Added Get-NtDesktop and Get-NtWindowStation commands.

Author: tyranid

NtApiDotNet/NtDesktop.cs

@@ -61,6 +61,20 @@ public static NtResult<NtDesktop> Open(ObjectAttributes object_attributes, Creat
             return new NtResult<NtDesktop>(NtStatus.STATUS_SUCCESS, new NtDesktop(handle));
         }
 
+        /// <summary>
+        /// Open a desktop by name.
+        /// </summary>
+        /// <param name="object_attributes">The object attributes for opening.</param>
+        /// <param name="flags">Flags for opening the desktop.</param>
+        /// <param name="desired_access">Desired access.</param>
+        /// <returns>The instance of the desktop.</returns>
+        /// <exception cref="NtException">Thrown on error.</exception>
+        public static NtDesktop Open(ObjectAttributes object_attributes, CreateDesktopFlags flags,
+            DesktopAccessRights desired_access)
+        {
+            return Open(object_attributes, flags, desired_access, true).Result;
+        }
+
         /// <summary>
         /// Open a desktop by name.
         /// </summary>

NtApiDotNet/NtWindowStation.cs

@@ -102,6 +102,18 @@ public static NtResult<NtWindowStation> Open(ObjectAttributes object_attributes,
             return new NtResult<NtWindowStation>(NtStatus.STATUS_SUCCESS, new NtWindowStation(handle));
         }
 
+        /// <summary>
+        /// Open a window station by name.
+        /// </summary>
+        /// <param name="object_attributes">The object attributes for opening.</param>
+        /// <param name="desired_access">Desired access.</param>
+        /// <returns>The instance of the window station</returns>
+        /// <exception cref="NtException">Thrown on error.</exception>
+        public static NtWindowStation Open(ObjectAttributes object_attributes, WindowStationAccessRights desired_access)
+        {
+            return Open(object_attributes, desired_access, true).Result;
+        }
+
         /// <summary>
         /// Open a window station by name.
         /// </summary>
@@ -216,7 +228,7 @@ public NtStatus CloseWindowStation(bool throw_on_error = true)
         {
             if (!NtSystemCalls.NtUserCloseWindowStation(Handle))
             {
-                return NtObjectUtils.MapDosErrorToStatus();
+                return NtObjectUtils.MapDosErrorToStatus().ToNtException(throw_on_error);
             }
             return NtStatus.STATUS_SUCCESS;
         }
@@ -256,5 +268,29 @@ public static NtResult<NtWindowStation> OpenCurrent(bool throw_on_error)
         /// Open the current process Window Station.
         /// </summary>
         public static NtWindowStation Current => OpenCurrent(true).Result;
+
+        /// <summary>
+        /// Get the Window Station directory for a session.
+        /// </summary>
+        /// <param name="session_id">The session ID.</param>
+        /// <returns>The path to the Window Station directory.</returns>
+        public static string GetWindowStationDirectory(int session_id)
+        {
+            string ret = @"\Windows\WindowStations";
+            if (session_id != 0)
+            {
+                ret = $@"\Sessions\{session_id}{ret}";
+            }
+            return ret;
+        }
+
+        /// <summary>
+        /// Get the Window Station directory for the current session.
+        /// </summary>
+        /// <returns>The path to the Window Station directory.</returns>
+        public static string GetWindowStationDirectory()
+        {
+            return GetWindowStationDirectory(NtProcess.Current.SessionId);
+        }
     }
 }

NtObjectManager/NtObjectCmdlets.cs

@@ -220,6 +220,28 @@ private static string RemoveDrive(string path)
             return path.Substring(index + 2);
         }
 
+        /// <summary>
+        /// Get the Win32 path for a specified path.
+        /// </summary>
+        /// <param name="path">The path component.</param>
+        /// <returns>The full NT path.</returns>
+        protected virtual string GetWin32Path(string path)
+        {
+            List<string> ret = new List<string>();
+            int session_id = NtProcess.Current.SessionId;
+            if (session_id != 0)
+            {
+                ret.Add("Sessions");
+                ret.Add(session_id.ToString());
+            }
+            ret.Add("BaseNamedObjects");
+            if (!string.IsNullOrEmpty(path))
+            {
+                ret.AddRange(Path.Split('\\'));
+            }
+            return $@"\{string.Join(@"\", ret)}";
+        }
+
         /// <summary>
         /// Virtual method to resolve the value of the Path variable.
         /// </summary>
@@ -238,19 +260,7 @@ protected virtual string ResolvePath()
                     throw new ArgumentException("Win32 paths can't start with a path separator");
                 }
 
