/// <include file='doc\AccessControlEntry.uex' path='docs/doc[@for="AccessControlEntry.AccessControlEntry2"]/*' /> /// <devdoc> /// <para>[To be supplied.]</para> /// </devdoc> public AccessControlEntry(Trustee trustee, GenericAccessRights genericAccessRights, StandardAccessRights standardAccessRights, AccessControlEntryType entryType) { this.GenericAccessRights = genericAccessRights; this.StandardAccessRights = standardAccessRights; this.Trustee = trustee; this.EntryType = entryType; }
/// <summary> /// Do an access check between a security descriptor and a token to determine the allowed access. /// </summary> /// <param name="sd">The security descriptor</param> /// <param name="token">The access token.</param> /// <param name="access_rights">The set of access rights to check against</param> /// <param name="generic_mapping">The type specific generic mapping (get from corresponding NtType entry).</param> /// <returns>The allowed access mask as a unsigned integer.</returns> /// <exception cref="NtException">Thrown if an error occurred in the access check.</exception> public static uint GetAllowedAccess(SecurityDescriptor sd, NtToken token, GenericAccessRights access_rights, GenericMapping generic_mapping) { if (sd == null) { throw new ArgumentNullException("sd"); } if (token == null) { throw new ArgumentNullException("token"); } using (var sd_buffer = sd.ToSafeBuffer()) { using (NtToken imp_token = token.DuplicateToken(SecurityImpersonationLevel.Identification)) { uint granted_access; NtStatus result_status; using (var privs = new SafePrivilegeSetBuffer()) { int buffer_length = privs.Length; NtSystemCalls.NtAccessCheck(sd_buffer, imp_token.Handle, (uint)access_rights, ref generic_mapping, privs, ref buffer_length, out granted_access, out result_status).ToNtException(); if (result_status.IsSuccess()) { return(granted_access); } return(0); } } } }
private void btnOpen_Click(object sender, EventArgs e) { if (String.IsNullOrWhiteSpace(txtObjectName.Text)) { MessageBox.Show(this, "Please select a named section", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } else { string name = txtObjectName.Text; try { GenericAccessRights access = GenericAccessRights.GenericRead; if (!checkReadOnly.Checked) { access |= GenericAccessRights.GenericWrite; } ObjectHandle = NtObject.OpenWithType(_typename, name, null, access); ObjectName = name; ReadOnly = checkReadOnly.Checked; DialogResult = DialogResult.OK; Close(); } catch (NtException ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }
public AccessControlEntry(Trustee trustee, GenericAccessRights genericAccessRights, StandardAccessRights standardAccessRights, AccessControlEntryType entryType) { throw new NotImplementedException(); }
static RegistryKey OpenKey(RegistryKey base_key, string path, bool writable = false, bool throw_on_error = true) { IntPtr root_key = base_key != null?base_key.Handle.DangerousGetHandle() : IntPtr.Zero; using (ObjectAttributes KeyName = new ObjectAttributes(path, AttributeFlags.CaseInsensitive | AttributeFlags.OpenLink, root_key)) { SafeRegistryHandle keyHandle; GenericAccessRights desired_access = GenericAccessRights.GenericRead; if (writable) { desired_access |= GenericAccessRights.GenericWrite; } int status = NtOpenKeyEx(out keyHandle, desired_access, KeyName, 0); if (throw_on_error) { StatusToNtException(status); } if (status == 0) { return(RegistryKey.FromHandle(keyHandle)); } return(null); } }
static extern int NtCreateKey( out IntPtr KeyHandle, GenericAccessRights DesiredAccess, [In] ObjectAttributes ObjectAttributes, int TitleIndex, [In] UnicodeString Class, KeyCreateOptions CreateOptions, out int Disposition);
public static extern int NtDuplicateToken( IntPtr ExistingTokenHandle, GenericAccessRights DesiredAccess, ObjectAttributes ObjectAttributes, bool EffectiveOnly, TokenType TokenType, out IntPtr NewTokenHandle );
private static extern IntPtr CreateFileW( string lpFileName, GenericAccessRights dwDesiredAccess, FileShare dwShareMode, IntPtr lpSecurityAttributes, CreationDisposition dwCreationDisposition, FileFlagAttribute dwFlagsAndAttributes, IntPtr hTemplateFile );
public static extern NtStatus NtDuplicateObject( SafeHandle SourceProcessHandle, SafeHandle SourceHandle, SafeHandle TargetProcessHandle, out SafeKernelObjectHandle TargetHandle, GenericAccessRights DesiredAccess, AttributeFlags HandleAttributes, DuplicateObjectOptions Options );
