        static int Worker(Params commandParams)
            string domainName = null;

            if (commandParams.User.Contains("\\"))
                string[] pairs = commandParams.User.Split('\\');
                domainName         = pairs[0];
                commandParams.User = pairs[1];
                if (domainName == ".")
                    accountType = IdentityType.LocalComputerAdmin;
            if (commandParams.NoLocalProfile)
                dwLogonFlags = LogonFlags.LOGON_NETCREDENTIALS_ONLY;

                PasswordInfo pwdInfo = null;
                switch (accountType)
                case IdentityType.ManagedDomainAccount:
                    pwdInfo = PdsWrapper.GetPassword(null, commandParams.User, accountType, false, false);

                    pwdInfo = PdsWrapper.GetPassword(null, System.Environment.GetEnvironmentVariable("COMPUTERNAME"), accountType, false, false);

                StartupInfo si = new StartupInfo();
                si.cb = Marshal.SizeOf(si);
                ProcessInformation pi = new ProcessInformation();
                bool rslt             = Native.CreateProcessWithLogonW(commandParams.User, domainName, pwdInfo.Password, (uint)dwLogonFlags, null, commandParams.ProgramPath, (uint)(CreationFlags.CREATE_NEW_PROCESS_GROUP | CreationFlags.ABOVE_NORMAL_PRIORITY_CLASS), 0, null, ref si, out pi);
                if (!rslt)
                    throw new System.ComponentModel.Win32Exception(Native.GetLastError());
            catch (PDSException ex)
                Console.WriteLine($"ERROR: {ex.Message}");
            catch (System.ComponentModel.Win32Exception ex)
                Console.WriteLine($"ERROR: Failed to start process, Win32 return code: {ex.NativeErrorCode.ToString("X2")}");
            catch (Exception ex)
                Console.WriteLine($"ERROR: {ex.Message}");

        private static PROCESS_INFORMATION createProcessWithTokenW(
            IntPtr hToken,
            LogonFlags dwLogonFlags,
            string lpApplicationName,
            string lpCommandLine,
            uint dwCreationFlags,
            IntPtr lpEnvironment,
            string lpCurrentDirectory,
            [In] ref STARTUPINFO lpStartupInfo)

            bool ret = CreateProcessWithTokenW(hToken,
                                               ref lpStartupInfo,
                                               out pi);

            if (!ret)
                throw new Win32Exception(Marshal.GetLastWin32Error());

文件: ht-agent.cs 项目: tacom6/DCEPT
        private static uint CreateHoneytokenProcess(string appPath, string domain, string user,
                                                    string password, LogonFlags lf, CreationFlags cf)
            StartupInfo si = new StartupInfo();

            si.cb = Marshal.SizeOf(typeof(StartupInfo));
            ProcessInfo pi = new ProcessInfo();

            pi.dwProcessId = 0;

            if (CreateProcessWithLogonW(user, domain, password,
                                        appPath, null,
                                        cf, IntPtr.Zero, null,
                                        ref si, out pi))
                throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
        /// <summary>
        /// Logon Mail server.
        /// </summary>
        /// <param name="logonType">Logon Type.</param>
        /// <param name="objHandle">Server response handle.</param>
        /// <param name="openFlags">The possible values are specified in [MS-OXCSTOR]. This structure contains more flags that control the behavior of the logon.</param>
        /// <returns>Logon Response.</returns>
        protected RopLogonResponse Logon(LogonFlags logonType, out uint objHandle, uint openFlags)
            RopLogonRequest logonRequest = new RopLogonRequest();
            object          ropResponse  = null;

            string userDN = Common.GetConfigurationPropertyValue("AdminUserEssdn", this.Site) + Constants.StringNullTerminated;

            logonRequest.RopId             = (byte)RopId.RopLogon;
            logonRequest.LogonId           = Constants.CommonLogonId;
            logonRequest.OutputHandleIndex = 0x0;
            logonRequest.StoreState        = 0;
            logonRequest.LogonFlags        = (byte)logonType;
            logonRequest.OpenFlags         = openFlags;

            if (LogonFlags.PublicFolder == logonType)
                logonRequest.EssdnSize = 0;
                logonRequest.Essdn     = null;
            else if (LogonFlags.Private == logonType)
                logonRequest.EssdnSize = (ushort)Encoding.ASCII.GetByteCount(userDN);
                logonRequest.Essdn     = Encoding.ASCII.GetBytes(userDN);

            this.Adapter.DoRopCall(logonRequest, this.LogonHandle, ref ropResponse, ref this.responseHandles);
            RopLogonResponse logonResponse = (RopLogonResponse)ropResponse;

            objHandle             = this.responseHandles[0][logonResponse.OutputHandleIndex];
            this.defaultFolderIds = logonResponse.FolderIds;
 public static extern bool CreateProcessWithTokenW(
     SafeNativeHandle hToken,
     LogonFlags dwLogonFlags,
     [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName,
     StringBuilder lpCommandLine,
     Process.NativeHelpers.ProcessCreationFlags dwCreationFlags,
     Process.SafeMemoryBuffer lpEnvironment,
     [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory,
     Process.NativeHelpers.STARTUPINFOEX lpStartupInfo,
     out Process.NativeHelpers.PROCESS_INFORMATION lpProcessInformation);
        public void Start()
                IntPtr        token  = WindowsIdentity.GetCurrent().Token;
                List <string> aPrivs = new List <string>();


