public Enumerator(Dictionary <int, RegisterStorage> regs, ArmRewriter outer) { this.bytes = outer.rdr.Bytes; ulong addr = outer.rdr.Address.ToLinear(); this.hBytes = GCHandle.Alloc(bytes, GCHandleType.Pinned); this.m = new RtlEmitter(new List <RtlInstruction>()); this.ntf = new NativeTypeFactory(); this.rtlEmitter = new NativeRtlEmitter(m, ntf, outer.host); this.host = new ArmNativeRewriterHost(regs, outer.binder, outer.host, this.ntf, rtlEmitter); this.iRtlEmitter = GetCOMInterface(rtlEmitter, IID_IRtlEmitter); this.iNtf = GetCOMInterface(ntf, IID_INativeTypeFactory); this.iHost = GetCOMInterface(host, IID_INativeRewriterHost); IntPtr unk = CreateNativeRewriter(hBytes.AddrOfPinnedObject(), bytes.Length, (int)outer.rdr.Offset, addr, iRtlEmitter, iNtf, iHost); this.native = (INativeRewriter)Marshal.GetObjectForIUnknown(unk); }
private void permissionsMenuItem_Click(object sender, EventArgs e) { if (listObjects.SelectedItems.Count != 1) { return; } string objectName = this.NormalizePath( treeDirectories.SelectedNode.FullPath + "\\" + listObjects.SelectedItems[0].Text ); SecurityEditor.EditSecurity( this, SecurityEditor.GetSecurableWrapper((access) => NativeUtils.OpenObject((int)access, objectName, 0, null)), objectName, NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType( listObjects.SelectedItems[0].SubItems[1].Text )) ); }
public ArmNativeRewriterHost(Dictionary <int, RegisterStorage> regs, IStorageBinder frame, IRewriterHost host, NativeTypeFactory ntf, NativeRtlEmitter m) { Debug.Assert(regs != null); this.regs = regs; this.coprocregs = new Dictionary <int, RegisterStorage>(); this.frame = frame; this.host = host; this.ntf = ntf; this.m = m; }
public static void ShowHandleProperties(SystemHandleEntry handleInfo) { try { IntPtr handle = new IntPtr(handleInfo.Handle); ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle); GenericHandle dupHandle = null; // Try to get a handle, since we need one for security editing. try { dupHandle = new GenericHandle(phandle, handle, 0); } catch { } PropSheetHeader64 header = new PropSheetHeader64 { dwSize = (uint)PropSheetHeader64.SizeOf, nPages = 2, dwFlags = (uint)PropSheetFlags.PSH_DEFAULT, pszCaption = "Handle Properties" }; using (HandleDetails hw = new HandleDetails()) { hw.ObjectHandle = handleInfo; hw.HandlePropertiesCallback += (control, name, typeName) => { switch (typeName.ToLowerInvariant()) { // Objects with separate property windows: case "file": case "job": case "key": case "token": case "process": { Button b = new Button { FlatStyle = FlatStyle.System, Text = "Properties" }; b.Click += (sender, e) => { try { switch (typeName.ToLowerInvariant()) { case "file": { FileUtils.ShowProperties(name); } break; case "job": { dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query); (new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog(); } break; case "key": { try { PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name); } catch (Exception ex) { PhUtils.ShowException("Unable to open the Registry Editor", ex); } } break; case "token": { using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle))) { twindow.ShowDialog(); } } break; case "process": { dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess); int pid = ProcessHandle.FromHandle(dupHandle).ProcessId; Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow); } break; } } catch (Exception ex) { PhUtils.ShowException("Unable to show object properties", ex); } }; control.Controls.Add(b); } break; case "event": { dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState); var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle)); control.Controls.Add(eventProps); } break; case "eventpair": { dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All); var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle)); control.Controls.Add(eventPairProps); } break; case "mutant": { dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState); var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle)); control.Controls.Add(mutantProps); } break; case "section": { dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query); var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle)); control.Controls.Add(sectionProps); } break; case "semaphore": { dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState); var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle)); control.Controls.Add(semaphoreProps); } break; case "timer": { dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState); var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle)); control.Controls.Add(timerProps); } break; case "tmrm": { dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation); var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle)); control.Controls.Add(tmRmProps); } break; case "tmtm": { dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation); var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle)); control.Controls.Add(tmTmProps); } break; } }; hw.Init(); IntPtr[] pages = new IntPtr[2]; pages[0] = hw.CreatePageHandle(); pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2( null, SecurityEditor.GetSecurableWrapper(dupHandle), hw._name, NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName)) )); GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned); header.phpage = gch.AddrOfPinnedObject(); PropertySheetW(ref header); if (dupHandle != null) { dupHandle.Dispose(); } } } catch (Exception ex) { PhUtils.ShowException("Unable to show handle properties", ex); } }
public static ISecurable GetSecurable(NativeTypeFactory.ObjectType objectType, Func <StandardRights, NativeHandle> openMethod) { return(new GenericSecurableObject(NativeTypeFactory.GetSeObjectType(objectType), openMethod)); }
public void Init() { try { ObjectInformation handleInfo = ObjectHandle.GetHandleInfo(); _name = textName.Text = handleInfo.BestName; if (string.IsNullOrEmpty(textName.Text)) { textName.Text = "(unnamed object)"; } _typeName = textType.Text = handleInfo.TypeName; textAddress.Text = "0x" + ObjectHandle.Object.ToString("x"); textGrantedAccess.Text = "0x" + ObjectHandle.GrantedAccess.ToString("x"); if (ObjectHandle.GrantedAccess != 0) { try { Type accessEnumType = NativeTypeFactory.GetAccessType(handleInfo.TypeName); textGrantedAccess.Text += " (" + NativeTypeFactory.GetAccessString(accessEnumType, ObjectHandle.GrantedAccess) + ")"; } catch (NotSupportedException) { } } ObjectBasicInformation basicInfo = ObjectHandle.GetBasicInfo(); labelReferences.Text = "References: " + (basicInfo.PointerCount - 1); labelHandles.Text = "Handles: " + basicInfo.HandleCount.ToString(); labelPaged.Text = "Paged: " + basicInfo.PagedPoolUsage.ToString(); labelNonPaged.Text = "Non-Paged: " + basicInfo.NonPagedPoolUsage.ToString(); if (HandlePropertiesCallback != null) { try { HandlePropertiesCallback(groupObjectInfo, _name, _typeName); } catch { } if (groupObjectInfo.Controls.Count == 0) { groupObjectInfo.Visible = false; } else if (groupObjectInfo.Controls.Count == 1) { Control control = groupObjectInfo.Controls[0]; // If it's a user control, dock it. if (control is UserControl) { control.Dock = DockStyle.Fill; control.Margin = new Padding(3); } else { control.Location = new System.Drawing.Point(10, 20); } } } } catch (Exception) { } this.ActiveControl = this.label1; }