Added support for a FollowLink switch which will allow accessible cmdlets to follow symbolic links. Feature request #29.

tyranid · tyranid · commit b7c949cad46d · 2020-11-21T11:25:53.000-08:00
diff --git a/NtObjectManager/Cmdlets/Accessible/GetAccessibleFileCmdlet.cs b/NtObjectManager/Cmdlets/Accessible/GetAccessibleFileCmdlet.cs
@@ -87,8 +87,7 @@ public class GetAccessibleFileCmdlet : GetAccessiblePathCmdlet<FileAccessRights>
 
         private NtResult<NtFile> OpenFile(string name, NtFile root, FileOpenOptions options)
         {
-            using (ObjectAttributes obja = new ObjectAttributes(name,
-                AttributeFlags.CaseInsensitive, root))
+            using (ObjectAttributes obja = new ObjectAttributes(name, GetAttributeFlags(), root))
             {
                 var result = NtFile.Open(obja, GetMaximumAccess(FileAccessRights.Synchronize | FileAccessRights.ReadAttributes | FileAccessRights.ReadControl),
                     FileShareMode.Read | FileShareMode.Delete, options | FileOpenOptions.SynchronousIoNonAlert, false);
@@ -147,7 +146,7 @@ private void CheckAccessUnderImpersonation(TokenEntry token, AccessMask access_r
             using (var result = token.Token.RunUnderImpersonate(() =>
                  file.ReOpen(FileAccessRights.MaximumAllowed,
                  FileShareMode.Read | FileShareMode.Delete,
-                 FileOpenOptions.None, false)))
+                 FileOpenOptions.None, GetAttributeFlags(), false)))
             {
                 if ( result.Status.IsSuccess() && IsAccessGranted(result.Result.GrantedAccessMask, access_rights))
                 {
@@ -207,7 +206,8 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, AccessMask access_rig
             if (Recurse)
             {
                 using (var result = file.ReOpen(FileAccessRights.Synchronize | FileAccessRights.ReadData | FileAccessRights.ReadAttributes, 
-                    FileShareMode.Read | FileShareMode.Delete, options | FileOpenOptions.DirectoryFile | FileOpenOptions.SynchronousIoNonAlert, false))
+                    FileShareMode.Read | FileShareMode.Delete, options | FileOpenOptions.DirectoryFile | FileOpenOptions.SynchronousIoNonAlert,
+                    GetAttributeFlags(), false))
                 {
                     if (result.Status.IsSuccess())
                     {
@@ -230,12 +230,15 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, AccessMask access_rig
                             {
                                 if (new_file.IsSuccess)
                                 {
-                                    DumpFile(tokens, access_rights, dir_access_rights, 
-                                        parent_sd.IsSuccess ? parent_sd.Result : null, new_file.Result);
-                                    if (IsDirectoryNoThrow(new_file.Result))
+                                    if (FollowPath(new_file.Result, GetFilePath))
                                     {
-                                        DumpDirectory(tokens, access_rights, dir_access_rights, 
-                                            new_file.Result, options, current_depth - 1);
+                                        DumpFile(tokens, access_rights, dir_access_rights,
+                                            parent_sd.IsSuccess ? parent_sd.Result : null, new_file.Result);
+                                        if (IsDirectoryNoThrow(new_file.Result))
+                                        {
+                                            DumpDirectory(tokens, access_rights, dir_access_rights,
+                                                new_file.Result, options, current_depth - 1);
+                                        }
                                     }
                                 }
                             }
@@ -275,23 +278,35 @@ protected override void BeginProcessing()
             base.BeginProcessing();
         }
 
