/// <summary> /// Overridden ProcessRecord method. /// </summary> protected override void ProcessRecord() { switch (ParameterSetName) { case "All": WriteObject(NtWindowStation.GetAccessibleWindowStations(Access), true); break; case "FromCurrent": { var winsta = NtWindowStation.Current; if (Access.HasFlag(WindowStationAccessRights.MaximumAllowed)) { WriteObject(winsta); } else { WriteObject(winsta.Duplicate(Access)); } } break; default: base.ProcessRecord(); break; } }
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens) { NtType winsta_type = NtType.GetTypeByType <NtWindowStation>(); AccessMask winsta_access_rights = winsta_type.GenericMapping.MapMask(AccessRights); bool check_winsta = CheckMode == WindowStationCheckMode.WindowStationOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop; bool check_desktop = CheckMode == WindowStationCheckMode.DesktopOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop; using (var winstas = NtWindowStation.GetAccessibleWindowStations().ToDisposableList()) { foreach (var winsta in winstas) { if (check_winsta && winsta.IsAccessGranted(WindowStationAccessRights.ReadControl)) { var sd = winsta.SecurityDescriptor; foreach (TokenEntry token in tokens) { AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, winsta_type.GenericMapping); if (IsAccessGranted(granted_access, winsta_access_rights)) { WriteAccessCheckResult(winsta.FullPath, winsta_type.Name, granted_access, winsta_type.GenericMapping, sd, winsta_type.AccessRightsType, true, token.Information); } } } if (check_desktop && winsta.IsAccessGranted(WindowStationAccessRights.EnumDesktops)) { RunAccessCheckDesktop(tokens, winsta); } } } }
private void RunAccessCheckDesktop(IEnumerable <TokenEntry> tokens, NtWindowStation winsta) { NtType desktop_type = NtType.GetTypeByType <NtDesktop>(); AccessMask desktop_access_rights = desktop_type.GenericMapping.MapMask(DesktopAccessRights); using (var desktops = winsta.GetAccessibleDesktops().ToDisposableList()) { foreach (var desktop in desktops) { if (desktop.IsAccessGranted(DesktopAccessRights.ReadControl)) { var sd = desktop.SecurityDescriptor; foreach (TokenEntry token in tokens) { AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, desktop_type.GenericMapping); if (IsAccessGranted(granted_access, desktop_access_rights)) { WriteAccessCheckResult($"{winsta.FullPath}{desktop.FullPath}", desktop_type.Name, granted_access, desktop_type.GenericMapping, sd, desktop_type.AccessRightsType, true, token.Information); } } } } } }
/// <summary> /// Get the Win32 path for a specified path. /// </summary> /// <param name="path">The path component.</param> /// <returns>The full NT path.</returns> protected override string GetWin32Path(string path) { if (!path.Contains(@"\")) { return($@"{NtWindowStation.Current.FullPath}\{path}"); } return($@"{NtWindowStation.GetWindowStationDirectory()}\{path}"); }
/// <summary> /// Method to create an object from a set of object attributes. /// </summary> /// <param name="obj_attributes">The object attributes to create/open from.</param> /// <returns>The newly created object.</returns> protected override object CreateObject(ObjectAttributes obj_attributes) { return(NtWindowStation.Open(obj_attributes, Access)); }
/// <summary> /// Get the Win32 path for a specified path. /// </summary> /// <param name="path">The path component.</param> /// <returns>The full NT path.</returns> protected override string GetWin32Path(string path) { return($@"{NtWindowStation.GetWindowStationDirectory()}\{path}"); }
/// <summary> /// Method to create an object from a set of object attributes. /// </summary> /// <param name="obj_attributes">The object attributes to create/open from.</param> /// <returns>The newly created object.</returns> protected override object CreateObject(ObjectAttributes obj_attributes) { return(NtWindowStation.Create(obj_attributes, Access, KeyboardLayoutDll ?? "kbdus.dll", LanguageId ?? 0x409, KeyboardLocale ?? 0x4090409)); }