Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jul 31st, 2011  |  syntax: C#  |  size: 9.57 KB  |  hits: 48  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Text;
  5. using System.Security.Permissions;
  6. using Microsoft.Win32;
  7. using System.Runtime.InteropServices;
  8. using System.Diagnostics;
  9. using System.Collections;
  10. using System.Threading;
  11. using System.Security.AccessControl;
  12. using System.Security.Principal;
  13. using Microsoft.Win32.SafeHandles;
  14.  
  15.  
  16.  
  17. namespace EnumerateMutexACL
  18. {
  19.     class Win
  20.     {
  21.         [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  22.         public static extern SafeWaitHandle OpenMutex(UInt32 desiredAccess, bool inheritHandle, string name);
  23.  
  24.         [DllImport("kernel32.dll", SetLastError = true)]
  25.         [return: MarshalAs(UnmanagedType.Bool)]
  26.         public static extern bool DuplicateHandle(IntPtr hSourceProcessHandle,
  27.            IntPtr hSourceHandle, IntPtr hTargetProcessHandle, out IntPtr lpTargetHandle,
  28.            uint dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwOptions);
  29.  
  30.         [DllImport("kernel32.dll", SetLastError = true)]
  31.         [return: MarshalAs(UnmanagedType.Bool)]
  32.         public static extern bool CloseHandle(IntPtr hObject);
  33.     }
  34.  
  35.     class Program
  36.     {
  37.  
  38.         [DllImport("advapi32.dll", SetLastError = true)]
  39.         [return: MarshalAs(UnmanagedType.Bool)]
  40.         static extern bool OpenProcessToken(IntPtr ProcessHandle,
  41.             UInt32 DesiredAccess, out IntPtr TokenHandle);
  42.  
  43.         private static uint STANDARD_RIGHTS_REQUIRED = 0x000F0000;
  44.         private static uint STANDARD_RIGHTS_READ = 0x00020000;
  45.         private static uint TOKEN_ASSIGN_PRIMARY = 0x0001;
  46.         private static uint TOKEN_DUPLICATE = 0x0002;
  47.         private static uint TOKEN_IMPERSONATE = 0x0004;
  48.         private static uint TOKEN_QUERY = 0x0008;
  49.         private static uint TOKEN_QUERY_SOURCE = 0x0010;
  50.         private static uint TOKEN_ADJUST_PRIVILEGES = 0x0020;
  51.         private static uint TOKEN_ADJUST_GROUPS = 0x0040;
  52.         private static uint TOKEN_ADJUST_DEFAULT = 0x0080;
  53.         private static uint TOKEN_ADJUST_SESSIONID = 0x0100;
  54.         private static uint TOKEN_READ = (STANDARD_RIGHTS_READ | TOKEN_QUERY);
  55.         private static uint TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
  56.             TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
  57.             TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
  58.             TOKEN_ADJUST_SESSIONID);
  59.  
  60.         [DllImport("kernel32.dll", SetLastError = true)]
  61.         static extern IntPtr GetCurrentProcess();
  62.  
  63.         [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
  64.         [return: MarshalAs(UnmanagedType.Bool)]
  65.         static extern bool LookupPrivilegeValue(string lpSystemName, string lpName,
  66.             out LUID lpLuid);
  67.  
  68.         public const string SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege";
  69.  
  70.         public const string SE_AUDIT_NAME = "SeAuditPrivilege";
  71.  
  72.         public const string SE_BACKUP_NAME = "SeBackupPrivilege";
  73.  
  74.         public const string SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege";
  75.  
  76.         public const string SE_CREATE_GLOBAL_NAME = "SeCreateGlobalPrivilege";
  77.  
  78.         public const string SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege";
  79.  
  80.         public const string SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege";
  81.  
  82.         public const string SE_CREATE_SYMBOLIC_LINK_NAME = "SeCreateSymbolicLinkPrivilege";
  83.  
  84.         public const string SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege";
  85.  
  86.         public const string SE_DEBUG_NAME = "SeDebugPrivilege";
  87.  
  88.         public const string SE_ENABLE_DELEGATION_NAME = "SeEnableDelegationPrivilege";
  89.  
  90.         public const string SE_IMPERSONATE_NAME = "SeImpersonatePrivilege";
  91.  
  92.         public const string SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege";
  93.  
  94.         public const string SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege";
  95.  
  96.         public const string SE_INC_WORKING_SET_NAME = "SeIncreaseWorkingSetPrivilege";
  97.  
  98.         public const string SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege";
  99.  
  100.         public const string SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege";
  101.  
  102.         public const string SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege";
  103.  
  104.         public const string SE_MANAGE_VOLUME_NAME = "SeManageVolumePrivilege";
  105.  
  106.         public const string SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege";
  107.  
  108.         public const string SE_RELABEL_NAME = "SeRelabelPrivilege";
  109.  
  110.         public const string SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege";
  111.  
  112.         public const string SE_RESTORE_NAME = "SeRestorePrivilege";
  113.  
  114.         public const string SE_SECURITY_NAME = "SeSecurityPrivilege";
  115.  
  116.         public const string SE_SHUTDOWN_NAME = "SeShutdownPrivilege";
  117.  
  118.         public const string SE_SYNC_AGENT_NAME = "SeSyncAgentPrivilege";
  119.  
  120.         public const string SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege";
  121.  
  122.         public const string SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege";
  123.  
  124.         public const string SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege";
  125.  
  126.         public const string SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege";
  127.  