public int return_data_size; // 20 public CmApiOpenKeyData(int device_type, int callback_id, string name, GenericAccessRights desired_access, bool create, int hardware_id, int return_data_size) { this.cbSize = Marshal.SizeOf(this); this.device_type = device_type; this.callback_id = callback_id; this.name = name; this.name_size = (name.Length + 1) * 2; this.desired_access = desired_access; this.create = create ? 1 : 0; this.hardware_id = hardware_id; this.return_data_size = return_data_size; }
private static FileStream CreateFileStream(string name, GenericAccessRights desiredAccess, FileShare shareMode, FileAccess dotNetFileAccess) { SafeFileHandle file = new SafeFileHandle( CreateFileW(name, desiredAccess, shareMode, IntPtr.Zero, CreationDisposition.OpenExisting, FileFlagAttribute.AttributeNormal, IntPtr.Zero), true); if (file.IsInvalid) { return(null); } FileStream fs = new FileStream(file, dotNetFileAccess); return(fs); }
private static SafeFileHandle OpenReparsePoint(string path, bool writeAccess) { using (Process currentProcess = Process.GetCurrentProcess()) { IntPtr tokenHandle = IntPtr.Zero; try { tokenHandle = AdvApi32.OpenProcessToken(currentProcess.Handle, TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query); Luid luid = AdvApi32.LookupPrivilegeValue(writeAccess ? PrivilegeName.Restore : PrivilegeName.Backup); var privileges = new TokenPrivileges { PrivilegeCount = 1, Privileges = new [] { new Privilege() { Luid = luid, Attributes = Privilege.EnabledAttribute, } } }; AdvApi32.AdjustTokenPrivileges(tokenHandle, privileges); } finally { if (tokenHandle != IntPtr.Zero) { Kernel32.CloseHandle(tokenHandle); } } } GenericAccessRights access = GenericAccessRights.Read; if (writeAccess) { access |= GenericAccessRights.Write; } SafeFileHandle handle = Kernel32.CreateFile(path, access, FileShare.None, FileMode.Open, FileAttributes.Normal, FileFlags.OpenReparsePoint | FileFlags.BackupSemantics); return(handle); }
/// <summary> /// Add an access allowed ACE to the DACL /// </summary> /// <param name="mask">The access mask</param> /// <param name="sid">The SID in SDDL form</param> public void AddAccessAllowedAce(GenericAccessRights mask, string sid) { AddAccessAllowedAceInternal((uint)mask, AceFlags.None, sid); }
public AccessControlEntry(Trustee trustee, GenericAccessRights genericAccessRights, StandardAccessRights standardAccessRights, AccessControlEntryType entryType) {}
/// <summary> /// Add an access allowed ACE to the DACL /// </summary> /// <param name="mask">The access mask</param> /// <param name="flags">The ACE flags</param> /// <param name="sid">The SID in SDDL form</param> public void AddAccessAllowedAce(GenericAccessRights mask, AceFlags flags, string sid) { AddAccessAllowedAce((uint)mask, flags, sid); }
/// <summary> /// Duplicate the internal handle to a new handle. /// </summary> /// <param name="access_rights">The access rights for the new handle</param> /// <returns>The new duplicated handle.</returns> public SafeKernelObjectHandle DuplicateHandle(GenericAccessRights access_rights) { return(DuplicateHandle((uint)access_rights)); }
/// <summary> /// Duplicate the internal handle to a new handle. /// </summary> /// <param name="source_process">The source process for the handle</param> /// <param name="dest_process">The desination process for the handle</param> /// <param name="handle">The handle in the source process to duplicate</param> /// <param name="access_rights">The access rights for the new handle</param> /// <returns>The new duplicated handle.</returns> public static SafeKernelObjectHandle DuplicateHandle(NtProcess source_process, SafeHandle handle, NtProcess dest_process, GenericAccessRights access_rights) { return(DuplicateHandle(source_process, handle, dest_process, access_rights, DuplicateObjectOptions.None)); }
public static extern int NtOpenProcessTokenEx( IntPtr ProcessHandle, GenericAccessRights DesiredAccess, AttributeFlags HandleAttributes, out IntPtr TokenHandle);
