private SafeHGlobalBuffer GetAttributes(DisposableList <IDisposable> resources) { int count = GetAttributeCount(); if (count == 0) { return(SafeHGlobalBuffer.Null); } var attr_list = resources.AddResource(new SafeProcThreadAttributeListBuffer(count)); if (ParentProcess != null) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeParentProcess, ParentProcess.Handle.DangerousGetHandle()); } if (MitigationOptions2 != ProcessMitigationOptions2.None) { MemoryStream stm = new MemoryStream(); BinaryWriter writer = new BinaryWriter(stm); writer.Write((ulong)MitigationOptions); writer.Write((ulong)MitigationOptions2); attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, stm.ToArray()); } else if (MitigationOptions != ProcessMitigationOptions.None) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, (ulong)MitigationOptions); } if (Win32kFilterFlags != Win32kFilterFlags.None) { Win32kFilterAttribute filter = new Win32kFilterAttribute(); filter.Flags = Win32kFilterFlags; filter.FilterLevel = Win32kFilterLevel; attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeWin32kFilter, resources.AddResource(filter.ToBuffer())); } if ((CreationFlags & CreateProcessFlags.ProtectedProcess) != 0) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeProtectionLevel, (int)ProtectionLevel); } if (InheritHandleList.Count > 0) { int total_size = IntPtr.Size * InheritHandleList.Count; var handle_list = resources.AddResource(new SafeHGlobalBuffer(total_size)); handle_list.WriteArray(0, InheritHandleList.ToArray(), 0, InheritHandleList.Count); attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeHandleList, handle_list); } return(attr_list); }
private SafeHGlobalBuffer GetAttributes(DisposableList <IDisposable> resources) { int count = GetAttributeCount(); if (count == 0) { return(SafeHGlobalBuffer.Null); } var attr_list = resources.AddResource(new SafeProcThreadAttributeListBuffer(count)); if (ParentProcess != null) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeParentProcess, ParentProcess.Handle.DangerousGetHandle()); } if (MitigationOptions2 != ProcessMitigationOptions2.None) { MemoryStream stm = new MemoryStream(); BinaryWriter writer = new BinaryWriter(stm); writer.Write((ulong)MitigationOptions); writer.Write((ulong)MitigationOptions2); attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, stm.ToArray()); } else if (MitigationOptions != ProcessMitigationOptions.None) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeMitigationPolicy, (ulong)MitigationOptions); } if (Win32kFilterFlags != Win32kFilterFlags.None) { Win32kFilterAttribute filter = new Win32kFilterAttribute(); filter.Flags = Win32kFilterFlags; filter.FilterLevel = Win32kFilterLevel; attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeWin32kFilter, resources.AddResource(filter.ToBuffer())); } if ((CreationFlags & CreateProcessFlags.ProtectedProcess) != 0) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeProtectionLevel, (int)ProtectionLevel); } if (InheritHandleList.Count > 0) { int total_size = IntPtr.Size * InheritHandleList.Count; var handle_list = resources.AddResource(new SafeHGlobalBuffer(total_size)); handle_list.WriteArray(0, InheritHandleList.ToArray(), 0, InheritHandleList.Count); attr_list.AddAttributeBuffer(ProcessAttributes.ProcThreadAttributeHandleList, handle_list); } if (AppContainerSid != null) { SECURITY_CAPABILITIES caps = new SECURITY_CAPABILITIES(); caps.AppContainerSid = resources.AddResource(AppContainerSid.ToSafeBuffer()).DangerousGetHandle(); if (Capabilities.Count > 0) { SidAndAttributes[] cap_sids = new SidAndAttributes[Capabilities.Count]; for (int i = 0; i < Capabilities.Count; ++i) { cap_sids[i] = new SidAndAttributes() { Sid = resources.AddResource(Capabilities[i].ToSafeBuffer()).DangerousGetHandle(), Attributes = GroupAttributes.Enabled }; } SafeHGlobalBuffer cap_buffer = resources.AddResource(new SafeHGlobalBuffer(Marshal.SizeOf(typeof(SidAndAttributes)) * Capabilities.Count)); cap_buffer.WriteArray(0, cap_sids, 0, cap_sids.Length); caps.Capabilities = cap_buffer.DangerousGetHandle(); caps.CapabilityCount = cap_sids.Length; } attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeSecurityCapabilities, caps); } if (LowPrivilegeAppContainer) { attr_list.AddAttribute(ProcessAttributes.ProcThreadAttributeAllApplicationPackagesPolicy, 1); } return(attr_list); }