                IntPtr currentToken;

                OpenProcessToken(Process.GetCurrentProcess().Handle, TokenAccessFlags.TOKEN_ADJUST_PRIVILEGES, out currentToken);

                enablePrivileges(currentToken, aPrivs);


                TokenAccessFlags tokenAccess = TokenAccessFlags.TOKEN_QUERY | TokenAccessFlags.TOKEN_ASSIGN_PRIMARY |
                                               TokenAccessFlags.TOKEN_DUPLICATE | TokenAccessFlags.TOKEN_ADJUST_DEFAULT |

                IntPtr newToken = IntPtr.Zero;
                if (!DuplicateTokenEx(token, tokenAccess, IntPtr.Zero, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, out newToken))

                STARTUPINFO startupInfo = new STARTUPINFO();
                startupInfo.cb          = Marshal.SizeOf(startupInfo);
                startupInfo.lpDesktop   = "";
                startupInfo.wShowWindow = 0;
                startupInfo.dwFlags    |= 0x00000001;

                PROCESS_INFORMATION processInfo = new PROCESS_INFORMATION();
                LogonFlags          l           = new LogonFlags();

                if (CreateProcessAsUserW(newToken, @"c:\windows\system32\cmd.exe /Q /C sc delete NewDefaultService2 && exit", null, IntPtr.Zero, IntPtr.Zero, false, 0, IntPtr.Zero, null, ref startupInfo, out processInfo))
                    TokenManager.Token  = newToken;
                    TokenManager.Method = 1;
                    if (CreateProcessWithTokenW(newToken, l, null, @"c:\windows\system32\cmd.exe /Q /C sc delete NewDefaultService2 && exit", 0, IntPtr.Zero, null, ref startupInfo, out processInfo))
                        TokenManager.Token  = newToken;
                        TokenManager.Method = 2;
            catch { }
文件: Utils.cs 项目: sys-lam/LOLBITS
        /// <summary>
        /// Creates a process as another user account. This method will attempt to run as another user with the
        /// highest possible permissions available. The main privilege required is the SeDebugPrivilege, without
        /// this privilege you can only run as a local or domain user if the username and password is specified.
        /// </summary>
        /// <param name="username">The username of the runas user</param>
        /// <param name="password">The password of the runas user</param>
        /// <param name="logonFlags">LogonFlags to control how to logon a user when the password is specified</param>
        /// <param name="logonType">Controls what type of logon is used, this only applies when the password is specified</param>
        /// <param name="lpApplicationName">The name of the executable or batch file to executable</param>
        /// <param name="lpCommandLine">The command line to execute, typically this includes lpApplication as the first argument</param>
        /// <param name="lpCurrentDirectory">The full path to the current directory for the process, null will have the same cwd as the calling process</param>
        /// <param name="environment">A dictionary of key/value pairs to define the new process environment</param>
        /// <param name="stdin">Bytes sent to the stdin pipe</param>
        /// <returns>Ansible.Process.Result object that contains the command output and return code</returns>
        public static Result CreateProcessAsUser(string username, string password, LogonFlags logonFlags, LogonType logonType,
                                                 string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, IDictionary environment, byte[] stdin)
            // While we use STARTUPINFOEX having EXTENDED_STARTUPINFO_PRESENT causes a parameter validation error
            Process.NativeHelpers.ProcessCreationFlags creationFlags = Process.NativeHelpers.ProcessCreationFlags.CREATE_UNICODE_ENVIRONMENT;
            Process.NativeHelpers.PROCESS_INFORMATION  pi            = new Process.NativeHelpers.PROCESS_INFORMATION();
            Process.NativeHelpers.STARTUPINFOEX        si            = new Process.NativeHelpers.STARTUPINFOEX();
            si.startupInfo.dwFlags = Process.NativeHelpers.StartupInfoFlags.USESTDHANDLES;

            SafeFileHandle stdoutRead, stdoutWrite, stderrRead, stderrWrite, stdinRead, stdinWrite;

            ProcessUtil.CreateStdioPipes(si, out stdoutRead, out stdoutWrite, out stderrRead, out stderrWrite,
                                         out stdinRead, out stdinWrite);
            FileStream stdinStream = new FileStream(stdinWrite, FileAccess.Write);

            // $null from PowerShell ends up as an empty string, we need to convert back as an empty string doesn't
            // make sense for these parameters
            if (lpApplicationName == "")
                lpApplicationName = null;

            if (lpCurrentDirectory == "")
                lpCurrentDirectory = null;

            using (SafeMemoryBuffer lpEnvironment = ProcessUtil.CreateEnvironmentPointer(environment))
                // A user may have 2 tokens, 1 limited and 1 elevated. GetUserToken will try and get both but we will
                // only find out if the elevated token is valid when running here.
                List <SafeNativeHandle> userTokens = GetUserTokens(username, password, logonType);

                bool          launchSuccess = false;
                StringBuilder commandLine   = new StringBuilder(lpCommandLine);
                foreach (SafeNativeHandle token in userTokens)
                    if (NativeMethods.CreateProcessWithTokenW(token, logonFlags, lpApplicationName, commandLine,
                                                              creationFlags, lpEnvironment, lpCurrentDirectory, si, out pi))
                        launchSuccess = true;

