Added basic Silo initialization.

Author: tyranid

NtApiDotNet/NtJob.cs

@@ -154,16 +154,136 @@ public static NtJob Open(string path, NtObject root)
         {
             return Open(path, root, JobAccessRights.MaximumAllowed);
         }
+
+        /// <summary>
+        /// Create and initialize a Silo,
+        /// </summary>
+        /// <param name="root_dir_flags">Flags for root directory.</param>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The Job object.</returns>
+        public static NtResult<NtJob> CreateSilo(SiloObjectRootDirectoryControlFlags root_dir_flags, bool throw_on_error)
+        {
+            using (var job = Create(null, JobAccessRights.MaximumAllowed, throw_on_error))
+            {
+                if (!job.IsSuccess)
+                    return job;
+                return job.Result.InitializeSilo(root_dir_flags, false).CreateResult(throw_on_error, () => job.Result.Duplicate());
+            }
+        }
+
+        /// <summary>
+        /// Create an initialize a Silo,
+        /// </summary>
+        /// <param name="root_dir_flags">Flags for root directory.</param>
+        /// <returns>The Job object.</returns>
+        public static NtJob CreateSilo(SiloObjectRootDirectoryControlFlags root_dir_flags)
+        {
+            return CreateSilo(root_dir_flags, true).Result;
+        }
+
         #endregion
 
         #region Public Methods
+        /// <summary>
+        /// Convert Job object into a Silo
+        /// </summary>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The NT status code.</returns>
+        public NtStatus CreateSilo(bool throw_on_error)
+        {
+            return NtSystemCalls.NtSetInformationJobObject(Handle, JobObjectInformationClass.JobObjectCreateSilo,
+                SafeHGlobalBuffer.Null, 0).ToNtException(throw_on_error);
+        }
+
         /// <summary>
         /// Convert Job object into a Silo
         /// </summary>
         public void CreateSilo()
         {
-            NtSystemCalls.NtSetInformationJobObject(Handle, JobObjectInformationClass.JobObjectCreateSilo,
-                SafeHGlobalBuffer.Null, 0).ToNtException();
+            CreateSilo(true);
+        }
+
+        /// <summary>
+        /// Initialize a Silo,
+        /// </summary>
+        /// <param name="root_dir_flags">Flags for root directory.</param>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The NT status code.</returns>
+        public NtStatus InitializeSilo(SiloObjectRootDirectoryControlFlags root_dir_flags, bool throw_on_error)
+        {
+            NtStatus status = SetLimitFlags(JobObjectLimitFlags.Application, throw_on_error);
+            if (!status.IsSuccess())
+                return status;
+            status = CreateSilo(throw_on_error);
+            if (!status.IsSuccess())
+                return status;
+            status = AssignProcessPseudoHandle(throw_on_error);
+            if (!status.IsSuccess())
+                return status;
+            return SetSiloObjectRootDirectory(root_dir_flags, throw_on_error);
+        }
+
+        /// <summary>
+        /// Initialize a Silo,
+        /// </summary>
+        /// <param name="root_dir_flags">Flags for root directory.</param>
+        public void InitializeSilo(SiloObjectRootDirectoryControlFlags root_dir_flags)
+        {
+            InitializeSilo(root_dir_flags, true);
+        }
+
+        /// <summary>
+        /// Initialize a Silo to a Server Silo.
+        /// </summary>
+        /// <param name="delete_event">Event to signal when silo deleted.</param>
+        /// <param name="downlevel_container">True if a downlevel container.</param>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The NT status code.</returns>
+        public NtStatus InitializeServerSilo(NtEvent delete_event, bool downlevel_container, bool throw_on_error)
+        {
+            ServerSiloInitInformation init = new ServerSiloInitInformation()
+            {
+                DeleteEvent = delete_event?.Handle.DangerousGetHandle() ?? IntPtr.Zero,
+                IsDownlevelContainer = downlevel_container
+            };
+
+            return Set(JobObjectInformationClass.JobObjectServerSiloInitialize, init, throw_on_error);
+        }
+
+        /// <summary>
+        /// Initialize a Silo to a Server Silo.
+        /// </summary>
+        /// <param name="delete_event">Event to signal when silo deleted.</param>
+        /// <param name="downlevel_container">True if a downlevel container.</param>
+        /// <returns>The NT status code.</returns>
+        public void InitializeServerSilo(NtEvent delete_event, bool downlevel_container)
+        {
+            InitializeServerSilo(delete_event, downlevel_container, true);
+        }
+
+        /// <summary>
+        /// Create the silo's root object directory.
+        /// </summary>
+        /// <param name="flags">The flags for the creation.</param>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The NT status code.</returns>
+        public NtStatus SetSiloObjectRootDirectory(SiloObjectRootDirectoryControlFlags flags, bool throw_on_error)
+        {
+            SiloObjectRootDirectory root_dir = new SiloObjectRootDirectory
+            {
+                ControlFlags = flags
+            };
+            return Set(JobObjectInformationClass.JobObjectSiloRootDirectory, root_dir, throw_on_error);
+        }
+
+        /// <summary>
+        /// Create the silo's root object directory.
+        /// </summary>
+        /// <param name="flags">The flags for the creation.</param>
+        /// <returns>The NT status code.</returns>
+        public void SetSiloObjectRootDirectory(SiloObjectRootDirectoryControlFlags flags)
+        {
+            SetSiloObjectRootDirectory(flags, true);
         }
 