  128.         public const string SE_TCB_NAME = "SeTcbPrivilege";
  129.  
  130.         public const string SE_TIME_ZONE_NAME = "SeTimeZonePrivilege";
  131.  
  132.         public const string SE_TRUSTED_CREDMAN_ACCESS_NAME = "SeTrustedCredManAccessPrivilege";
  133.  
  134.         public const string SE_UNDOCK_NAME = "SeUndockPrivilege";
  135.  
  136.         public const string SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege";
  137.  
  138.         [StructLayout(LayoutKind.Sequential)]
  139.         public struct LUID
  140.         {
  141.             public UInt32 LowPart;
  142.             public Int32 HighPart;
  143.         }
  144.  
  145.         [DllImport("kernel32.dll", SetLastError = true)]
  146.         static extern bool CloseHandle(IntPtr hHandle);
  147.  
  148.         public const UInt32 SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x00000001;
  149.         public const UInt32 SE_PRIVILEGE_ENABLED = 0x00000002;
  150.         public const UInt32 SE_PRIVILEGE_REMOVED = 0x00000004;
  151.         public const UInt32 SE_PRIVILEGE_USED_FOR_ACCESS = 0x80000000;
  152.  
  153.         [StructLayout(LayoutKind.Sequential)]
  154.         public struct TOKEN_PRIVILEGES
  155.         {
  156.             public UInt32 PrivilegeCount;
  157.             public LUID Luid;
  158.             public UInt32 Attributes;
  159.         }
  160.  
  161.         [StructLayout(LayoutKind.Sequential)]
  162.         public struct LUID_AND_ATTRIBUTES
  163.         {
  164.             public LUID Luid;
  165.             public UInt32 Attributes;
  166.         }
  167.  
  168.         // Use this signature if you do not want the previous state
  169.         [DllImport("advapi32.dll", SetLastError = true)]
  170.         [return: MarshalAs(UnmanagedType.Bool)]
  171.         static extern bool AdjustTokenPrivileges(IntPtr TokenHandle,
  172.            [MarshalAs(UnmanagedType.Bool)]bool DisableAllPrivileges,
  173.            ref TOKEN_PRIVILEGES NewState,
  174.            UInt32 Zero,
  175.            IntPtr Null1,
  176.            IntPtr Null2);
  177.  
  178.  
  179.         static void Main(string[] args)
  180.         {
  181.             const UInt32 MUTEX_ALL_ACCESS = 0x1F0001;
  182.             const uint DUPLICATE_CLOSE_SOURCE = 0x00000001;
  183.  
  184.             //Process.EnterDebugMode();
  185.             Process proc = Process.GetProcessesByName("notepad2")[0];
  186.             IntPtr p = proc.Handle;
  187.  
  188.  
  189.             IntPtr hToken;
  190.             LUID luidSEDebugNameValue;
  191.             TOKEN_PRIVILEGES tkpPrivileges;
  192.  
  193.             if (!OpenProcessToken(proc.Handle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))
  194.             {
  195.                 Console.WriteLine("OpenProcessToken() failed, error = {0} . SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
  196.                 return;
  197.             }
  198.             else
  199.             {
  200.                 Console.WriteLine("OpenProcessToken() successfully");
  201.             }
  202.  
  203.             if (!LookupPrivilegeValue(null, SE_DEBUG_NAME, out luidSEDebugNameValue))
  204.             {
  205.                 Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
  206.                 CloseHandle(hToken);
  207.                 return;
  208.             }
  209.             else
  210.             {
  211.                 Console.WriteLine("LookupPrivilegeValue() successfully");
  212.             }
  213.  
  214.             tkpPrivileges.PrivilegeCount = 1;
  215.             tkpPrivileges.Luid = luidSEDebugNameValue;
  216.             tkpPrivileges.Attributes = SE_PRIVILEGE_ENABLED;
  217.  
  218.             if (!AdjustTokenPrivileges(hToken, false, ref tkpPrivileges, 0, IntPtr.Zero, IntPtr.Zero))
  219.             {
  220.                 Console.WriteLine("LookupPrivilegeValue() failed, error = {0} .SeDebugPrivilege is not available", Marshal.GetLastWin32Error());
  221.             }
  222.             else
  223.             {
  224.                 Console.WriteLine("SeDebugPrivilege is now available");
  225.             }
  226.             CloseHandle(hToken);
  227.  
  228.  
  229.  
  230.             SafeWaitHandle hMutex = Win.OpenMutex(MUTEX_ALL_ACCESS, false, "MSCTF.Asm.MutexDefault1");
  231.             IntPtr pp = hMutex.DangerousGetHandle();
  232.  
  233.             IntPtr ppp = Process.GetCurrentProcess().Handle;
  234.             IntPtr pppp = IntPtr.Zero; // System.Diagnostics.Process.Start("calc").Handle;
  235.             Win.DuplicateHandle(p, pp, ppp, out pppp, MUTEX_ALL_ACCESS, false, DUPLICATE_CLOSE_SOURCE);
  236.             Win.CloseHandle(pppp);
  237.  
  238.             if (Win.OpenMutex(MUTEX_ALL_ACCESS, false, "MSCTF.Asm.MutexDefault1").DangerousGetHandle() == IntPtr.Zero)
  239.                 Console.Write("Success");
  240.             else
  241.                 Console.Write("Failed");
  242.  
  243.  
  244.             Console.Read();
  245.  
  246.             return;
  247.         }
  248.     }
  249. }
create a new version of this paste RAW Paste Data