-                List<string> ret = new List<string>();
-                int session_id = NtProcess.Current.SessionId;
-                if (session_id != 0)
-                {
-                    ret.Add("Sessions");
-                    ret.Add(session_id.ToString());
-                }
-                ret.Add("BaseNamedObjects");
-                if (!string.IsNullOrEmpty(Path))
-                {
-                    ret.AddRange(Path.Split('\\'));
-                }
-                return $@"\{string.Join(@"\", ret)}";
+                return GetWin32Path(Path);
             }
 
             if (Path.StartsWith(@"\") || Root != null)
@@ -335,7 +345,7 @@ private IEnumerable<NtObject> CreateDirectoriesAndObject()
         /// <summary>
         /// Overridden ProcessRecord method.
         /// </summary>
-        protected sealed override void ProcessRecord()
+        protected override void ProcessRecord()
         {
             VerifyParameters();
             try

NtObjectManager/NtObjectManager.csproj

@@ -64,6 +64,7 @@
     <Compile Include="NtResourceManagerCmdlets.cs" />
     <Compile Include="NtTransactionCmdlets.cs" />
     <Compile Include="NtTransactionManagerCmdlets.cs" />
+    <Compile Include="NtWin32Cmdlets.cs" />
     <Compile Include="PSUtils.cs" />
     <Compile Include="RpcServerCmdlets.cs" />
     <Compile Include="RpcServerNameCmdlets.cs" />

NtObjectManager/NtObjectManager.psd1

@@ -101,7 +101,8 @@ CmdletsToExport = 'Add-NtKey', 'Get-NtDirectory', 'Get-NtEvent', 'Get-NtFile',
                'Compare-RpcServer', 'Select-RpcServer', 'Add-NtTokenSecurityAttribute',
                'Remove-NtTokenSecurityAttribute', 'Get-AccessibleEventTrace',
                'Test-NtToken', 'Get-AccessibleToken', 'Set-NtProcessJob', 
-               'Get-AccessibleWnf', 'Get-AccessibleWindowStation', 'Get-NtProcessJob'
+               'Get-AccessibleWnf', 'Get-AccessibleWindowStation', 'Get-NtProcessJob',
+               'Get-NtWindowStation', 'Get-NtDesktop'
 
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()

