationContext ctx = null; Int32 statError = new Int32(); IntPtr dupToken = IntPtr.Zero; try { // Start impersonating //ctx = winId.Impersonate(); works but AccessCheck does not like this Int32 outPtr; //AccessCheck needs a duplicated token! DuplicateToken(winId.Token, TokenImpersonationLevel.Impersonation, out outPtr); dupToken = new IntPtr(outPtr); ctx = WindowsIdentity.Impersonate(dupToken); GENERIC_MAPPING map = new GENERIC_MAPPING(); map.GenericRead = 0x80000000; map.GenericWrite = 0x40000000; map.GenericExecute = 0x20000000; map.GenericAll = 0x10000000; TokenAccessLevels required = TokenAccessLevels.Query | TokenAccessLevels.Read | TokenAccessLevels.AssignPrimary | (TokenAccessLevels)0x00100000; // add synchronization MapGenericMask(ref required, ref map); uint status = new Int32(); Boolean accesStatus = false; // dummy area the size should be 20 we don't do anything with it Int32 sizeps = 20; IntPtr ps = Marshal.AllocCoTaskMem(sizeps); //AccessControlSections.Owner | AccessControlSections.Group MUST be included, //otherwise the descriptor would be seen with ERROR 1338 var ACE = Directory.GetAccessControl(path, AccessControlSections.Access | AccessControlSections.Owner | AccessControlSections.Group); Boolean success = AccessCheck(ACE.GetSecurityDescriptorBinaryForm(), dupToken, required, ref map, ps, ref sizeps, out status, out accesStatus); Marshal.FreeCoTaskMem(ps); if (!success) { statError = Marshal.GetLastWin32Error(); } else { return(accesStatus); } } // Prevent exceptions from propagating catch (Exception ex) { Trace.Write(ex.Message); } finally { // Revert impersonation if (ctx != null) { ctx.Undo(); } CloseHandle(dupToken); } if (statError != 0) { throw new System.ComponentModel.Win32Exception(statError); } return(false); }
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, System.Security.AccessControl.ResourceType objectType, SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping) { var objSize = Marshal.SizeOf(typeof(INHERITED_FROM)); var aceCount = GetAceCount(pAcl); using (var pInherit = new SafeInheritedFromArray((ushort)aceCount)) { AdvApi32.GetInheritanceSource(objectName, (SE_OBJECT_TYPE)objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, pInherit).ThrowIfFailed(); return(pInherit.Results); } }
/// <summary> /// To check if path can be accessed or not /// </summary> /// <param name="path">string value - the patch whose access is being checked</param> /// <returns>true if alllowed else false</returns> public static bool AccessAllowed(string path) { bool accessAllowed = false; int lastError; IntPtr fileSD = IntPtr.Zero; IntPtr token = IntPtr.Zero; try { // Get the size of the security descriptor for the directory. int sdLength = 0; if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, 0, out sdLength)) { lastError = Marshal.GetLastWin32Error(); if (lastError != ERROR_INSUFFICIENT_BUFFER) { return(accessAllowed); } fileSD = Marshal.AllocHGlobal(sdLength); // Get the security descriptor for the directory. if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, sdLength, out sdLength)) { lastError = Marshal.GetLastWin32Error(); return(accessAllowed); } // We will check to see if the user has read/write access. GENERIC_MAPPING genericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET privSet = new PRIVILEGE_SET(); uint grantedAccess = 0; genericMapping.GenericRead = 0x01; genericMapping.GenericWrite = 0x02; genericMapping.GenericExecute = 0; genericMapping.GenericAll = 0x03; uint desiredAccess = 3; privSet.Control = 0; privSet.PrivilegeCount = 0; int privLen = Marshal.SizeOf(privSet); // Impersonate the current user. if (!ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation)) { lastError = Marshal.GetLastWin32Error(); return(accessAllowed); } try { // Get the users token. if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, true, ref token)) { lastError = Marshal.GetLastWin32Error(); return(accessAllowed); } // Check the access for this user. if (!AccessCheck(fileSD, token, desiredAccess, ref genericMapping, ref privSet, ref privLen, ref grantedAccess, ref accessAllowed)) { lastError = Marshal.GetLastWin32Error(); } } finally { RevertToSelf(); } } } finally { if (fileSD != IntPtr.Zero) { Marshal.FreeHGlobal(fileSD); } if (!token.Equals(IntPtr.Zero)) { CloseHandle(token); token = IntPtr.Zero; } } return(accessAllowed); }
