internal static extern bool CreateAppContainerToken(
SafeKernelObjectHandle TokenHandle,
ref SECURITY_CAPABILITIES SecurityCapabilities,
out SafeKernelObjectHandle AppContainerTokenHandle);
static extern bool WTSQueryUserToken(int SessionId, out SafeKernelObjectHandle phToken);
internal static extern NtStatus GetAppContainerRegistryLocation(
KeyAccessRights desiredAccess,
out SafeKernelObjectHandle phAppContainerKey
);
static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
int dwLogonProvider, out SafeKernelObjectHandle phToken);
internal NtMailslotFile(SafeKernelObjectHandle handle, IoStatus io_status)
: base(handle, io_status)
{
}
static extern bool CreateProcessAsUser( SafeKernelObjectHandle hToken, string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, CreateProcessFlags dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
public static SafeKernelObjectHandle DuplicateToken(SafeKernelObjectHandle existing_token)
{
IntPtr new_token;
using (ObjectAttributes obja = new ObjectAttributes(null))
{
StatusToNtException(NtDuplicateToken(existing_token.DangerousGetHandle(),
GenericAccessRights.MaximumAllowed, obja, false, TokenType.Primary, out new_token));
return new SafeKernelObjectHandle(new_token, true);
}
}
public static extern NtStatus NtAlpcImpersonateClientContainerOfPort(
[In] SafeKernelObjectHandle PortHandle,
[In] AlpcPortMessage PortMessage,
AlpcImpersonateClientContainerOfPortFlags Flags
);
public static extern NtStatus NtAlpcCreateSecurityContext(
SafeKernelObjectHandle PortHandle,
AlpcCreateSecurityContextFlags Flags,
ref AlpcSecurityAttr SecurityAttribute);
public static extern NtStatus NtAlpcDisconnectPort(
[In] SafeKernelObjectHandle PortHandle,
AlpcDisconnectPortFlags Flags
);
public static extern NtStatus NtAlpcSetInformation(
[In] SafeKernelObjectHandle PortHandle,
AlpcPortInformationClass PortInformationClass,
SafeBuffer PortInformation,
int Length);
public static extern NtStatus NtAlpcCreatePort(
out SafeKernelObjectHandle PortHandle,
[In] ObjectAttributes ObjectAttributes,
[In] AlpcPortAttributes PortAttributes
);
public static void SetTokenSessionId(SafeKernelObjectHandle token, int session_id)
{
byte[] buffer = BitConverter.GetBytes(session_id);
NtSetInformationToken(token, TokenInformationClass.TokenSessionId,
buffer, buffer.Length);
}
public static extern int NtSetInformationToken(
SafeKernelObjectHandle TokenHandle,
TokenInformationClass TokenInformationClass,
byte[] TokenInformation,
int TokenInformationLength);
internal static extern bool GetModuleInformation(
SafeKernelObjectHandle hProcess,
IntPtr hModule,
out MODULEINFO lpmodinfo,
int cb
);
public static extern NtStatus NtAlpcRevokeSecurityContext(
SafeKernelObjectHandle PortHandle,
AlpcRevokeSecurityContextFlags Flags,
AlpcHandle ContextHandle
);
internal static extern bool GetClipboardAccessToken(out SafeKernelObjectHandle handle, TokenAccessRights desired_access);
public static extern NtStatus NtAlpcDeletePortSection(
SafeKernelObjectHandle PortHandle,
AlpcDeletePortSectionFlags Flags,
AlpcHandle SectionHandle
);
/// <summary>
/// Constructor
/// </summary>
/// <param name="object_name">The object name, can be null.</param>
/// <param name="attributes">The object attribute flags.</param>
/// <param name="root">An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle.</param>
/// <param name="sqos">An optional security quality of service.</param>
/// <param name="security_descriptor">An optional security descriptor.</param>
public ObjectAttributes(string object_name, AttributeFlags attributes, SafeKernelObjectHandle root,
SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
{
Length = Marshal.SizeOf(this);
if (object_name != null)
{
ObjectName = new UnicodeString(object_name).ToBuffer();
}
else
{
ObjectName = SafeHGlobalBuffer.Null;
}
Attributes = attributes;
if (sqos != null)
{
SecurityQualityOfService = sqos.ToBuffer();
}
else
{
SecurityQualityOfService = SafeHGlobalBuffer.Null;
}
RootDirectory = !root.IsInvalid ? NtObject.DuplicateHandle(root) : SafeKernelObjectHandle.Null;
if (security_descriptor != null)
{
SecurityDescriptor = security_descriptor.ToSafeBuffer();
}
else
{
SecurityDescriptor = SafeHGlobalBuffer.Null;
}
}
public static extern NtStatus NtAlpcCreateResourceReserve(
SafeKernelObjectHandle PortHandle,
AlpcCreateResourceReserveFlags Flags,
IntPtr MessageSize,
out AlpcHandle ResourceId
);
public static SafeKernelObjectHandle OpenProcessToken()
