/// <summary>
/// Causes the thread to impersonate a client thread.
/// </summary>
/// <param name="clientThreadHandle">A handle to a client thread.</param>
/// <param name="impersonationLevel">The impersonation level to request.</param>
public void Impersonate(ThreadHandle clientThreadHandle, SecurityImpersonationLevel impersonationLevel)
{
SecurityQualityOfService securityQos = new SecurityQualityOfService(impersonationLevel, false, false);
Win32.NtImpersonateThread(
this,
clientThreadHandle,
ref securityQos
).ThrowIf();
}
/// <summary>
/// Causes the thread to impersonate a client thread.
/// </summary>
/// <param name="clientThreadHandle">A handle to a client thread.</param>
/// <param name="impersonationLevel">The impersonation level to request.</param>
public void Impersonate(ThreadHandle clientThreadHandle, SecurityImpersonationLevel impersonationLevel)
{
NtStatus status;
SecurityQualityOfService securityQos =
new SecurityQualityOfService(impersonationLevel, false, false);
if ((status = Win32.NtImpersonateThread(this, clientThreadHandle, ref securityQos)) >= NtStatus.Error)
{
Win32.Throw(status);
}
}
/// <summary>
/// Creates a new token handle from a thread.
/// </summary>
/// <param name="handle">The thread handle.</param>
/// <param name="access">The desired access to the token.</param>
/// <param name="openAsSelf">If the thread is currently impersonating, opens the original token.</param>
public TokenHandle(ThreadHandle handle, TokenAccess access, bool openAsSelf)
{
IntPtr h;
if (!Win32.OpenThreadToken(handle, access, openAsSelf, out h))
{
this.MarkAsInvalid();
Win32.Throw();
}
this.Handle = h;
}
/// <summary>
/// Walks the call stack for the thread.
/// </summary>
/// <param name="walkStackCallback">A callback to execute.</param>
/// <param name="architecture">
/// The type of stack walk. On 32-bit systems, this value is ignored.
/// On 64-bit systems, this value can be set to I386 to walk the
/// 32-bit stack.
/// </param>
public void WalkStack(WalkStackDelegate walkStackCallback, OSArch architecture)
{
if (KProcessHacker.Instance != null)
{
// Use KPH to open the parent process.
using (var phandle = this.GetProcess(ProcessAccess.QueryInformation | ProcessAccess.VmRead))
this.WalkStack(phandle, walkStackCallback, architecture);
}
else
{
// We need to duplicate the handle to get QueryInformation access.
using (var dupThreadHandle = this.Duplicate(OSVersion.MinThreadQueryInfoAccess))
using (var phandle = new ProcessHandle(
ThreadHandle.FromHandle(dupThreadHandle).GetBasicInformation().ClientId.ProcessId,
ProcessAccess.QueryInformation | ProcessAccess.VmRead
))
{
this.WalkStack(phandle, walkStackCallback, architecture);
}
}
}
/// <summary>
/// Creates a new token handle from a thread.
/// </summary>
/// <param name="handle">The thread handle.</param>
/// <param name="access">The desired access to the token.</param>
public TokenHandle(ThreadHandle handle, TokenAccess access)
: this(handle, access, false)
{
}
public static TokenHandle OpenSelf(TokenAccess access)
{
return(new TokenHandle(ThreadHandle.GetCurrent(), access, true));
}
public static TokenHandle OpenCurrent(TokenAccess access)
{
return(new TokenHandle(ThreadHandle.GetCurrent(), access, false));
}
/// <summary>
/// Gets the client ID of the current thread.
/// </summary>
/// <returns>A client ID.</returns>
public static ClientId GetCurrentCid()
{
return(new ClientId(ProcessHandle.GetCurrentId(), ThreadHandle.GetCurrentId()));
}