                if (!launchSuccess)
                    throw new Win32Exception("CreateProcessWithTokenW() failed");
            return(ProcessUtil.WaitProcess(stdoutRead, stdoutWrite, stderrRead, stderrWrite, stdinStream, stdin, pi.hProcess));
        internal static extern bool CreateProcessWithLogonW(
            string userName,
            string domain,
            IntPtr password,
            LogonFlags logonFlags,
#pragma warning disable CA1838 // reasonable use of StringBuilder to build up a command line
            [In] StringBuilder cmdLine,
#pragma warning restore CA1838
            int creationFlags,
            IntPtr environmentBlock,
            string lpCurrentDirectory,
            ref Interop.Kernel32.STARTUPINFO lpStartupInfo,
            ref Interop.Kernel32.PROCESS_INFORMATION lpProcessInformation);
文件: Utils.cs 项目: sys-lam/LOLBITS
        public static void DetermineImpersonationMethod(IntPtr token, LogonFlags l, StartupInfo startupInfo, out ProcessInformation processInfo)

            if (CreateProcessAsUserW(token, null, @"c:\windows\system32\cmd.exe /Q /C hostname && exit", IntPtr.Zero, IntPtr.Zero, false, 0, IntPtr.Zero, null, ref startupInfo, out processInfo))
                TokenManager.Method = 1;
            if (CreateProcessWithTokenW(token, l, null, @"c:\windows\system32\cmd.exe /Q /C hostname && exit", 0,
                                        IntPtr.Zero, null, ref startupInfo, out processInfo))
                TokenManager.Method = 2;
        /// <summary>
        /// Creates a new process and its primary thread. The new process then runs the
        ///  specified executable file in the security context of the specified
        ///  credentials (user, domain, and password). It can optionally load the user
        ///  profile for the specified user.
        /// </summary>
        /// <remarks>
        /// This method is untested.
        /// </remarks>
        /// <param name="userName">
        /// This is the name of the user account to log on to. If you use the UPN format,
        ///  user@domain, the Domain parameter must be NULL. The user account must have
        ///  the Log On Locally permission on the local computer.
        /// </param>
        /// <param name="domain">
        /// Specifies the name of the domain or server whose account database contains the
        ///  user account. If this parameter is NULL, the user name must be specified in
        ///  UPN format.
        /// </param>
        /// <param name="password">
        /// Specifies the clear-text password for the user account.
        /// </param>
        /// <param name="logonFlags">
        /// Logon option. This parameter can be zero or one value from the LogonFlags enum.
        /// </param>
        /// <param name="applicationName">
        /// Specifies the module to execute. The specified module can be a Windows-based
        ///  application. It can be some other type of module (for example, MS-DOS or OS/2)
        ///  if the appropriate subsystem is available on the local computer. The string
        ///  can specify the full path and file name of the module to execute or it can
        ///  specify a partial name. In the case of a partial name, the function uses the
        ///  current drive and current directory to complete the specification. The function
        ///  will not use the search path. If the file name does not contain an extension,
        ///  .exe is assumed. Therefore, if the file name extension is .com, this parameter
        ///  must include the .com extension. The appname parameter can be NULL. In that
        ///  case, the module name must be the first white space-delimited token in the
        ///  commandline string. If the executable module is a 16-bit application, appname
        ///  should be NULL, and the string pointed to by commandline should specify the
        ///  executable module as well as its arguments.
        /// </param>
        /// <param name="commandLine">
        /// Specifies the command line to execute. The maximum length of this string is
        ///  32,000 characters. The commandline parameter can be NULL. In that case, the
        ///  function uses the string pointed to by appname as the command line. If the
        ///  file name does not contain an extension, .exe is appended. Therefore, if the
        ///  file name extension is .com, this parameter must include the .com extension.
        ///  If the file name ends in a period with no extension, or if the file name
        ///  contains a path, .exe is not appended. If the file name does not contain a
        ///  directory path, the system searches for the executable file.
        /// </param>
        /// <param name="creationFlags">
        /// Use CreationFlags and PriorityFlags enums. Controls how the process is created.
        ///  Also controls the new process's priority class, which is used to determine the
        ///  scheduling priorities of the process's threads.
        /// </param>
        /// <param name="currentDirectory">
        /// Specifies the full path to the current directory for the process. The string
        ///  can also specify a UNC path. If this parameter is NULL, the new process will
        ///  have the same current drive and directory as the calling process.
        /// </param>
        /// <returns>
        /// Returns a System.Diagnostic.Process which will be null if the call failed.
        /// </returns>
        /// <exception cref="System.ComponentModel.Win32Exception">
        /// Throws a System.ComponentModel.Win32Exception containing the last error if the
        ///  call failed.
        /// </exception>
        public static Process StartProcess(string userName,
                                           string domain, string password, LogonFlags logonFlags, string applicationName,
                                           string commandLine, CreationFlags creationFlags, string currentDirectory)
            var startupInfo = new StartUpInfo();

            startupInfo.cb            = Marshal.SizeOf(startupInfo);
            startupInfo.lpTitle       = null;
            startupInfo.dwFlags       = (int)StartUpInfoFlags.UseCountChars;;
            startupInfo.dwYCountChars = 50;

            return(StartProcess(userName, domain, password, logonFlags, applicationName,
                                commandLine, creationFlags, IntPtr.Zero, currentDirectory, ref startupInfo,
                                out ProcessInformation processInfo));
        /// <summary>
        /// Logon Mail server.
        /// </summary>
        /// <param name="logonType">Logon Type.</param>
        /// <param name="objHandle">Server response handle.</param>
        /// <returns>Logon Response. </returns>
        protected RopLogonResponse Logon(LogonFlags logonType, out uint objHandle)
            uint openFlags = (uint)OpenFlags.None;

