Add function to convert from package SID to capability SID.

Author: tyranid

NtApiDotNet/NtSecurity.cs

@@ -205,7 +205,7 @@ public static string LookupPackageName(Sid sid)
         {
             if (!IsPackageSid(sid))
             {
-                throw new ArgumentException("Sid not a package sid", "sid");
+                throw new ArgumentException("Sid not a package sid", nameof(sid));
             }
 
             return _package_names.GetOrAdd(sid, _ =>
@@ -246,7 +246,7 @@ public static string LookupDeviceCapabilityName(Sid sid)
         {
             if (!IsCapabilitySid(sid))
             {
-                throw new ArgumentException("Sid not a capability sid", "sid");
+                throw new ArgumentException("Sid not a capability sid", nameof(sid));
             }
 
             var device_capabilities = GetDeviceCapabilities();
@@ -257,6 +257,24 @@ public static string LookupDeviceCapabilityName(Sid sid)
             return null;
         }
 
+        /// <summary>
+        /// Convert a package SID to a capability.
+        /// </summary>
+        /// <param name="sid">The package SID to convert.</param>
+        /// <returns>The package SID as a capability.</returns>
+        public static Sid PackageSidToCapability(Sid sid)
+        {
+            if (!IsPackageSid(sid))
+            {
+                throw new ArgumentException("Sid not a package sid", nameof(sid));
+            }
+
+            uint[] sub_authorities = sid.SubAuthorities.ToArray();
+            // Convert to a package SID.
+            sub_authorities[0] = 3;
+            return new Sid(sid.Authority, sub_authorities);
+        }
+
         /// <summary>
         /// Convert a security descriptor to SDDL string
         /// </summary>
@@ -2472,6 +2490,7 @@ private static SidName GetNameForSidInternal(Sid sid)
                 {
                     switch (sid.SubAuthorities.Count)
                     {
+                        case 12:
                         case 8:
                             uint[] sub_authorities = sid.SubAuthorities.ToArray();
                             // Convert to a package SID.

NtObjectManager/Cmdlets/Object/GetNtSidCmdlet.cs

@@ -135,6 +135,12 @@ public class GetNtSidCmdlet : PSCmdlet
         [Parameter(ParameterSetName = "package")]
         public string RestrictedPackageName { get; set; }
 
+        /// <summary>
+        /// <para type="description">Specify the package SID should be in capability format.</para>
+        /// </summary>
+        [Parameter(ParameterSetName = "package")]
+        public SwitchParameter AsCapability { get; set; }
+
         /// <summary>
         /// <para type="description">Get a known SID.</para>
         /// </summary>
@@ -289,6 +295,10 @@ protected override void ProcessRecord()
                     {
                         sid = TokenUtils.DeriveRestrictedPackageSidFromSid(sid, RestrictedPackageName);
                     }
+                    if (AsCapability)
+                    {
+                        sid = NtSecurity.PackageSidToCapability(sid);
+                    }
                     break;
                 case "known":
                     sid = KnownSids.GetKnownSid(KnownSid);

NtObjectManager/Cmdlets/Object/GetNtTokenCmdlet.cs

@@ -397,6 +397,7 @@ public sealed class GetNtTokenCmdlet : PSCmdlet
         /// <para type="description">Specify package SID or a package name.</para>
         /// </summary>
         [Parameter(Mandatory = true, ParameterSetName = "LowBox"), Parameter(ParameterSetName = "AppContainer")]
+        [Alias("pkg")]
         public string PackageSid { get; set; }
 
         /// <summary>
@@ -409,7 +410,7 @@ public sealed class GetNtTokenCmdlet : PSCmdlet
         /// <para type="description">Specify list of capability SIDS to add to token. Can specify an SDDL format string or a capability name.</para>
         /// </summary>
         [Parameter(ParameterSetName = "LowBox"), Parameter(ParameterSetName = "AppContainer")]
-        [Alias("CapabilitySids")]
+        [Alias("CapabilitySids", "cap")]
         public string[] CapabilitySid { get; set; }
 
         /// <summary>