private void openTokenToolStripMenuItem_Click(object sender, EventArgs e) { TreeNode selectedNode = treeViewProcesses.SelectedNode; if (selectedNode != null) { NtProcess process = selectedNode.Tag as NtProcess; NtHandle handle = selectedNode.Tag as NtHandle; if (process != null) { NtToken token = GetToken(process); if (token != null) { TokenForm.OpenForm(token, true); } } else if (handle != null) { try { TokenForm.OpenForm(NtToken.DuplicateFrom(handle.ProcessId, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource), false); } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } } } }
/// <summary> /// Get the token from the IKEEXT service. /// </summary> /// <param name="throw_on_error">True to throw on error.</param> /// <returns>The token.</returns> public NtResult <NtToken> GetToken(bool throw_on_error) { int pid = ServiceUtils.GetService("IKEEXT", false).GetResultOrDefault()?.ProcessId ?? 0; return(NtToken.DuplicateFrom(pid, new IntPtr(Token), TokenAccessRights.None, DuplicateObjectOptions.SameAccess, throw_on_error)); }
private void btnRefreshHandles_Click(object sender, EventArgs e) { ClearList(listViewHandles); int current_pid = Process.GetCurrentProcess().Id; NtToken.EnableDebugPrivilege(); List <ListViewItem> items = new List <ListViewItem>(); foreach (var group in NtSystemInfo.GetHandles() .Where(h => h.ProcessId != current_pid && h.ObjectType.Equals("token", StringComparison.OrdinalIgnoreCase)) .GroupBy(h => h.ProcessId)) { using (var proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle | ProcessAccessRights.QueryLimitedInformation, false)) { if (!proc.IsSuccess) { continue; } foreach (NtHandle handle in group) { using (var token_result = NtToken.DuplicateFrom(proc.Result, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource, DuplicateObjectOptions.None, false)) { if (!token_result.IsSuccess) { continue; } NtToken token = token_result.Result; ListViewItem item = new ListViewItem(handle.ProcessId.ToString()); item.SubItems.Add(proc.Result.Name); item.SubItems.Add($"0x{handle.Handle:X}"); item.SubItems.Add(token.User.ToString()); item.SubItems.Add(token.IntegrityLevel.ToString()); string restricted = token.Restricted.ToString(); if (token.WriteRestricted) { restricted = "Write"; } item.SubItems.Add(restricted); item.SubItems.Add(token.AppContainer.ToString()); item.SubItems.Add(token.TokenType.ToString()); item.SubItems.Add(token.ImpersonationLevel.ToString()); item.Tag = token.Duplicate(); items.Add(item); } } } } listViewHandles.Items.AddRange(items.ToArray()); ResizeColumns(listViewHandles); }
private void btnRefreshHandles_Click(object sender, EventArgs e) { ClearList(listViewHandles); int current_pid = Process.GetCurrentProcess().Id; NtToken.EnableDebugPrivilege(); List <ListViewItem> items = new List <ListViewItem>(); foreach (var group in NtSystemInfo.GetHandles() .Where(h => h.ProcessId != current_pid && h.ObjectType.Equals("token", StringComparison.OrdinalIgnoreCase)) .GroupBy(h => h.ProcessId)) { try { using (NtProcess proc = NtProcess.Open(group.Key, ProcessAccessRights.DupHandle | ProcessAccessRights.QueryLimitedInformation)) { foreach (NtHandle handle in group) { try { using (NtToken token = NtToken.DuplicateFrom(proc, new IntPtr(handle.Handle), TokenAccessRights.Query | TokenAccessRights.QuerySource)) { ListViewItem item = new ListViewItem(handle.ProcessId.ToString()); item.SubItems.Add(proc.Name); item.SubItems.Add(String.Format("0x{0:X}", handle.Handle)); item.SubItems.Add(token.User.ToString()); item.SubItems.Add(token.IntegrityLevel.ToString()); item.SubItems.Add(token.Restricted.ToString()); item.SubItems.Add(token.AppContainer.ToString()); item.SubItems.Add(token.TokenType.ToString()); item.SubItems.Add(token.ImpersonationLevel.ToString()); item.Tag = token.Duplicate(); items.Add(item); } } catch (NtException) { } } } } catch (NtException) { } } listViewHandles.Items.AddRange(items.ToArray()); ResizeColumns(listViewHandles); }