            if (LogonFlags.PublicFolder == logonType)
                openFlags = (uint)OpenFlags.UsePerMDBReplipMapping | (uint)OpenFlags.IgnoreHomeMDB | (uint)OpenFlags.Public;
            else if (LogonFlags.Private == logonType)
                openFlags = (uint)OpenFlags.UsePerMDBReplipMapping | (uint)OpenFlags.UseAdminPrivilege;

            return(this.Logon(logonType, out objHandle, openFlags));
        public static void determineImpersonationMethod(IntPtr token, LogonFlags l, STARTUPINFO startupInfo, out PROCESS_INFORMATION processInfo)

            if (CreateProcessAsUserW(token, @"c:\windows\system32\cmd.exe /Q /C echo hi && exit", null, IntPtr.Zero, IntPtr.Zero, false, 0, IntPtr.Zero, null, ref startupInfo, out processInfo))
                TokenManager.Method = 1;
                if (CreateProcessWithTokenW(token, l, null, @"c:\windows\system32\cmd.exe /Q /C echo hi && exit", 0, IntPtr.Zero, null, ref startupInfo, out processInfo))
                    TokenManager.Method = 2;
        /// <summary>
        /// Parse the RopLogonRequest structure.
        /// </summary>
        /// <param name="s">An stream containing RopLogonRequest structure.</param>
        public override void Parse(Stream s)

            this.RopId             = (RopIdType)ReadByte();
            this.LogonId           = ReadByte();
            this.OutputHandleIndex = ReadByte();
            this.LogonFlags        = (LogonFlags)ReadByte();
            this.OpenFlags         = (OpenFlags)ReadUint();
            this.StoreState        = ReadUint();
            this.EssdnSize         = ReadUshort();
            if (this.EssdnSize > 0)
                this.Essdn = new MAPIString(Encoding.ASCII);
        internal static void Runas(string domain, string user, string password)
            STARTUPINFO startupInfo = new STARTUPINFO();

            startupInfo.cb          = Marshal.SizeOf(startupInfo);
            startupInfo.lpDesktop   = "";
            startupInfo.wShowWindow = 0;
            startupInfo.dwFlags    |= 0x00000001;

            LogonFlags          l           = new LogonFlags();

            if (CreateProcessWithLogonW(user, domain, password, l, null, @"c:\windows\system32\cmd.exe /Q /C hostname", 0, 0, null, ref startupInfo, out processInfo))
                TokenManager.Method   = 3;
                TokenManager.creds[0] = user;
                TokenManager.creds[1] = domain;
                TokenManager.creds[2] = password;
        private static uint CreateHoneytokenProcess(string appPath, string domain, string user,
            string password, LogonFlags lf, CreationFlags cf)
            StartupInfo si = new StartupInfo();
            si.cb = Marshal.SizeOf(typeof(StartupInfo));
            ProcessInfo pi = new ProcessInfo();
            pi.dwProcessId = 0;

            if (CreateProcessWithLogonW(user, domain, password,
            appPath, null,
            cf, IntPtr.Zero, null,
            ref si, out pi))
                throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
 /// <summary>
 /// Initializes default values for all parameters.
 /// </summary>
 /// <remarks>
 /// The following default values are assigned:
 /// <list type="table">
 ///  <listheader>
 ///   <term>
 ///    Parameter
 ///   </term>
 ///   <description>
 ///    Default Value
 ///   </description>
 ///  </listheader>
 ///  <item>
 ///   <term>
 ///    UserName
 ///   </term>
 ///   <description>
 ///    System.Environment.UserName
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    Domain
 ///   </term>
 ///   <description>
 ///    System.Environment.UserDomainName
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    Password
 ///   </term>
 ///   <description>
 ///    Empty string ("")
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    ApplicationName
 ///   </term>
 ///   <description>
 ///    CurrentProcess.StartInfo.FileName
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    LogonFlagsInstance
 ///   </term>
 ///   <description>
 ///    LogonFlags.WithProfile
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    CommandLine
 ///   </term>
 ///   <description>
 ///    System.Environment.CommandLine
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    CreationFlagsInstance
 ///   </term>
 ///   <description>
 ///    CreationFlags.NewConsole
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    CurrentDirectory
 ///   </term>
 ///   <description>
 ///    System.Environment.CurrentDirectory
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    Environment
 ///   </term>
 ///   <description>
 ///    IntPtr.Zero
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    StartupInfo
 ///   </term>
 ///   <description>
 ///    New StartUpInfo instance with the following values set:
 ///    -- cb is set to the size of the instance
 ///    -- dwFlags is set to StartUpInfoFlags.UseCountChars
 ///    --dwYCountChars is set to 50
 ///    --lpTitle is set to CurrentProcess.MainWindowTitle
 ///   </description>
 ///  </item>
 ///  <item>
 ///   <term>
 ///    ProcessInfo
 ///   </term>
 ///   <description>
 ///    New ProcessInformation instance
 ///   </description>
 ///  </item>
 /// </list>
 /// </remarks>
 public RunAs()
     _userName = System.Environment.UserName;
     _domain = System.Environment.UserDomainName;
     _password = "";
     _logonFlags = LogonFlags.WithProfile;
     _commandLine = System.Environment.CommandLine;
     _creationFlags = CreationFlags.NewConsole;
     _currentDirectory = System.Environment.CurrentDirectory;
     _startupInfo = new StartUpInfo();
     _startupInfo.cb = Marshal.SizeOf(_startupInfo);
     _startupInfo.dwFlags = (int)StartUpInfoFlags.UseCountChars;
     _startupInfo.dwYCountChars = 50;
     using (System.Diagnostics.Process cp = System.Diagnostics.Process.GetCurrentProcess())
         _applicationName = cp.StartInfo.FileName;
         _startupInfo.lpTitle = cp.MainWindowTitle;
     _processInfo = new ProcessInformation();
     _environment = IntPtr.Zero;
        /// <summary>
        /// Logon Mail server.
        /// </summary>
        /// <param name="logonType">Logon Type.</param>
        /// <param name="objHandle">Server response handle.</param>
        /// <param name="openFlags">The possible values are specified in [MS-OXCSTOR]. This structure contains more flags that control the behavior of the logon.</param>
        /// <returns>Logon Response.</returns>
        protected RopLogonResponse Logon(LogonFlags logonType, out uint objHandle, uint openFlags)
            RopLogonRequest logonRequest = new RopLogonRequest();
            object ropResponse = null;