{
IntPtr new_token;
StatusToNtException(NtOpenProcessTokenEx(new IntPtr(-1),
GenericAccessRights.MaximumAllowed, AttributeFlags.None, out new_token));
using (SafeKernelObjectHandle ret = new SafeKernelObjectHandle(new_token, true))
{
return DuplicateToken(ret);
}
}
public static extern NtStatus NtAlpcDeleteResourceReserve(
SafeKernelObjectHandle PortHandle,
AlpcDeleteResourceReserveFlags Flags,
AlpcHandle ResourceId
);
internal static extern SecStatusCode ImportSecurityContext(
string pszPackage,
SecBuffer pPackedContext,
SafeKernelObjectHandle Token,
[Out] SecHandle phContext
);
public static extern NtStatus NtAlpcCreateSectionView(
SafeKernelObjectHandle PortHandle,
AlpcCreateSectionViewFlags Flags,
ref AlpcDataViewAttr ViewAttributes
);
static extern bool SaferComputeTokenFromLevel(IntPtr LevelHandle, SafeHandle InAccessToken,
out SafeKernelObjectHandle OutAccessToken, SaferFlags dwFlags, IntPtr lpReserved);
public static extern NtStatus NtAlpcDeleteSectionView(
SafeKernelObjectHandle PortHandle,
AlpcDeleteSectionViewFlags Flags,
IntPtr ViewBase
);
private static extern bool GetClipboardAccessToken(out SafeKernelObjectHandle handle, TokenAccessRights desired_access);
public static extern NtStatus NtAlpcCancelMessage(
SafeKernelObjectHandle PortHandle,
AlpcCancelMessageFlags Flags,
ref AlpcContextAttr MessageContext
);
internal static extern Win32Error GetPackageFullNameFromToken(
SafeKernelObjectHandle token,
ref int packageFullNameLength,
StringBuilder packageFullName
);
internal NtGeneric(SafeKernelObjectHandle handle) : base(handle)
{
}
internal static extern int GetModuleFileNameEx(
SafeKernelObjectHandle hProcess,
IntPtr hModule,
StringBuilder lpFilename,
int nSize
);
internal static extern bool SaferComputeTokenFromLevel(IntPtr LevelHandle, SafeHandle InAccessToken,
out SafeKernelObjectHandle OutAccessToken, SaferFlags dwFlags, IntPtr lpReserved);
internal static extern bool ImageGetCertificateData(
SafeKernelObjectHandle FileHandle,
int CertificateIndex,
SafeBuffer Certificate,
ref int RequiredLength
);
internal static extern bool WTSQueryUserToken(int SessionId, out SafeKernelObjectHandle phToken);
public static extern NtStatus NtWaitForSingleObject( SafeKernelObjectHandle Handle, bool Alertable, LargeInteger Timeout );
internal static extern int GetFinalPathNameByHandle(SafeKernelObjectHandle hFile, StringBuilder lpszFilePath,
int cchFilePath, Win32PathNameFlags dwFlags);
static extern bool CreateProcessWithTokenW( SafeKernelObjectHandle hToken, int dwLogonFlags, string lpApplicationName, string lpCommandLine, CreateProcessFlags dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
internal static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, SecurityLogonType dwLogonType,
int dwLogonProvider, out SafeKernelObjectHandle phToken);
internal CreateUserProcessResult(SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info,
SectionImageInformation image_info, ClientId client_id)
{
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.Success.FileHandle, true));
SectionHandle = new NtSection(new SafeKernelObjectHandle(create_info.Success.SectionHandle, true));
ImageInfo = image_info;
ClientId = client_id;
CreateInfo = create_info;
CreateState = ProcessCreateState.Success;
}
internal static extern SecStatusCode QuerySecurityContextToken(SecHandle phContext, out SafeKernelObjectHandle Token);
public static extern int NtSetInformationToken(
SafeKernelObjectHandle TokenHandle,
TokenInformationClass TokenInformationClass,
byte[] TokenInformation,
int TokenInformationLength);
internal static extern SecStatusCode ExportSecurityContext(
SecHandle phContext,
SecPkgContextExportFlags fFlags,
[In, Out] SecBuffer pPackedContext,
out SafeKernelObjectHandle pToken
);
public static void SetTokenSessionId(SafeKernelObjectHandle token, int session_id)
{
byte[] buffer = BitConverter.GetBytes(session_id);
NtSetInformationToken(token, TokenInformationClass.TokenSessionId,
buffer, buffer.Length);
}
static extern NtStatus LsaLogonUser(SafeLsaHandle LsaHandle, LsaString OriginName, SecurityLogonType LogonType, uint AuthenticationPackage,
SafeBuffer AuthenticationInformation,
int AuthenticationInformationLength,
IntPtr LocalGroups,
TOKEN_SOURCE SourceContext,
out IntPtr ProfileBuffer,
out int ProfileBufferLength,
out Luid LogonId,
out SafeKernelObjectHandle Token,
out QUOTA_LIMITS Quotas,
out NtStatus SubStatus
);