apps/linker
1
0
Fork 0
mirror of https://github.com/snltty/linker.git synced 2025-11-01 13:04:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
80581b10086bd8f3c85fd4928ca72056a6761892
linker/cmonitor/server/client/reports/screen/winapis/ADVAPI32.cs
snltty 80581b1008 优化壁纸程序,优化自启动
2023-11-20 16:07:55 +08:00

393 lines
14 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;
namespace cmonitor.server.client.reports.screen.winapis;
public static class ADVAPI32
{
#region Structs
public struct TOKEN_PRIVILEGES
{
public struct LUID
{
public uint LowPart;
public int HighPart;
}
[StructLayout(LayoutKind.Sequential, Pack = 4)]
public struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public uint Attributes;
}
public int PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = ANYSIZE_ARRAY)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
public class USEROBJECTFLAGS
{
public int fInherit = 0;
public int fReserved = 0;
public int dwFlags = 0;
}
[StructLayout(LayoutKind.Sequential)]
public struct SECURITY_ATTRIBUTES
{
public int Length;
public nint lpSecurityDescriptor;
public bool bInheritHandle;
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public nint hProcess;
public nint hThread;
public int dwProcessId;
public int dwThreadId;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct STARTUPINFO
{
public int cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public int dwX;
public int dwY;
public int dwXSize;
public int dwYSize;
public int dwXCountChars;
public int dwYCountChars;
public int dwFillAttribute;
public int dwFlags;
public short wShowWindow;
public short cbReserved2;
public nint lpReserved2;
public nint hStdInput;
public nint hStdOutput;
public nint hStdError;
}
#endregion
#region Enums
public enum TOKEN_INFORMATION_CLASS
{
/// <summary>
    /// The buffer receives a TOKEN_USER structure that contains the user account of the token.
    /// </summary>
TokenUser = 1,
/// <summary>
    /// The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.
    /// </summary>
TokenGroups,
/// <summary>
    /// The buffer receives a TOKEN_PRIVILEGES structure that contains the privileges of the token.
    /// </summary>
TokenPrivileges,
/// <summary>
    /// The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.
    /// </summary>
TokenOwner,
/// <summary>
    /// The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.
    /// </summary>
TokenPrimaryGroup,
/// <summary>
    /// The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.
    /// </summary>
TokenDefaultDacl,
/// <summary>
    /// The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
    /// </summary>
TokenSource,
/// <summary>
    /// The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.
    /// </summary>
TokenType,
/// <summary>
    /// The buffer receives a SECURITY_IMPERSONATION_LEVEL value that indicates the impersonation level of the token. If the access token is not an impersonation token, the function fails.
    /// </summary>
TokenImpersonationLevel,
/// <summary>
    /// The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.
    /// </summary>
TokenStatistics,
/// <summary>
    /// The buffer receives a TOKEN_GROUPS structure that contains the list of restricting SIDs in a restricted token.
    /// </summary>
TokenRestrictedSids,
/// <summary>
    /// The buffer receives a DWORD value that indicates the Terminal Services session identifier that is associated with the token.
    /// </summary>
TokenSessionId,
/// <summary>
    /// The buffer receives a TOKEN_GROUPS_AND_PRIVILEGES structure that contains the user SID, the group accounts, the restricted SIDs, and the authentication ID associated with the token.
    /// </summary>
TokenGroupsAndPrivileges,
/// <summary>
    /// Reserved.
    /// </summary>
TokenSessionReference,
/// <summary>
    /// The buffer receives a DWORD value that is nonzero if the token includes the SANDBOX_INERT flag.
    /// </summary>
TokenSandBoxInert,
/// <summary>
    /// Reserved.
    /// </summary>
TokenAuditPolicy,
/// <summary>
    /// The buffer receives a TOKEN_ORIGIN value.