private void UpdateTokenData() { UserGroup user = _token.GetUser(); txtUsername.Text = user.GetName(); txtUserSid.Text = user.Sid.ToString(); TokenType tokentype = _token.GetTokenType(); txtTokenType.Text = _token.GetTokenType().ToString(); TokenLibrary.TokenImpersonationLevel implevel = _token.GetImpersonationLevel(); txtImpLevel.Text = implevel.ToString(); txtTokenId.Text = FormatLuid(_token.GetTokenId()); txtModifiedId.Text = FormatLuid(_token.GetModifiedId()); txtAuthId.Text = FormatLuid(_token.GetAuthenticationId()); if (Enum.IsDefined(typeof(TokenLibrary.TokenIntegrityLevel), _token.GetTokenIntegrityLevel())) { comboBoxIL.SelectedItem = _token.GetTokenIntegrityLevel(); comboBoxILForDup.SelectedItem = _token.GetTokenIntegrityLevel(); } else { comboBoxIL.Text = _token.GetTokenIntegrityLevel().ToString(); comboBoxILForDup.Text = _token.GetTokenIntegrityLevel().ToString(); } txtSessionId.Text = _token.GetSessionId().ToString(); txtSourceName.Text = _token.GetSourceName(); txtSourceId.Text = FormatLuid(_token.GetSourceId()); TokenElevationType evtype = _token.GetElevationType(); txtElevationType.Text = evtype.ToString(); txtIsElevated.Text = _token.IsElevated().ToString(); txtOriginLoginId.Text = FormatLuid(_token.GetTokenOriginId()); btnLinkedToken.Enabled = evtype != TokenElevationType.Default; UpdateGroupList(); txtPrimaryGroup.Text = _token.GetPrimaryGroup().GetName(); txtOwner.Text = _token.GetDefaultOwner().GetName(); RawAcl defdacl = _token.GetDefaultDacl(); if (defdacl != null) { foreach (GenericAce ace in defdacl) { KnownAce kace = ace as KnownAce; if (kace != null) { UserGroup group = new UserGroup(kace.SecurityIdentifier, GroupFlags.None); ListViewItem item = new ListViewItem(group.GetName()); uint mask = (uint)(GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite); string maskstr; if (((uint)kace.AccessMask & ~mask) != 0) { maskstr = String.Format("0x{0:X08}", kace.AccessMask); } else { GenericAccessRights generic = (GenericAccessRights)kace.AccessMask; maskstr = generic.ToString(); } item.SubItems.Add(maskstr); item.SubItems.Add(kace.AceFlags.ToString()); item.SubItems.Add(kace.AceType.ToString()); listViewDefDacl.Items.Add(item); } } } else { listViewDefDacl.Items.Add("No Default DACL"); } listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); if (_token.IsRestricted()) { PopulateGroupList(listViewRestrictedSids, _token.GetRestrictedSids()); } else { tabControlMain.TabPages.Remove(tabPageRestricted); } if (_token.IsAppContainer()) { PopulateGroupList(listViewCapabilities, _token.GetCapabilities()); txtACNumber.Text = _token.GetAppContainerNumber().ToString(); txtPackageSid.Text = _token.GetPackageSid().GetName(); } else { tabControlMain.TabPages.Remove(tabPageAppContainer); } txtUIAccess.Text = _token.IsUIAccess().ToString(); txtSandboxInert.Text = _token.IsSandboxInert().ToString(); bool virtAllowed = _token.IsVirtualizationAllowed(); txtVirtualizationAllowed.Text = virtAllowed.ToString(); if (virtAllowed) { txtVirtualizationEnabled.Text = _token.IsVirtualizationEnabled().ToString(); } else { txtVirtualizationEnabled.Text = "N/A"; } txtMandatoryILPolicy.Text = _token.GetIntegrityLevelPolicy().ToString(); UpdatePrivileges(); }
/// <summary> /// Add an access denied ace to the ACL /// </summary> /// <param name="mask">The ACE access mask</param> /// <param name="sid">The ACE SID</param> public void AddAccessDeniedAce(GenericAccessRights mask, Sid sid) { AddAccessDeniedAce(mask, AceFlags.None, sid); }
public static extern int NtLoadKeyEx(ObjectAttributes DestinationName, ObjectAttributes FileName, LoadKeyFlags Flags, IntPtr TrustKeyHandle, IntPtr EventHandle, GenericAccessRights DesiredAccess, out SafeRegistryHandle KeyHandle, int Unused);
/// <summary> /// Add an access denied ACE to the DACL /// </summary> /// <param name="mask">The access mask</param> /// <param name="sid">The SID</param> public void AddAccessDeniedAce(GenericAccessRights mask, Sid sid) { AddAccessDeniedAceInternal((uint)mask, AceFlags.None, sid); }