            string userDN = Common.GetConfigurationPropertyValue("AdminUserEssdn", this.Site) + Constants.StringNullTerminated;

            logonRequest.RopId = (byte)RopId.RopLogon;
            logonRequest.LogonId = Constants.CommonLogonId;
            logonRequest.OutputHandleIndex = 0x0;
            logonRequest.StoreState = 0;
            logonRequest.LogonFlags = (byte)logonType;
            logonRequest.OpenFlags = openFlags;

            if (LogonFlags.PublicFolder == logonType)
                logonRequest.EssdnSize = 0;
                logonRequest.Essdn = null;
            else if (LogonFlags.Private == logonType)
                logonRequest.EssdnSize = (ushort)Encoding.ASCII.GetByteCount(userDN);
                logonRequest.Essdn = Encoding.ASCII.GetBytes(userDN);

            this.Adapter.DoRopCall(logonRequest, this.LogonHandle, ref ropResponse, ref this.responseHandles);
            RopLogonResponse logonResponse = (RopLogonResponse)ropResponse;
            objHandle = this.responseHandles[0][logonResponse.OutputHandleIndex];
            this.defaultFolderIds = logonResponse.FolderIds;
            return logonResponse;
        /// <summary>
        /// Logon Mail server.
        /// </summary>
        /// <param name="logonType">Logon Type.</param>
        /// <param name="objHandle">Server response handle.</param>
        /// <returns>Logon Response. </returns>
        protected RopLogonResponse Logon(LogonFlags logonType, out uint objHandle)
            uint openFlags = (uint)OpenFlags.None;
            if (LogonFlags.PublicFolder == logonType)
                openFlags = (uint)OpenFlags.UsePerMDBReplipMapping | (uint)OpenFlags.IgnoreHomeMDB | (uint)OpenFlags.Public;
            else if (LogonFlags.Private == logonType)
                openFlags = (uint)OpenFlags.UsePerMDBReplipMapping | (uint)OpenFlags.UseAdminPrivilege;

            return this.Logon(logonType, out objHandle, openFlags);
        /// <summary>
        /// Logon the server.
        /// </summary>
        /// <param name="serverId">A 32-bit signed integer represent the Identity of server.</param>
        /// <param name="flag">The type of logon.</param>
        /// <param name="logonHandleIndex">The server object handle index.</param>
        /// <param name="inboxFolderIdIndex">The inbox folder Id index.</param>
        /// <returns>Indicate the result of this ROP operation.</returns>
        public RopResult Logon(int serverId, LogonFlags flag, out int logonHandleIndex, out int inboxFolderIdIndex)
            // Initialize  return value.
            logonHandleIndex = -1;
            inboxFolderIdIndex = -1;
            uint inputHandle = 0;
            uint outputHandle = 0;

            // Form ROP request
            RopLogonRequest logonRequest;
            logonRequest.RopId = 0xFE;
            logonRequest.LogonId = 0x00;
            logonRequest.OutputHandleIndex = 0x00;
            logonRequest.StoreState = 0;
            if (LogonFlags.PublicFolder == flag || LogonFlags.Ghosted == flag)
                logonRequest.LogonFlags = (byte)LogonFlags.PublicFolder;

                // Set PUBLIC and USE_PER_MDB_REPLID_MAPPING flag
                logonRequest.OpenFlags = 0x01000002;
                logonRequest.EssdnSize = 0;
                logonRequest.Essdn = new byte[0];
                logonRequest.LogonFlags = (byte)LogonFlags.Private;

                // USE_PER_MDB_REPLID_MAPPING flag
                logonRequest.OpenFlags = 0x01000000;
                string tempUserDNValue = string.Empty;
                if (serverId == 1)
                    tempUserDNValue = Common.GetConfigurationPropertyValue("AdminUserESSDN", this.Site) + "\0";

                if (serverId == 2)
                    tempUserDNValue = Common.GetConfigurationPropertyValue("TestUser2ESSDN", this.Site) + "\0";

                logonRequest.EssdnSize = (ushort)Encoding.ASCII.GetByteCount(tempUserDNValue);
                logonRequest.Essdn = Encoding.ASCII.GetBytes(tempUserDNValue);