    /// </summary>
TokenOrigin,
/// <summary>
    /// The buffer receives a TOKEN_ELEVATION_TYPE value that specifies the elevation level of the token.
    /// </summary>
TokenElevationType,
/// <summary>
    /// The buffer receives a TOKEN_LINKED_TOKEN structure that contains a handle to another token that is linked to this token.
    /// </summary>
TokenLinkedToken,
/// <summary>
    /// The buffer receives a TOKEN_ELEVATION structure that specifies whether the token is elevated.
    /// </summary>
TokenElevation,
/// <summary>
    /// The buffer receives a DWORD value that is nonzero if the token has ever been filtered.
    /// </summary>
TokenHasRestrictions,
/// <summary>
    /// The buffer receives a TOKEN_ACCESS_INFORMATION structure that specifies security information contained in the token.
    /// </summary>
TokenAccessInformation,
/// <summary>
    /// The buffer receives a DWORD value that is nonzero if virtualization is allowed for the token.
    /// </summary>
TokenVirtualizationAllowed,
/// <summary>
    /// The buffer receives a DWORD value that is nonzero if virtualization is enabled for the token.
    /// </summary>
TokenVirtualizationEnabled,
/// <summary>
    /// The buffer receives a TOKEN_MANDATORY_LABEL structure that specifies the token's integrity level.
    /// </summary>
TokenIntegrityLevel,
/// <summary>
    /// The buffer receives a DWORD value that is nonzero if the token has the UIAccess flag set.
    /// </summary>
TokenUIAccess,
/// <summary>
    /// The buffer receives a TOKEN_MANDATORY_POLICY structure that specifies the token's mandatory integrity policy.
    /// </summary>
TokenMandatoryPolicy,
/// <summary>
    /// The buffer receives the token's logon security identifier (SID).
    /// </summary>
TokenLogonSid,
/// <summary>
    /// The maximum value for this enumeration
    /// </summary>
MaxTokenInfoClass
}
public enum LOGON_TYPE
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK,
LOGON32_LOGON_BATCH,
LOGON32_LOGON_SERVICE,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT,
LOGON32_LOGON_NEW_CREDENTIALS
}
public enum LOGON_PROVIDER
{
LOGON32_PROVIDER_DEFAULT,
LOGON32_PROVIDER_WINNT35,
LOGON32_PROVIDER_WINNT40,
LOGON32_PROVIDER_WINNT50
}
[Flags]
public enum CreateProcessFlags
{
CREATE_BREAKAWAY_FROM_JOB = 0x01000000,
CREATE_DEFAULT_ERROR_MODE = 0x04000000,
CREATE_NEW_CONSOLE = 0x00000010,
CREATE_NEW_PROCESS_GROUP = 0x00000200,
CREATE_NO_WINDOW = 0x08000000,
CREATE_PROTECTED_PROCESS = 0x00040000,
CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000,
CREATE_SEPARATE_WOW_VDM = 0x00000800,
CREATE_SHARED_WOW_VDM = 0x00001000,
CREATE_SUSPENDED = 0x00000004,
CREATE_UNICODE_ENVIRONMENT = 0x00000400,
DEBUG_ONLY_THIS_PROCESS = 0x00000002,
DEBUG_PROCESS = 0x00000001,
DETACHED_PROCESS = 0x00000008,
EXTENDED_STARTUPINFO_PRESENT = 0x00080000,
INHERIT_PARENT_AFFINITY = 0x00010000
}
public enum TOKEN_TYPE : int
{
TokenPrimary = 1,
TokenImpersonation = 2
}
public enum SECURITY_IMPERSONATION_LEVEL : int
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3,
}
#endregion
#region Constants
public const int TOKEN_DUPLICATE = 0x0002;
public const uint MAXIMUM_ALLOWED = 0x2000000;
public const int CREATE_NEW_CONSOLE = 0x00000010;
public const int CREATE_NO_WINDOW = 0x08000000;
public const int CREATE_UNICODE_ENVIRONMENT = 0x00000400;
public const int STARTF_USESHOWWINDOW = 0x00000001;
public const int DETACHED_PROCESS = 0x00000008;
public const int TOKEN_ALL_ACCESS = 0x000f01ff;
public const int PROCESS_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF;
