/// <summary>
/// Overridden ProcessRecord method.
/// </summary>
protected override void ProcessRecord()
{
switch (ParameterSetName)
{
case "All":
WriteObject(NtWindowStation.GetAccessibleWindowStations(Access), true);
break;
case "FromCurrent":
{
var winsta = NtWindowStation.Current;
if (Access.HasFlag(WindowStationAccessRights.MaximumAllowed))
{
WriteObject(winsta);
}
else
{
WriteObject(winsta.Duplicate(Access));
}
}
break;
default:
base.ProcessRecord();
break;
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
NtType winsta_type = NtType.GetTypeByType <NtWindowStation>();
AccessMask winsta_access_rights = winsta_type.GenericMapping.MapMask(AccessRights);
bool check_winsta = CheckMode == WindowStationCheckMode.WindowStationOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop;
bool check_desktop = CheckMode == WindowStationCheckMode.DesktopOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop;
using (var winstas = NtWindowStation.GetAccessibleWindowStations().ToDisposableList())
{
foreach (var winsta in winstas)
{
if (check_winsta && winsta.IsAccessGranted(WindowStationAccessRights.ReadControl))
{
var sd = winsta.SecurityDescriptor;
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, winsta_type.GenericMapping);
if (IsAccessGranted(granted_access, winsta_access_rights))
{
WriteAccessCheckResult(winsta.FullPath, winsta_type.Name, granted_access, winsta_type.GenericMapping,
sd, winsta_type.AccessRightsType, true, token.Information);
}
}
}
if (check_desktop && winsta.IsAccessGranted(WindowStationAccessRights.EnumDesktops))
{
RunAccessCheckDesktop(tokens, winsta);
}
}
}
}
private void RunAccessCheckDesktop(IEnumerable <TokenEntry> tokens, NtWindowStation winsta)
{
NtType desktop_type = NtType.GetTypeByType <NtDesktop>();
AccessMask desktop_access_rights = desktop_type.GenericMapping.MapMask(DesktopAccessRights);
using (var desktops = winsta.GetAccessibleDesktops().ToDisposableList())
{
foreach (var desktop in desktops)
{
if (desktop.IsAccessGranted(DesktopAccessRights.ReadControl))
{
var sd = desktop.SecurityDescriptor;
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, desktop_type.GenericMapping);
if (IsAccessGranted(granted_access, desktop_access_rights))
{
WriteAccessCheckResult($"{winsta.FullPath}{desktop.FullPath}", desktop_type.Name, granted_access, desktop_type.GenericMapping,
sd, desktop_type.AccessRightsType, true, token.Information);
}
}
}
}
}
}
/// <summary>
/// Get the Win32 path for a specified path.
/// </summary>
/// <param name="path">The path component.</param>
/// <returns>The full NT path.</returns>
protected override string GetWin32Path(string path)
{
if (!path.Contains(@"\"))
{
return($@"{NtWindowStation.Current.FullPath}\{path}");
}
return($@"{NtWindowStation.GetWindowStationDirectory()}\{path}");
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
return(NtWindowStation.Open(obj_attributes, Access));
}
/// <summary>
/// Get the Win32 path for a specified path.
/// </summary>
/// <param name="path">The path component.</param>
/// <returns>The full NT path.</returns>
protected override string GetWin32Path(string path)
{
return($@"{NtWindowStation.GetWindowStationDirectory()}\{path}");
}
/// <summary>
/// Method to create an object from a set of object attributes.
/// </summary>
/// <param name="obj_attributes">The object attributes to create/open from.</param>
/// <returns>The newly created object.</returns>
protected override object CreateObject(ObjectAttributes obj_attributes)
{
return(NtWindowStation.Create(obj_attributes, Access,
KeyboardLayoutDll ?? "kbdus.dll",
LanguageId ?? 0x409, KeyboardLocale ?? 0x4090409));
}