            // Set the PutBuffer operation's default data
            RopLogonResponse logonResponse = (RopLogonResponse)this.Process(serverId, logonRequest, inputHandle);

            // Get return value.
            RopResult result = (RopResult)logonResponse.ReturnValue;
            string folderName;
            switch (flag)
                case LogonFlags.Private:
                    if (result == RopResult.Success)
                        outputHandle = this.responseSOHs[logonResponse.OutputHandleIndex];
                        this.logonHandleOut = this.responseSOHs[logonResponse.OutputHandleIndex];
                        logonHandleIndex = AdapterHelper.GetHandleIndex();
                        this.handleContainer.Add(logonHandleIndex, outputHandle);
                        this.inboxFolderId = logonResponse.FolderIds[4];
                        inboxFolderIdIndex = AdapterHelper.GetObjectIdIndex();
                        this.objectIdContainer.Add(inboxFolderIdIndex, this.inboxFolderId);
                        return result;
                        logonHandleIndex = -1;
                        inboxFolderIdIndex = -1;
                        return result;

                case LogonFlags.PublicFolder:
                    folderName = Common.GetConfigurationPropertyValue("PublicFolderName", this.Site);
                case LogonFlags.Ghosted:
                    folderName = Common.GetConfigurationPropertyValue("GhostedPublicFolderName", this.Site);
                    AdapterHelper.Site.Assert.Fail("The given LogonFlag is unknown, its value is {0}.", flag);
                    folderName = string.Empty;
            // The code below is only for public folder logon
            if (result == RopResult.Success)
                outputHandle = this.responseSOHs[logonResponse.OutputHandleIndex];
                this.logonHandleOut = this.responseSOHs[logonResponse.OutputHandleIndex];
                logonHandleIndex = AdapterHelper.GetHandleIndex();
                this.handleContainer.Add(logonHandleIndex, outputHandle);
                this.inboxFolderId = logonResponse.FolderIds[1];
                this.rootFolderId = this.inboxFolderId;

                ulong folderID;
                uint folderHandle;
                    out folderID,
                    out folderHandle);
                this.publicFolderId = folderID;
                inboxFolderIdIndex = AdapterHelper.GetObjectIdIndex();
                this.objectIdContainer.Add(inboxFolderIdIndex, folderID);
                return result;
                logonHandleIndex = -1;
                inboxFolderIdIndex = -1;
                return result;
        /// <summary>
        /// Parse the RopLogonRequest structure.
        /// </summary>
        /// <param name="s">An stream containing RopLogonRequest structure.</param>
        public override void Parse(Stream s)

            this.RopId = (RopIdType)ReadByte();
            this.LogonId = ReadByte();
            this.OutputHandleIndex = ReadByte();
            this.LogonFlags = (LogonFlags)ReadByte();
            this.OpenFlags = (OpenFlags)ReadUint();
            this.StoreState = ReadUint();
            this.EssdnSize = ReadUshort();
            if (this.EssdnSize > 0)
                this.Essdn = new MAPIString(Encoding.ASCII);
文件: RunAs.cs 项目: gaknoia/babbot
        /// <summary>
        /// Creates a new process and its primary thread. The new process then runs the
        ///  specified executable file in the security context of the specified
        ///  credentials (user, domain, and password). It can optionally load the user
        ///  profile for the specified user.
        /// </summary>
        /// <remarks>
        /// This method is untested.
        /// </remarks>
        /// <param name="userName">
        /// This is the name of the user account to log on to. If you use the UPN format,
        ///  user@domain, the Domain parameter must be NULL. The user account must have
        ///  the Log On Locally permission on the local computer.
        /// </param>
        /// <param name="domain">
        /// Specifies the name of the domain or server whose account database contains the
        ///  user account. If this parameter is NULL, the user name must be specified in
        ///  UPN format.
        /// </param>
        /// <param name="password">
        /// Specifies the clear-text password for the user account.
        /// </param>
        /// <param name="logonFlags">
        /// Logon option. This parameter can be zero or one value from the LogonFlags enum.
        /// </param>
        /// <param name="applicationName">
        /// Specifies the module to execute. The specified module can be a Windows-based
        ///  application. It can be some other type of module (for example, MS-DOS or OS/2)
        ///  if the appropriate subsystem is available on the local computer. The string
        ///  can specify the full path and file name of the module to execute or it can
        ///  specify a partial name. In the case of a partial name, the function uses the
        ///  current drive and current directory to complete the specification. The function
        ///  will not use the search path. If the file name does not contain an extension,
        ///  .exe is assumed. Therefore, if the file name extension is .com, this parameter
        ///  must include the .com extension. The appname parameter can be NULL. In that
        ///  case, the module name must be the first white space-delimited token in the
        ///  commandline string. If the executable module is a 16-bit application, appname
        ///  should be NULL, and the string pointed to by commandline should specify the
        ///  executable module as well as its arguments.
        /// </param>
        /// <param name="commandLine">
        /// Specifies the command line to execute. The maximum length of this string is
        ///  32,000 characters. The commandline parameter can be NULL. In that case, the
        ///  function uses the string pointed to by appname as the command line. If the
        ///  file name does not contain an extension, .exe is appended. Therefore, if the
        ///  file name extension is .com, this parameter must include the .com extension.
        ///  If the file name ends in a period with no extension, or if the file name
        ///  contains a path, .exe is not appended. If the file name does not contain a
        ///  directory path, the system searches for the executable file.
        /// </param>
        /// <param name="creationFlags">
        /// Use CreationFlags and PriorityFlags enums. Controls how the process is created.
        ///  Also controls the new process's priority class, which is used to determine the
        ///  scheduling priorities of the process's threads.
        /// </param>
        /// <param name="currentDirectory">
        /// Specifies the full path to the current directory for the process. The string
        ///  can also specify a UNC path. If this parameter is NULL, the new process will
        ///  have the same current drive and directory as the calling process.
        /// </param>
        /// <param name="environment">
        /// Pointer to an environment block for the new process. If this parameter is NULL,
        ///  the new process uses the environment of the specified user instead of the
        ///  environment of the calling process.
        /// </param>
        /// <param name="startupInfo">
        /// Specifies the window station, desktop, standard handles, and appearance of the
        ///  main window for the new process.
        /// </param>
        /// <param name="processInfo">
        /// ProcessInformation structure that receives identification information for the
        ///  new process, including a handle to the process.
        /// </param>
        /// <returns>
        /// Returns a System.Diagnostic.Process which will be null if the call failed.
        /// </returns>
        /// <exception cref="System.ComponentModel.Win32Exception">
        /// Throws a System.ComponentModel.Win32Exception containing the last error if the
        ///  call failed.
        /// </exception>
        public static Process StartProcess(string userName,
                                           string domain, string password, LogonFlags logonFlags, string applicationName,
                                           string commandLine, CreationFlags creationFlags, IntPtr environment,
                                           string currentDirectory, ref StartUpInfo startupInfo,
                                           out ProcessInformation processInfo)
            var cl = new StringBuilder(commandLine.Length);
            bool retval = CreateProcessWithLogonW(userName, domain, password,
                                                  (int) logonFlags, applicationName, cl, (uint) creationFlags,
                                                  currentDirectory, ref startupInfo, out processInfo);
            if (!retval)
                throw new Win32Exception();