public const int STANDARD_RIGHTS_REQUIRED = 0x000F0000;
public const int SYNCHRONIZE = 0x00100000;
public const int IDLE_PRIORITY_CLASS = 0x40;
public const int NORMAL_PRIORITY_CLASS = 0x20;
public const int HIGH_PRIORITY_CLASS = 0x80;
public const int REALTIME_PRIORITY_CLASS = 0x100;
public const uint SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001;
public const uint SE_PRIVILEGE_ENABLED = 0x00000002;
public const uint SE_PRIVILEGE_REMOVED = 0x00000004;
public const uint SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000;
public const int ANYSIZE_ARRAY = 1;
public const int UOI_FLAGS = 1;
public const int UOI_NAME = 2;
public const int UOI_TYPE = 3;
public const int UOI_USER_SID = 4;
public const int UOI_HEAPSIZE = 5;
public const int UOI_IO = 6;
#endregion
#region DLL Imports
[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool AdjustTokenPrivileges(nint tokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool disableAllPrivileges,
ref TOKEN_PRIVILEGES newState,
uint bufferLengthInBytes,
ref TOKEN_PRIVILEGES previousState,
out uint returnLengthInBytes);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
public static extern bool CreateProcessAsUser(
nint hToken,
string? lpApplicationName,
string lpCommandLine,
ref SECURITY_ATTRIBUTES lpProcessAttributes,
ref SECURITY_ATTRIBUTES lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
nint lpEnvironment,
string? lpCurrentDirectory,
ref STARTUPINFO lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool AllocateLocallyUniqueId(out nint pLuid);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = false)]
public static extern SECUR32.WinErrors LsaNtStatusToWinError(SECUR32.WinStatusCodes status);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool GetTokenInformation(
nint TokenHandle,
TOKEN_INFORMATION_CLASS TokenInformationClass,
nint TokenInformation,
int TokenInformationLength,
out int ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, BestFitMapping = false, ThrowOnUnmappableChar = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool LogonUser(
[MarshalAs(UnmanagedType.LPStr)] string pszUserName,
[MarshalAs(UnmanagedType.LPStr)] string pszDomain,
[MarshalAs(UnmanagedType.LPStr)] string pszPassword,
int dwLogonType,
int dwLogonProvider,
out nint phToken);
[DllImport("advapi32", SetLastError = true), SuppressUnmanagedCodeSecurity]
public static extern bool OpenProcessToken(nint ProcessHandle, int DesiredAccess, ref nint TokenHandle);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool DuplicateTokenEx(
nint hExistingToken,
uint dwDesiredAccess,
ref SECURITY_ATTRIBUTES lpTokenAttributes,
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
TOKEN_TYPE TokenType,
out nint phNewToken);
[DllImport("advapi32.dll", SetLastError = false)]
public static extern uint LsaNtStatusToWinError(uint status);
#endregion
[DllImport("advapi32", CharSet = CharSet.Auto, SetLastError = true), SuppressUnmanagedCodeSecurity]
public static extern bool ConvertSidToStringSid(IntPtr sid, out string stringSid);
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_USER
{
public SID_AND_ATTRIBUTES User;
}
[StructLayout(LayoutKind.Sequential)]
public struct SID_AND_ATTRIBUTES
{
public IntPtr Sid;
public int Attributes;
}
[DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool LookupAccountName(
string lpSystemName,
string lpAccountName,
IntPtr Sid,
ref int cbSid,
StringBuilder ReferencedDomainName,
ref int cchReferencedDomainName,
out int peUse
);
}
Reference in New Issue View Git Blame Copy Permalink