Inherit process handle to TokenViewer.

Author: tyranid

NtObjectManager/NtObjectManager.psm1

@@ -2159,20 +2159,19 @@ function Set-ExecutionAlias
 function Start-NtTokenViewer {
     param(
         [Parameter(Mandatory=$true, Position=0)]
-        [NtApiDotNet.NtToken]$Token,
+        [NtApiDotNet.NtObject]$Handle,
         [string]$Text
     )
 
-    Use-NtObject($dup_token = $Token.Duplicate()) {
-        $dup_token.Inherit = $true
-        $cmdline = [string]::Format("TokenViewer --handle={0}", $dup_token.Handle.DangerousGetHandle())
+    Use-NtObject($dup_handle = $Handle.Duplicate()) {
+        $dup_handle.Inherit = $true
+        $cmdline = [string]::Format("TokenViewer --handle={0}", $dup_handle.Handle.DangerousGetHandle())
         if ($Text -ne "") {
             $cmdline += " ""--text=$Text"""
         }
         $config = New-Win32ProcessConfig $cmdline -ApplicationName "$PSScriptRoot\TokenViewer.exe" -InheritHandles
-        $config.InheritHandleList.Add($dup_token.Handle.DangerousGetHandle())
-        Use-NtObject($p = New-Win32Process -Config $config) {
-        }
+        $config.InheritHandleList.Add($dup_handle.Handle.DangerousGetHandle())
+        Use-NtObject($p = New-Win32Process -Config $config) {}
     }
 }
 
@@ -2255,10 +2254,8 @@ function Show-NtToken {
       }
       switch($PSCmdlet.ParameterSetName) {
         "FromProcess" {
-            Use-NtObject($t = Get-NtToken -Primary -Process $Process) {
-              $text = "$($Process.Name):$($Process.ProcessId)"
-              Start-NtTokenViewer $t -Text $text
-            }
+            $text = "$($Process.Name):$($Process.ProcessId)"
+            Start-NtTokenViewer $Process -Text $text
         }
         "FromName" {
           Use-NtObject($ps = Get-NtProcess -Name $Name -Access QueryLimitedInformation) {

TokenViewer/Program.cs

@@ -116,22 +116,25 @@ static Form GetFormFromArgs(string[] args)
                 }
                 else if (handle > 0)
                 {
-                    using (NtToken token = NtToken.FromHandle(new SafeKernelObjectHandle(new IntPtr(handle), true)))
+                    using (var obj = NtObjectUtils.FromHandle(new IntPtr(handle), true))
                     {
-                        if (token.NtType != NtType.GetTypeByType<NtToken>())
+                        if (obj is NtToken token)
                         {
-                            throw new ArgumentException("Passed handle is not a token");
+                            return new TokenForm(token.Duplicate(), text);
                         }
-
-                        return new TokenForm(token.Duplicate(), text);
+                        else if (obj is NtProcess process)
+                        {
+                            return new TokenForm(new ProcessTokenEntry(process), text, false);
+                        }
+                        throw new ArgumentException("Passed handle is not a token or process.");
                     }
                 }
                 else if (pid > 0)
                 {
                     using (NtProcess process = NtProcess.Open(pid, ProcessAccessRights.QueryLimitedInformation))
                     {
-                        return new TokenForm(process.OpenToken(),
-                            $"{process.Name}:{pid}");
+                        return new TokenForm(new ProcessTokenEntry(process),
+                            $"{process.Name}:{pid}", false);
                     }
                 }
             }