Skip to content

Commit 5db2b0f

Browse files
tyranidtyranid
committed
Added token source tab for tokens.
1 parent 61f1497 commit 5db2b0f

7 files changed

Lines changed: 366 additions & 80 deletions

File tree

TokenViewer/MainForm.cs

Lines changed: 6 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -26,56 +26,6 @@ namespace TokenViewer
2626
{
2727
public partial class MainForm : Form
2828
{
29-
private class ProcessTokenEntry : IDisposable
30-
{
31-
public int ProcessId { get; }
32-
public string Name { get; }
33-
public string ImagePath { get; }
34-
public string CommandLine { get; }
35-
public NtToken ProcessToken { get; }
36-
37-
public ProcessTokenEntry(int process_id, string name, string image_path, string command_line, NtToken process_token)
38-
{
39-
ProcessId = process_id;
40-
Name = name;
41-
ImagePath = image_path;
42-
CommandLine = command_line;
43-
ProcessToken = process_token.Duplicate();
44-
}
45-
46-
public ProcessTokenEntry(NtProcess process, NtToken process_token)
47-
: this(process.ProcessId, process.Name, process.Win32ImagePath, process.CommandLine, process_token)
48-
{
49-
}
50-
51-
public virtual void Dispose()
52-
{
53-
ProcessToken?.Dispose();
54-
}
55-
}
56-
57-
private class ThreadTokenEntry : ProcessTokenEntry
58-
{
59-
public string ThreadName { get; }
60-
public int ThreadId { get; }
61-
public NtToken ThreadToken { get; }
62-
63-
public ThreadTokenEntry(NtProcess process, NtToken process_token,
64-
int thread_id, string thread_name, NtToken thread_token)
65-
: base(process, process_token)
66-
{
67-
ThreadName = thread_name;
68-
ThreadId = thread_id;
69-
ThreadToken = thread_token.Duplicate();
70-
}
71-
72-
public override void Dispose()
73-
{
74-
ThreadToken?.Dispose();
75-
base.Dispose();
76-
}
77-
}
78-
7929
private static void ResizeColumns(ListView view)
8030
{
8131
view.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
@@ -109,6 +59,7 @@ private IEnumerable<ListViewItem> CreateThreads(NtProcess entry, NtToken process
10959
{
11060
return ret;
11161
}
62+
11263
using (var threads = new DisposableList<NtThread>(query_process.Result.GetThreads(ThreadAccessRights.QueryLimitedInformation)))
11364
{
11465
foreach (NtThread thread in threads)
@@ -122,7 +73,7 @@ private IEnumerable<ListViewItem> CreateThreads(NtProcess entry, NtToken process
12273
item.SubItems.Add(thread.ThreadId.ToString());
12374
item.SubItems.Add(token.User.ToString());
12475
item.SubItems.Add(token.ImpersonationLevel.ToString());
125-
item.Tag = new ThreadTokenEntry(query_process.Result, token, thread.ThreadId, thread.Description, token);
76+
item.Tag = new ThreadTokenEntry(query_process.Result, process_token, thread.ThreadId, thread.Description, token);
12677
ret.Add(item);
12778
}
12879
}
@@ -302,7 +253,7 @@ private void openTokenToolStripMenuItem_Click(object sender, EventArgs e)
302253
{
303254
if (item.Tag is ProcessTokenEntry process)
304255
{
305-
TokenForm.OpenForm(process.ProcessToken, $"{item.SubItems[1].Text}:{item.SubItems[0].Text}", true);
256+
TokenForm.OpenForm(process, $"{item.SubItems[1].Text}:{item.SubItems[0].Text}", true, false);
306257
}
307258
}
308259
}
@@ -431,7 +382,7 @@ private void btnCurrentProcess_Click(object sender, EventArgs e)
431382
{
432383
try
433384
{
434-
TokenForm.OpenForm(NtToken.OpenProcessToken(), "Current", false);
385+
TokenForm.OpenForm(new ProcessTokenEntry(NtProcess.Current), "Current", false, false);
435386
}
436387
catch (NtException ex)
437388
{
@@ -469,7 +420,7 @@ private void toolStripMenuItemOpenThreadToken_Click(object sender, EventArgs e)
469420
{
470421
if (thread.ThreadToken != null)
471422
{
472-
TokenForm.OpenForm(thread.ThreadToken, $"{thread.Name}:{thread.ProcessId}.{thread.ThreadId}", true);
423+
TokenForm.OpenForm(thread, $"{thread.Name}:{thread.ProcessId}.{thread.ThreadId}", true, true);
473424
}
474425
}
475426
}
@@ -483,7 +434,7 @@ private void openProcessTokenToolStripMenuItem_Click(object sender, EventArgs e)
483434
{
484435
if (thread.ProcessToken != null)
485436
{
486-
TokenForm.OpenForm(thread.ProcessToken, $"{thread.Name}:{thread.ProcessId}", true);
437+
TokenForm.OpenForm((ProcessTokenEntry)thread, $"{thread.Name}:{thread.ProcessId}", true, false);
487438
}
488439
}
489440
}