         /// <summary>
@@ -186,12 +306,20 @@ public NtStatus AssignProcess(NtProcess process, bool throw_on_error)
             return NtSystemCalls.NtAssignProcessToJobObject(Handle, process.Handle).ToNtException(throw_on_error);
         }
 
+        /// <summary>
+        /// Assign a process to this job object using current Job on Windows 1709+.
+        /// </summary>
+        public NtStatus AssignProcessPseudoHandle(bool throw_on_error)
+        {
+            return AssignProcess(NtProcess.FromHandle(new SafeKernelObjectHandle(new IntPtr(-7), false)), throw_on_error);
+        }
+
         /// <summary>
         /// Assign a process to this job object using current Job on Windows 1709+.
         /// </summary>
         public void AssignProcessPseudoHandle()
         {
-            AssignProcess(NtProcess.FromHandle(new SafeKernelObjectHandle(new IntPtr(-7), false)));
+            AssignProcessPseudoHandle(true);
         }
 
         /// <summary>
@@ -529,6 +657,20 @@ public void SetUiRestrictionFlags(JobObjectUiLimitFlags flags)
             SetUiRestrictionFlags(flags, true);
         }
 
+        /// <summary>
+        /// Query Silo Root directory.
+        /// </summary>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The silo root directory.</returns>
+        public NtResult<string> QuerySiloRootDirectory(bool throw_on_error)
+        {
+            using (var buffer = new SafeStructureInOutBuffer<SiloObjectRootDirectory>(64 * 1024, true))
+            {
+                return QueryInformation(JobObjectInformationClass.JobObjectSiloRootDirectory, 
+                    buffer, out int length).CreateResult(throw_on_error, () => buffer.Result.Path.ToString());
+            }
+        }
+
         /// <summary>
         /// Method to query information for this object type.
         /// </summary>
@@ -742,6 +884,21 @@ public bool SilentBreakawayOk
         /// </summary>
         public int JobId => Query<JobObjectContainerIdentifierV2>(JobObjectInformationClass.JobObjectContainerId).JobId;
 
+        /// <summary>
+        /// Get the Silo's Root Directory.
+        /// </summary>
+        public string SiloRootDirectory => QuerySiloRootDirectory(true).GetResultOrDefault(string.Empty);
+
+        /// <summary>
+        /// Get Silo basic information.
+        /// </summary>
+        public SiloObjectBasicInformation SiloBasicInformation => Query<SiloObjectBasicInformation>(JobObjectInformationClass.JobObjectSiloBasicInformation);
+
+        /// <summary>
+        /// Get Silo basic information.
+        /// </summary>
+        public ServerSiloBasicInformation ServerSiloBasicInformation => Query<ServerSiloBasicInformation>(JobObjectInformationClass.JobObjectServerSiloBasicInformation);
+
         #endregion
 