private void UpdateTokenData() { UserGroup user = _token.User; txtUsername.Text = user.ToString(); txtUserSid.Text = user.Sid.ToString(); TokenType tokentype = _token.TokenType; txtTokenType.Text = _token.TokenType.ToString(); if (_token.TokenType == TokenType.Impersonation) { SecurityImpersonationLevel implevel = _token.ImpersonationLevel; txtImpLevel.Text = implevel.ToString(); } else { txtImpLevel.Text = "N/A"; } txtTokenId.Text = FormatLuid(_token.Id); txtModifiedId.Text = FormatLuid(_token.ModifiedId); txtAuthId.Text = FormatLuid(_token.AuthenticationId); if (Enum.IsDefined(typeof(TokenIntegrityLevel), _token.IntegrityLevel)) { comboBoxIL.SelectedItem = _token.IntegrityLevel; comboBoxILForDup.SelectedItem = _token.IntegrityLevel; } else { comboBoxIL.Text = _token.IntegrityLevel.ToString(); comboBoxILForDup.Text = _token.IntegrityLevel.ToString(); } txtSessionId.Text = _token.SessionId.ToString(); txtSourceName.Text = _token.Source.SourceName; txtSourceId.Text = FormatLuid(_token.Source.SourceIdentifier); TokenElevationType evtype = _token.ElevationType; txtElevationType.Text = evtype.ToString(); txtIsElevated.Text = _token.Elevated.ToString(); txtOriginLoginId.Text = FormatLuid(_token.Origin); btnLinkedToken.Enabled = evtype != TokenElevationType.Default; UpdateGroupList(); txtPrimaryGroup.Text = _token.PrimaryGroup.Name; txtOwner.Text = _token.Owner.Name; Acl defdacl = _token.DefaultDacl; if (!defdacl.NullAcl) { foreach (Ace ace in defdacl) { UserGroup group = new UserGroup(ace.Sid, GroupAttributes.None); ListViewItem item = new ListViewItem(group.ToString()); uint mask = (uint)(GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite); string maskstr; if (((uint)ace.Mask & ~mask) != 0) { maskstr = String.Format("0x{0:X08}", ace.Mask); } else { GenericAccessRights generic = (GenericAccessRights)ace.Mask; maskstr = generic.ToString(); } item.SubItems.Add(maskstr); item.SubItems.Add(ace.AceFlags.ToString()); item.SubItems.Add(ace.AceType.ToString()); listViewDefDacl.Items.Add(item); } } else { listViewDefDacl.Items.Add("No Default DACL"); } listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent); listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); if (_token.Restricted) { PopulateGroupList(listViewRestrictedSids, _token.RestrictedSids); } else { tabControlMain.TabPages.Remove(tabPageRestricted); } if (_token.AppContainer) { PopulateGroupList(listViewCapabilities, _token.Capabilities); txtACNumber.Text = _token.AppContainerNumber.ToString(); txtPackageSid.Text = _token.AppContainerSid.Name; } else { tabControlMain.TabPages.Remove(tabPageAppContainer); } txtUIAccess.Text = _token.UiAccess.ToString(); txtSandboxInert.Text = _token.SandboxInert.ToString(); bool virtAllowed = _token.VirtualizationAllowed; txtVirtualizationAllowed.Text = virtAllowed.ToString(); btnToggleVirtualizationEnabled.Enabled = virtAllowed; if (virtAllowed) { txtVirtualizationEnabled.Text = _token.VirtualizationEnabled.ToString(); } else { txtVirtualizationEnabled.Text = "N/A"; } txtMandatoryILPolicy.Text = _token.MandatoryPolicy.ToString(); txtHandleAccess.Text = _token.GrantedAccess.ToString(); UpdatePrivileges(); UpdateSecurityAttributes(); }
/// <summary> /// Add an access denied ACE to the DACL /// </summary> /// <param name="mask">The access mask</param> /// <param name="flags">The ACE flags</param> /// <param name="sid">The SID in SDDL form</param> public void AddAccessDeniedAce(GenericAccessRights mask, AceFlags flags, string sid) { AddAccessDeniedAceInternal((uint)mask, flags, sid); }
/// <summary> /// Add an access allowed ACE to the DACL /// </summary> /// <param name="mask">The access mask</param> /// <param name="flags">The ACE flags</param> /// <param name="sid">The SID</param> public void AddAccessAllowedAce(GenericAccessRights mask, AceFlags flags, Sid sid) { AddAccessAllowedAceInternal((uint)mask, flags, sid); }
private A UIntToAccess(GenericAccessRights access) { return((A)Enum.ToObject(typeof(A), (uint)access)); }
/// <summary> /// Duplicate the internal handle to a new handle. /// </summary> /// <param name="source_process">The source process for the handle</param> /// <param name="dest_process">The desination process for the handle</param> /// <param name="handle">The handle in the source process to duplicate</param> /// <param name="options">Duplicate handle options</param> /// <param name="access_rights">The access rights for the new handle</param> /// <returns>The new duplicated handle.</returns> public static SafeKernelObjectHandle DuplicateHandle(NtProcess source_process, SafeHandle handle, NtProcess dest_process, GenericAccessRights access_rights, DuplicateObjectOptions options) { SafeKernelObjectHandle new_handle; NtSystemCalls.NtDuplicateObject(source_process.Handle, handle, dest_process.Handle, out new_handle, GenericAccessRights.None, AttributeFlags.None, DuplicateObjectOptions.SameAccess).ToNtException(); return(new_handle); }