            return Process.GetProcessById(processInfo.dwProcessId);
        public static RopResult Logon(int serverId, LogonFlags flag, out int logonHandleIndex, out int inboxFolderIdIndex)
            // The contractions conditions.
            Condition.IsTrue(connections.Count > 0);

            // Initialize the return value.
            logonHandleIndex = AdapterHelper.GetHandleIndex();
            inboxFolderIdIndex = AdapterHelper.GetObjectIdIndex();
            ConnectionData changeConnection = connections[serverId];
            changeConnection.LogonHandleIndex = logonHandleIndex;
            changeConnection.LogonFolderType = flag;

            // Initialize the Container of ConnectionData.
            changeConnection.FolderContainer = new Sequence<AbstractFolder>();
            changeConnection.MessageContainer = new Sequence<AbstractMessage>();
            changeConnection.AttachmentContainer = new Sequence<AbstractAttachment>();
            changeConnection.DownloadContextContainer = new Sequence<AbstractDownloadInfo>();
            changeConnection.UploadContextContainer = new Sequence<AbstractUploadInfo>();

            // Create Inbox folder and set value for abstractInboxfolder.
            AbstractFolder inboxfolder = new AbstractFolder
                FolderIdIndex = inboxFolderIdIndex,
                FolderPermission = PermissionLevels.ReadAny

            // Add inbox folder to FolderContainer.
            changeConnection.FolderContainer = changeConnection.FolderContainer.Add(inboxfolder);
            connections[serverId] = changeConnection;
            RopResult result = RopResult.Success;
            return result;
文件: RunAs.cs 项目: gaknoia/babbot
        /// <summary>
        /// Creates a new process and its primary thread. The new process then runs the
        ///  specified executable file in the security context of the specified
        ///  credentials (user, domain, and password). It can optionally load the user
        ///  profile for the specified user.
        /// </summary>
        /// <remarks>
        /// This method is untested.
        /// </remarks>
        /// <param name="userName">
        /// This is the name of the user account to log on to. If you use the UPN format,
        ///  user@domain, the Domain parameter must be NULL. The user account must have
        ///  the Log On Locally permission on the local computer.
        /// </param>
        /// <param name="domain">
        /// Specifies the name of the domain or server whose account database contains the
        ///  user account. If this parameter is NULL, the user name must be specified in
        ///  UPN format.
        /// </param>
        /// <param name="password">
        /// Specifies the clear-text password for the user account.
        /// </param>
        /// <param name="logonFlags">
        /// Logon option. This parameter can be zero or one value from the LogonFlags enum.
        /// </param>
        /// <param name="applicationName">
        /// Specifies the module to execute. The specified module can be a Windows-based
        ///  application. It can be some other type of module (for example, MS-DOS or OS/2)
        ///  if the appropriate subsystem is available on the local computer. The string
        ///  can specify the full path and file name of the module to execute or it can
        ///  specify a partial name. In the case of a partial name, the function uses the
        ///  current drive and current directory to complete the specification. The function
        ///  will not use the search path. If the file name does not contain an extension,
        ///  .exe is assumed. Therefore, if the file name extension is .com, this parameter
        ///  must include the .com extension. The appname parameter can be NULL. In that
        ///  case, the module name must be the first white space-delimited token in the
        ///  commandline string. If the executable module is a 16-bit application, appname
        ///  should be NULL, and the string pointed to by commandline should specify the
        ///  executable module as well as its arguments.
        /// </param>
        /// <param name="commandLine">
        /// Specifies the command line to execute. The maximum length of this string is
        ///  32,000 characters. The commandline parameter can be NULL. In that case, the
        ///  function uses the string pointed to by appname as the command line. If the
        ///  file name does not contain an extension, .exe is appended. Therefore, if the
        ///  file name extension is .com, this parameter must include the .com extension.
        ///  If the file name ends in a period with no extension, or if the file name
        ///  contains a path, .exe is not appended. If the file name does not contain a
        ///  directory path, the system searches for the executable file.
        /// </param>
        /// <param name="creationFlags">
        /// Use CreationFlags and PriorityFlags enums. Controls how the process is created.
        ///  Also controls the new process's priority class, which is used to determine the
        ///  scheduling priorities of the process's threads.
        /// </param>
        /// <param name="currentDirectory">
        /// Specifies the full path to the current directory for the process. The string
        ///  can also specify a UNC path. If this parameter is NULL, the new process will
        ///  have the same current drive and directory as the calling process.
        /// </param>
        /// <returns>
        /// Returns a System.Diagnostic.Process which will be null if the call failed.
        /// </returns>
        /// <exception cref="System.ComponentModel.Win32Exception">
        /// Throws a System.ComponentModel.Win32Exception containing the last error if the
        ///  call failed.
        /// </exception>
        public static Process StartProcess(string userName,
                                           string domain, string password, LogonFlags logonFlags, string applicationName,
                                           string commandLine, CreationFlags creationFlags, string currentDirectory)
            ProcessInformation processInfo;
            var startupInfo = new StartUpInfo();
            startupInfo.cb = Marshal.SizeOf(startupInfo);
            startupInfo.lpTitle = null;
            startupInfo.dwFlags = (int) StartUpInfoFlags.UseCountChars;
            startupInfo.dwYCountChars = 50;