TokenViewer/ProcessTokenEntry.cs

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
// Copyright 2015 Google Inc. All Rights Reserved.
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
using NtApiDotNet;
16+
using System;
17+
18+
namespace TokenViewer
19+
{
20+
internal class ProcessTokenEntry : IDisposable
21+
{
22+
public int ProcessId { get; }
23+
public string Name { get; }
24+
public string ImagePath { get; }
25+
public string CommandLine { get; }
26+
public NtToken ProcessToken { get; private set; }
27+
28+
public ProcessTokenEntry(int process_id, string name, string image_path, string command_line, NtToken process_token)
29+
{
30+
ProcessId = process_id;
31+
Name = name;
32+
ImagePath = image_path;
33+
CommandLine = command_line;
34+
ProcessToken = process_token.Duplicate();
35+
}
36+
37+
public ProcessTokenEntry(NtProcess process, NtToken process_token)
38+
: this(process.ProcessId, process.Name, process.Win32ImagePath, process.CommandLine, process_token)
39+
{
40+
}
41+
42+
public ProcessTokenEntry(NtProcess process)
43+
: this(process, process.OpenToken())
44+
{
45+
}
46+
47+
public virtual void Dispose()
48+
{
49+
ProcessToken?.Dispose();
50+
}
51+
52+
public virtual ProcessTokenEntry Clone()
53+
{
54+
var ret = (ProcessTokenEntry)MemberwiseClone();
55+
ret.ProcessToken = ProcessToken.Duplicate();
56+
return ret;
57+
}
58+
}
59+
}

TokenViewer/ThreadTokenEntry.cs

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
// Copyright 2015 Google Inc. All Rights Reserved.
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
using NtApiDotNet;
16+
17+
namespace TokenViewer
18+
{
19+
internal class ThreadTokenEntry : ProcessTokenEntry
20+
{
21+
public string ThreadName { get; }
22+
public int ThreadId { get; }
23+
public NtToken ThreadToken { get; private set; }
24+
25+
public ThreadTokenEntry(NtProcess process, NtToken process_token,
26+
int thread_id, string thread_name, NtToken thread_token)
27+
: base(process, process_token)
28+
{
29+
ThreadName = thread_name;
30+
ThreadId = thread_id;
31+
ThreadToken = thread_token.Duplicate();
32+
}
33+
34+
public override void Dispose()
35+
{
36+
ThreadToken?.Dispose();
37+
base.Dispose();
38+
}
39+
40+
public override ProcessTokenEntry Clone()
41+
{
42+
ThreadTokenEntry thread = (ThreadTokenEntry)base.Clone();
43+
thread.ThreadToken = ThreadToken.Duplicate();
44+
return thread;
45+
}
46+
}
47+
}

0 commit comments

Comments
 (0)