public NtObject Open(GenericAccessRights access) { return(NtObject.OpenWithType(TypeName, Name, _root, access)); }
/// <summary> /// Open an NT object with a specified type. /// </summary> /// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param> /// <param name="path">The path to the object to open.</param> /// <param name="root">A root directory to open from.</param> /// <param name="access">Generic access rights to the object.</param> /// <returns>The opened object.</returns> /// <exception cref="NtException">Thrown if an error occurred opening the object.</exception> /// <exception cref="ArgumentException">Thrown if type of resource couldn't be found.</exception> public static NtObject OpenWithType(string typename, string path, NtObject root, GenericAccessRights access) { if (typename == null) { typename = NtDirectory.GetDirectoryEntryType(path, root); if (typename == null) { throw new ArgumentException(String.Format("Can't find type for path {0}", path)); } } switch (typename.ToLower()) { case "device": return(NtFile.Open(path, root, (FileAccessRights)access, FileShareMode.None, FileOpenOptions.None)); case "file": return(NtFile.Open(path, root, (FileAccessRights)access, FileShareMode.Read | FileShareMode.Write | FileShareMode.Delete, FileOpenOptions.None)); case "event": return(NtEvent.Open(path, root, (EventAccessRights)access)); case "directory": return(NtDirectory.Open(path, root, (DirectoryAccessRights)access)); case "symboliclink": return(NtSymbolicLink.Open(path, root, (SymbolicLinkAccessRights)access)); case "mutant": return(NtMutant.Open(path, root, (MutantAccessRights)access)); case "semaphore": return(NtSemaphore.Open(path, root, (SemaphoreAccessRights)access)); case "section": return(NtSection.Open(path, root, (SectionAccessRights)access)); case "job": return(NtJob.Open(path, root, (JobAccessRights)access)); case "key": return(NtKey.Open(path, root, (KeyAccessRights)access)); default: throw new ArgumentException(String.Format("Can't open type {0}", typename)); } }
/// <summary> /// Creates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, and pipe. /// The function returns a handle that can be used to access the file or device for various types of I/O depending on the file or device and the flags and attributes specified. /// </summary> /// <param name="path"> /// The name of the file or device to be created or opened. You may use either forward slashes (/) or backslashes (\) in this name. /// </param> /// <param name="access"> /// The requested access to the file or device, which can be summarized as read, write, both or neither. /// </param> /// <param name="share"> /// The requested sharing mode of the file or device, which can be read, write, both, delete, all of these, or none. /// Access requests to attributes or extended attributes are not affected by this flag. /// </param> /// <param name="mode"> /// An action to take on a file or device that exists or does not exist. /// For devices other than files, this parameter is usually set to FileMode.Open. /// </param> /// <param name="attributes"> /// The file or device attributes. /// </param> /// <param name="flags"> /// The file or device flags. /// </param> /// <returns>If the function succeeds, the return value is an open handle to the specified file, device, named pipe, or mail slot.</returns> public static SafeFileHandle CreateFile(string path, GenericAccessRights access, FileShare share, FileMode mode, FileAttributes attributes, FileFlags flags) { return(CreateFileInternal(path, (uint)access, share, mode, (uint)attributes | (uint)flags)); }
static extern int NtOpenKeyEx( out SafeRegistryHandle KeyHandle, GenericAccessRights DesiredAccess, [In] ObjectAttributes ObjectAttributes, int OpenOptions );
public static extern SafeFileHandle CreateFile(string lpFileName, GenericAccessRights dwDesiredAccess, ShareMode dwShareMode, IntPtr lpSecurityAttributes, CreationDisposition dwCreationDisposition, FlagsAndAttributes dwFlagsAndAttributes, IntPtr hTemplateFile);