         #region Private Members

NtApiDotNet/NtJobNative.cs

@@ -274,6 +274,88 @@ public struct JobObjectContainerIdentifierV2
         public int JobId;
     }
 
+    [StructLayout(LayoutKind.Sequential)]
+    public struct ServerSiloInitInformation
+    {
+        public IntPtr DeleteEvent;
+        [MarshalAs(UnmanagedType.U1)]
+        public bool IsDownlevelContainer;
+    }
+
+    public enum NtProductType
+    {
+        WinNt = 1,
+        LanManNt = 2,
+        Server = 3 
+    }
+
+    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+    public struct SiloUserSharedData
+    {
+        public int ServiceSessionId;
+        public int ActiveConsoleId;
+        public long ConsoleSessionForegroundProcessId;
+        public NtProductType NtProductType;
+        public int SuiteMask;
+        public int SharedUserSessionId;
+        public byte IsMultiSessionSku;
+        [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
+        public string NtSystemRoot;
+        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
+        public ushort[] UserModeGlobalLogger;
+    }
+
+    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+    public struct SiloObjectBasicInformation
+    {
+        public int SiloId;
+        public int SiloParentId;
+        public int NumberOfProcesses;
+        [MarshalAs(UnmanagedType.U1)]
+        public bool IsInServerSilo;
+        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 3)]
+        public byte[] Reserved;
+    }
+
+    [Flags]
+    public enum SiloObjectRootDirectoryControlFlags
+    {
+        None = 0,
+        ShadowRoot = 1,
+        InitializeRoot = 2,
+        ShadowGlobal = 4
+    }
+
+    [StructLayout(LayoutKind.Explicit, CharSet = CharSet.Unicode)]
+    public struct SiloObjectRootDirectory
+    {
+        [FieldOffset(0)]
+        public SiloObjectRootDirectoryControlFlags ControlFlags;
+        [FieldOffset(0)]
+        public UnicodeStringOut Path;
+    }
+
+    public enum ServerSiloState
+    {
+        Initing = 0,
+        Started = 1,
+        ShuttingDown = 2,
+        Terminating = 3,
+        Terminated = 4
+    }
+
+    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+    public struct ServerSiloBasicInformation
+    {
+        public int ServiceSessionId;
+        public ServerSiloState State;
+        public NtStatus ExitStatus;
+        [MarshalAs(UnmanagedType.U1)]
+        public bool IsDownlevelContainer;
+        public IntPtr ApiSetSchema;
+        public IntPtr HostApiSetSchema;
+    }
+
     public static partial class NtSystemCalls
     {
         [DllImport("ntdll.dll")]

NtObjectManager/Cmdlets/Object/NewNtJobCmdlet.cs

@@ -64,6 +64,18 @@ public sealed class NewNtJobCmdlet : NtObjectBaseCmdletWithAccess<JobAccessRight
         [Parameter]
         public JobObjectUiLimitFlags UiRestrictionFlags { get; set; }
 
+        /// <summary>
+        /// <para type="description">Specify to create Job as a Silo.</para>
+        /// </summary>
+        [Parameter]
+        public SwitchParameter CreateSilo { get; set; }
+
+        /// <summary>
+        /// <para type="description">Specify to flags when creating the Silo's root directory. Must be used with -Silo.</para>
+        /// </summary>
+        [Parameter]
+        public SiloObjectRootDirectoryControlFlags SiloRootDirectoryFlags { get; set; }
+
         /// <summary>
         /// Determine if the cmdlet can create objects.
         /// </summary>
@@ -94,6 +106,11 @@ protected override object CreateObject(ObjectAttributes obj_attributes)
                 {
                     job.UiRestrictionFlags = UiRestrictionFlags;
                 }
+                if (CreateSilo)
+                {
+                    job.InitializeSilo(SiloRootDirectoryFlags);
+                }
+
                 return job.Duplicate();
             }
         }

NtObjectManager/NtObjectManager.psm1

@@ -9439,4 +9439,4 @@ function Get-NdrComplexType {
                 $StublessProxy+$base_address, $OffsetTable+$base_address, $TypeIndex, $Flags) | Write-Output
         }
     }
-}
+}