public static bool AccessAllowed(string path) { bool accessAllowed = false; int lastError; IntPtr fileSD = IntPtr.Zero; IntPtr token = IntPtr.Zero; try { int sdLength = 0; if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, 0, out sdLength)) { lastError = Marshal.GetLastWin32Error(); if (lastError != ERROR_INSUFFICIENT_BUFFER) { return accessAllowed; } fileSD = Marshal.AllocHGlobal(sdLength); if (!GetFileSecurity(path, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, fileSD, sdLength, out sdLength)) { lastError = Marshal.GetLastWin32Error(); return accessAllowed; } GENERIC_MAPPING genericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET privSet = new PRIVILEGE_SET(); uint grantedAccess = 0; genericMapping.GenericRead = 0x01; genericMapping.GenericWrite = 0x02; genericMapping.GenericExecute = 0; genericMapping.GenericAll = 0x03; uint desiredAccess = 3; privSet.Control = 0; privSet.PrivilegeCount = 0; int privLen = Marshal.SizeOf(privSet); if (!ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation)) { lastError = Marshal.GetLastWin32Error(); return accessAllowed; } try { if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, true, ref token)) { lastError = Marshal.GetLastWin32Error(); return accessAllowed; } if (!AccessCheck(fileSD, token, desiredAccess, ref genericMapping, ref privSet, ref privLen, ref grantedAccess, ref accessAllowed)) { lastError = Marshal.GetLastWin32Error(); } } finally { RevertToSelf(); } } } finally { if (fileSD != IntPtr.Zero) { Marshal.FreeHGlobal(fileSD); } if (!token.Equals(IntPtr.Zero)) { CloseHandle(token); token = IntPtr.Zero; } } return accessAllowed; }
static extern bool AccessCheck(IntPtr pSecurityDescriptor, IntPtr ClientToken, uint DesiredAccess, ref GENERIC_MAPPING GenericMapping, ref PRIVILEGE_SET PrivilegeSet, ref int PrivilegeSetLength, ref uint GrantedAccess, ref bool AccessStatus);
public static extern Win32Error GetInheritanceSource([MarshalAs(UnmanagedType.LPTStr)] string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, [MarshalAs(UnmanagedType.Bool)] bool Container, [In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 5, ArraySubType = UnmanagedType.LPStruct), Optional] Guid[] pObjectClassGuids, uint GuidCount, [In] IntPtr pAcl, [In] IntPtr pfnArray, [In] ref GENERIC_MAPPING pGenericMapping, SafeInheritedFromArray pInheritArray);
internal static Boolean hasReadAccess(String path) { // Obtain the authenticated user's Identity WindowsIdentity winId = WindowsIdentity.GetCurrent(TokenAccessLevels.Duplicate | TokenAccessLevels.Query); WindowsImpersonationContext ctx = null; Int32 statError = new Int32(); IntPtr dupToken = IntPtr.Zero; try { // Start impersonating //ctx = winId.Impersonate(); works but AccessCheck does not like this Int32 outPtr; //AccessCheck needs a duplicated token! DuplicateToken(winId.Token, TokenImpersonationLevel.Impersonation, out outPtr); dupToken = new IntPtr(outPtr); ctx = WindowsIdentity.Impersonate(dupToken); GENERIC_MAPPING map = new GENERIC_MAPPING(); map.GenericRead = 0x80000000; map.GenericWrite = 0x40000000; map.GenericExecute = 0x20000000; map.GenericAll = 0x10000000; TokenAccessLevels required = TokenAccessLevels.Query | TokenAccessLevels.Read | TokenAccessLevels.AssignPrimary | (TokenAccessLevels)0x00100000; // add synchronization MapGenericMask(ref required, ref map); uint status = new Int32(); Boolean accesStatus = false; // dummy area the size should be 20 we don't do anything with it Int32 sizeps = 20; IntPtr ps = Marshal.AllocCoTaskMem(sizeps); //AccessControlSections.Owner | AccessControlSections.Group MUST be included, //otherwise the descriptor would be seen with ERROR 1338 var ACE = Directory.GetAccessControl(path, AccessControlSections.Access | AccessControlSections.Owner | AccessControlSections.Group); Boolean success = AccessCheck(ACE.GetSecurityDescriptorBinaryForm(), dupToken, required, ref map, ps, ref sizeps, out status, out accesStatus); Marshal.FreeCoTaskMem(ps); if (!success) { statError = Marshal.GetLastWin32Error(); } else { return accesStatus; } } // Prevent exceptions from propagating catch (Exception ex) { Trace.Write(ex.Message); } finally { // Revert impersonation if (ctx != null) ctx.Undo(); CloseHandle(dupToken); } if (statError != 0) { throw new System.ComponentModel.Win32Exception(statError); } return false; }
public static extern void MapGenericMask ( ref uint AccessMask, ref GENERIC_MAPPING GenericMapping );