internal CreateUserProcessResult(SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info,
SectionImageInformation image_info, ClientId client_id)
{
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.Success.FileHandle, true));
SectionHandle = new NtSection(new SafeKernelObjectHandle(create_info.Success.SectionHandle, true));
ImageInfo = image_info;
ClientId = client_id;
CreateInfo = create_info;
CreateState = ProcessCreateState.Success;
}
/// <summary>
/// Release the internal handle
/// </summary>
/// <returns></returns>
protected override bool ReleaseHandle()
{
bool ret = false;
if (!Process.Handle.IsClosed)
{
using (Process) {
ret = NtSection.Unmap(Process, handle, false).IsSuccess();
}
}
handle = IntPtr.Zero;
return(ret);
}
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
/// <exception cref="ArgumentException">Thrown if type of resource couldn't be found.</exception>
public static NtObject OpenWithType(string typename, string path, NtObject root, GenericAccessRights access)
{
if (typename == null)
{
typename = NtDirectory.GetDirectoryEntryType(path, root);
if (typename == null)
{
throw new ArgumentException(String.Format("Can't find type for path {0}", path));
}
}
switch (typename.ToLower())
{
case "device":
return(NtFile.Open(path, root, (FileAccessRights)access, FileShareMode.None, FileOpenOptions.None));
case "file":
return(NtFile.Open(path, root, (FileAccessRights)access, FileShareMode.Read | FileShareMode.Write | FileShareMode.Delete, FileOpenOptions.None));
case "event":
return(NtEvent.Open(path, root, (EventAccessRights)access));
case "directory":
return(NtDirectory.Open(path, root, (DirectoryAccessRights)access));
case "symboliclink":
return(NtSymbolicLink.Open(path, root, (SymbolicLinkAccessRights)access));
case "mutant":
return(NtMutant.Open(path, root, (MutantAccessRights)access));
case "semaphore":
return(NtSemaphore.Open(path, root, (SemaphoreAccessRights)access));
case "section":
return(NtSection.Open(path, root, (SectionAccessRights)access));
case "job":
return(NtJob.Open(path, root, (JobAccessRights)access));
case "key":
return(NtKey.Open(path, root, (KeyAccessRights)access));
default:
throw new ArgumentException(String.Format("Can't open type {0}", typename));
}
}
internal NtProcessCreateResult(NtStatus status, SafeKernelObjectHandle process_handle, SafeKernelObjectHandle thread_handle,
ProcessCreateInfoData create_info, SectionImageInformation image_info, ClientId client_id, bool terminate_on_dispose)
{
Status = status;
Process = new NtProcess(process_handle);
Thread = new NtThread(thread_handle);
ImageFile = create_info.Success.FileHandle != IntPtr.Zero ?
NtFile.FromHandle(create_info.Success.FileHandle).Duplicate() : null;
SectionHandle = create_info.Success.SectionHandle != IntPtr.Zero ?
NtSection.FromHandle(create_info.Success.SectionHandle).Duplicate() : null;
OutputFlags = create_info.Success.OutputFlags;
UserProcessParametersNative = (long)create_info.Success.UserProcessParametersNative;
UserProcessParametersWow64 = create_info.Success.UserProcessParametersWow64;
CurrentParameterFlags = (int)create_info.Success.CurrentParameterFlags;
PebAddressNative = (long)create_info.Success.PebAddressNative;
PebAddressWow64 = create_info.Success.PebAddressWow64;
ManifestAddress = (long)create_info.Success.ManifestAddress;
ManifestSize = (int)create_info.Success.ManifestSize;
ImageInfo = image_info;
ClientId = client_id;
DllCharacteristics = image_info.DllCharacteristics;
CreateState = ProcessCreateState.Success;
TerminateOnDispose = terminate_on_dispose;
}
protected override sealed NtResult <NtSection> OpenInternal(ObjectAttributes obj_attributes,
SectionAccessRights desired_access, bool throw_on_error)
{
return(NtSection.Open(obj_attributes, desired_access, throw_on_error));
}
/// <summary>
/// Create a new process
/// </summary>
/// <param name="ParentProcess">The parent process</param>
/// <param name="Flags">Creation flags</param>
/// <param name="SectionHandle">Handle to the executable image section</param>
/// <returns>The created process</returns>
public static NtProcess CreateProcessEx(NtProcess ParentProcess, ProcessCreateFlags Flags, NtSection SectionHandle)
{
SafeKernelObjectHandle process;
SafeHandle parent_process = ParentProcess != null ? ParentProcess.Handle : Current.Handle;
SafeHandle section = SectionHandle != null ? SectionHandle.Handle : null;
NtSystemCalls.NtCreateProcessEx(out process, ProcessAccessRights.MaximumAllowed,
new ObjectAttributes(), parent_process, Flags, section, null, null, 0).ToNtException();
return(new NtProcess(process));
}
/// <summary>
/// Create a new process
/// </summary>
/// <param name="SectionHandle">Handle to the executable image section</param>
/// <returns>The created process</returns>
public static NtProcess CreateProcessEx(NtSection SectionHandle)
{
return(CreateProcessEx(null, ProcessCreateFlags.None, SectionHandle));
}
/// <summary>
/// Create a new process
/// </summary>
/// <param name="Flags">Creation flags</param>
/// <param name="SectionHandle">Handle to the executable image section</param>
/// <returns>The created process</returns>
public NtProcess CreateProcessEx(ProcessCreateFlags Flags, NtSection SectionHandle)
{
return(CreateProcessEx(this, Flags, SectionHandle));
}