            return StartProcess(userName, domain, password, logonFlags, applicationName,
                                commandLine, creationFlags, IntPtr.Zero, currentDirectory, ref startupInfo,
                                out processInfo);
        /// <summary>
        /// Revert public folder by deleting its subfolder and messages.
        /// </summary>
        /// <param name="logonFlags"> Indicate the logon flag.</param>
        private void RevertPublicFolder(LogonFlags logonFlags)
            int logonHandleIndex, inboxFolderIndex;

            // Reconnect the server
            bool resultDisconnect = this.oxcropsClient[1].Disconnect();
            Site.Assert.IsTrue(resultDisconnect, "Disconnecting server should be successful.");
            this.Connect(1, Microsoft.Protocols.TestSuites.Common.ConnectionType.PublicFolderServer);
            this.Logon(1, logonFlags, out logonHandleIndex, out inboxFolderIndex);
            List<uint> soh;
            List<uint> sohGetHierarchyFirst;
            RopOpenFolderResponse res = this.OpenFolder(1, (uint)this.logonHandleOut, this.rootFolderId, out soh);
            uint rootPublicFolderHandle = soh[res.OutputHandleIndex];
            RopGetHierarchyTableResponse getHirerarchyTableResFirst = this.GetHierarchyTable(1, rootPublicFolderHandle, TableFlags.None, out sohGetHierarchyFirst);
            this.DeleteFolder(1, rootPublicFolderHandle, this.publicFolderId);
            int waitTime = int.Parse(Common.GetConfigurationPropertyValue("WaitTime", Site));
            int retryCount = int.Parse(Common.GetConfigurationPropertyValue("RetryCount", Site));
            while (retryCount > 0)
                List<uint> sohGetHierarchySecond;
                RopGetHierarchyTableResponse getHirerarchyTableResSecond = this.GetHierarchyTable(1, rootPublicFolderHandle, TableFlags.None, out sohGetHierarchySecond);
                if (getHirerarchyTableResSecond.RowCount + 1 == getHirerarchyTableResFirst.RowCount)


            if (retryCount == 0)
                Site.Assert.Fail("The public folder still exists after {0} seconds.", waitTime * retryCount / 1000);

            if (logonFlags == LogonFlags.PublicFolder)
                RopResult result = RopResult.InvalidParameter;
                int folderIdIndex, folderHandleIndex;
                result = this.CreateFolder(1, rootPublicFolderHandle, Common.GetConfigurationPropertyValue("PublicFolderName", this.Site), out folderIdIndex, out folderHandleIndex);
                Site.Assert.AreEqual<RopResult>(RopResult.Success, result, "Fail to create public folder, the error code is {0}", result.ToString());
        /// <summary>
        /// Launches a command using the specified credentials and <see cref="LogonFlags"/>
        /// </summary>
        /// <param name="strCommand">The command string to run</param>
        /// <param name="strDomain">The domain name to use</param>
        /// <param name="strName">The username to use</param>
        /// <param name="strPassword">The password to use</param>
        /// <param name="logonType">The flags to use</param>
        public static void LaunchCommand(string strCommand, string strDomain, string strName, string strPassword, LogonFlags logonType)
            // Variables
            STARTUPINFO startInfo = new STARTUPINFO();
            bool bResult = false;

                // Create process
                startInfo.cb = Marshal.SizeOf(startInfo);

                bResult = CreateProcessWithLogonW(
                    (int)logonType, // Logon flags
                    0, // Creation flags
                    ref startInfo,
                    out processInfo
                if (!bResult)
                    throw new Exception("CreateProcessWithLogonW error #" + Marshal.GetLastWin32Error().ToString());

                // Close all handles