NtObjectManager/NtWin32Cmdlets.cs

@@ -0,0 +1,223 @@
+//  Copyright 2020 Google Inc. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+
+using NtApiDotNet;
+using System.Management.Automation;
+
+namespace NtObjectManager
+{
+    /// <summary>
+    /// <para type="synopsis">Open a Window Station object by path.</para>
+    /// <para type="description">This cmdlet opens an existing Window Station object. The absolute path to the object in the NT object manager name space must be specified. 
+    /// It's also possible to create the object relative to an existing object by specified the -Root parameter.</para>
+    /// </summary>
+    /// <example>
+    ///   <code>$obj = Get-NtWindowStation</code>
+    ///   <para>Get all accessible Window Stations.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = Get-NtWindowStation \Windows\WindowStations\WinSta0</code>
+    ///   <para>Get an Window Station object with an absolute path.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$root = Get-NtDirectory \Windows\WindowStations&#x0A;$obj = Get-NtWindowStation ABC -Root $root</code>
+    ///   <para>Get an Window Station object with a relative path.
+    ///   </para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = Get-NtWindowStation -Path WinSta0 -Win32Path</code>
+    ///   <para>Get an Window Station object from Win32 path.</para>
+    /// </example>
+    /// <para type="link">about_ManagingNtObjectLifetime</para>
+    [Cmdlet(VerbsCommon.Get, "NtWindowStation", DefaultParameterSetName = "All")]
+    [OutputType(typeof(NtWindowStation))]
+    public sealed class GetNtWindowStationCmdlet : NtObjectBaseCmdletWithAccess<WindowStationAccessRights>
+    {
+        /// <summary>
+        /// Determine if the cmdlet can create objects.
+        /// </summary>
+        /// <returns>True if objects can be created.</returns>
+        protected override bool CanCreateDirectories()
+        {
+            return false;
+        }
+
+        /// <summary>
+        /// <para type="description">The NT object manager path to the object to use.</para>
+        /// </summary>
+        [Parameter(Position = 0, Mandatory = true, ParameterSetName = "FromPath")]
+        public override string Path { get; set; }
+
+        /// <summary>
+        /// <para type="description">The current Window Station.</para>
+        /// </summary>
+        [Parameter(Mandatory = true, ParameterSetName = "FromCurrent")]
+        public SwitchParameter Current { get; set; }
+
+        /// <summary>
+        /// Get the Win32 path for a specified path.
+        /// </summary>
+        /// <param name="path">The path component.</param>
+        /// <returns>The full NT path.</returns>
+        protected override string GetWin32Path(string path)
+        {
+            return $@"{NtWindowStation.GetWindowStationDirectory()}\{path}";
+        }
+
+        /// <summary>
+        /// Method to create an object from a set of object attributes.
+        /// </summary>
+        /// <param name="obj_attributes">The object attributes to create/open from.</param>
+        /// <returns>The newly created object.</returns>
+        protected override object CreateObject(ObjectAttributes obj_attributes)
+        {
+            return NtWindowStation.Open(obj_attributes, Access);
+        }
+
+        /// <summary>
+        /// Overridden ProcessRecord method.
+        /// </summary>
+        protected override void ProcessRecord()
+        {
+            switch (ParameterSetName)
+            {
+                case "All":
+                    WriteObject(NtWindowStation.GetAccessibleWindowStations(Access), true);
+                    break;
+                case "FromCurrent":
+                    {
+                        var winsta = NtWindowStation.Current;
+                        if (Access.HasFlag(WindowStationAccessRights.MaximumAllowed))
+                        {
+                            WriteObject(winsta);
+                        }
+                        else
+                        {
+                            WriteObject(winsta.Duplicate(Access));
+                        }
+                    }
+                    break;
+                default:
+                    base.ProcessRecord();
+                    break;
+            }
+        }
+    }
+
+    /// <summary>
+    /// <para type="synopsis">Open a Desktop object by path.</para>
+    /// <para type="description">This cmdlet opens an existing Desktop object. The absolute path to the object in the NT object manager name space must be specified. 
+    /// It's also possible to create the object relative to an existing object by specified the -Root parameter.</para>
+    /// </summary>
+    /// <example>
+    ///   <code>$obj = Get-NtDesktop</code>
+    ///   <para>Get all accessible Desktops.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = Get-NtDesktop \Windows\WindowStations\WinSta0\Default</code>
+    ///   <para>Get an desktop object with an absolute path.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$winsta = Get-NtWindowStation -Current&#x0A;$obj = Get-NtDesktop ABC -Root $root</code>
+    ///   <para>Get an Desktop object with a relative path.
+    ///   </para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = Get-NtDesktop -Path Default -Win32Path</code>
+    ///   <para>Get the Default Desktop object in current Window Station.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = Get-NtDesktop -Path blah\Default -Win32Path</code>
+    ///   <para>Get the Default Desktop object in blah Window Station.</para>
+    /// </example>
+    /// <para type="link">about_ManagingNtObjectLifetime</para>
+    [Cmdlet(VerbsCommon.Get, "NtDesktop", DefaultParameterSetName = "All")]
+    [OutputType(typeof(NtDesktop))]
+    public sealed class GetNtDesktopCmdlet : NtObjectBaseCmdletWithAccess<DesktopAccessRights>
+    {
+        /// <summary>
+        /// Determine if the cmdlet can create objects.
+        /// </summary>
+        /// <returns>True if objects can be created.</returns>
+        protected override bool CanCreateDirectories()
+        {
+            return false;
+        }
+
+        /// <summary>
+        /// <para type="description">The NT object manager path to the object to use.</para>
+        /// </summary>
+        [Parameter(Position = 0, Mandatory = true, ParameterSetName = "FromPath")]
+        public override string Path { get; set; }
+
+        /// <summary>
+        /// <para type="description">The current Desktop.</para>
+        /// </summary>
+        [Parameter(Mandatory = true, ParameterSetName = "FromCurrent")]
+        public SwitchParameter Current { get; set; }
+
+        /// <summary>
+        /// Get the Win32 path for a specified path.
+        /// </summary>
+        /// <param name="path">The path component.</param>
+        /// <returns>The full NT path.</returns>
+        protected override string GetWin32Path(string path)
+        {
+            if (!path.Contains(@"\"))
+            {
+                return $@"{NtWindowStation.Current.FullPath}\{path}";
+            }
+            return $@"{NtWindowStation.GetWindowStationDirectory()}\{path}";
+        }
+
+        /// <summary>
+        /// Method to create an object from a set of object attributes.
+        /// </summary>
+        /// <param name="obj_attributes">The object attributes to create/open from.</param>
+        /// <returns>The newly created object.</returns>
+        protected override object CreateObject(ObjectAttributes obj_attributes)
+        {
+            return NtDesktop.Open(obj_attributes, CreateDesktopFlags.None, Access);
+        }
+
+        /// <summary>
+        /// Overridden ProcessRecord method.
+        /// </summary>
+        protected override void ProcessRecord()
+        {
+            switch (ParameterSetName)
+            {
+                case "All":
+                    WriteObject(NtWindowStation.Current.GetAccessibleDesktops(Access), true);
+                    break;
+                case "FromCurrent":
+                    {
+                        var desktop = NtDesktop.Current;
+                        if (Access.HasFlag(DesktopAccessRights.MaximumAllowed))
+                        {
+                            WriteObject(desktop);
+                        }
+                        else
+                        {
+                            WriteObject(desktop.Duplicate(Access));
+                        }
+                    }
+                    break;
+                default:
+                    base.ProcessRecord();
+                    break;
+            }
+        }
+    }
+}