+        private static string GetFilePath(NtFile file)
+        {
+            return file.GetNormalizedFileName(false).GetResultOrDefault() ?? file.FileName;
+        }
+
         private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> tokens, string path)
         {
-            FileOpenOptions options = FileOpenOptions.OpenReparsePoint | (_open_for_backup ? FileOpenOptions.OpenForBackupIntent : FileOpenOptions.None);
+            FileOpenOptions options = _open_for_backup ? FileOpenOptions.OpenForBackupIntent : FileOpenOptions.None;
+            if (!FollowLink)
+            {
+                options |= FileOpenOptions.OpenReparsePoint;
+            }
             NtType type = NtType.GetTypeByType<NtFile>();
             AccessMask access_rights = type.MapGenericRights(Access);
             AccessMask dir_access_rights = type.MapGenericRights(DirectoryAccess);
             using (var result = OpenFile(path, null, options))
             {
                 NtFile file = result.GetResultOrThrow();
-                DumpFile(tokens,
-                    access_rights,
-                    dir_access_rights,
-                    null,
-                    result.Result);
-                if (IsDirectoryNoThrow(result.Result))
+                if (FollowPath(file, GetFilePath))
                 {
-                    DumpDirectory(tokens, access_rights, dir_access_rights, file, options, GetMaxDepth());
+                    DumpFile(tokens,
+                        access_rights,
+                        dir_access_rights,
+                        null,
+                        result.Result);
+                    if (IsDirectoryNoThrow(result.Result))
+                    {
+                        DumpDirectory(tokens, access_rights, dir_access_rights, file, options, GetMaxDepth());
+                    }
                 }
             }
         }
diff --git a/NtObjectManager/Cmdlets/Accessible/GetAccessibleKeyCmdlet.cs b/NtObjectManager/Cmdlets/Accessible/GetAccessibleKeyCmdlet.cs
@@ -54,7 +54,7 @@ public class GetAccessibleKeyCmdlet : GetAccessiblePathCmdlet<KeyAccessRights>
     {
         private NtResult<NtKey> OpenKey(string name, NtObject root, bool open_link, bool open_for_backup)
         {
-            AttributeFlags flags = AttributeFlags.CaseInsensitive;
+            AttributeFlags flags = GetAttributeFlags();
             if (open_link)
             {
                 flags |= AttributeFlags.OpenLink;
@@ -82,7 +82,7 @@ private void CheckAccess(TokenEntry token, NtKey key, AccessMask access_rights,
         private void CheckAccessUnderImpersonation(TokenEntry token, AccessMask access_rights, NtKey key)
         {
             using (ObjectAttributes obj_attributes = new ObjectAttributes(string.Empty,
-                AttributeFlags.CaseInsensitive | AttributeFlags.OpenLink, key))
+                GetAttributeFlags() | (FollowLink ? AttributeFlags.None : AttributeFlags.OpenLink), key))
             {
                 using (var result = token.Token.RunUnderImpersonate(() => NtKey.Open(obj_attributes, KeyAccessRights.MaximumAllowed, 0, false)))
                 {
@@ -131,11 +131,14 @@ private void DumpKey(IEnumerable<TokenEntry> tokens, AccessMask access_rights, b
                     {
                         continue;
                     }
-                    using (var result = OpenKey(subkey, key, true, open_for_backup))
+                    using (var result = OpenKey(subkey, key, !FollowLink, open_for_backup))
                     {
                         if (result.IsSuccess)
                         {
-                            DumpKey(tokens, access_rights, open_for_backup, result.Result, current_depth - 1);
+                            if (FollowPath(result.Result.FullPath))
+                            {
+                                DumpKey(tokens, access_rights, open_for_backup, result.Result, current_depth - 1);
+                            }
                         }
                         else
                         {
@@ -181,7 +184,10 @@ private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> token
             using (var result = OpenKey(path, null, false, _open_for_backup))
             {
                 NtKey key = result.GetResultOrThrow();
-                DumpKey(tokens, result.Result.NtType.MapGenericRights(Access), _open_for_backup, key, GetMaxDepth());
+                if (FollowPath(key.FullPath))
+                {
+                    DumpKey(tokens, result.Result.NtType.MapGenericRights(Access), _open_for_backup, key, GetMaxDepth());
+                }
             }
         }
     }
diff --git a/NtObjectManager/Cmdlets/Accessible/GetAccessibleObjectCmdlet.cs b/NtObjectManager/Cmdlets/Accessible/GetAccessibleObjectCmdlet.cs
@@ -152,10 +152,10 @@ private void CheckAccess(TokenEntry token, NtObject obj, NtType type, bool is_di
             }
         }
 
-        private static NtResult<NtObject> ReopenUnderImpersonation(TokenEntry token, NtType type, NtObject obj)
+        private NtResult<NtObject> ReopenUnderImpersonation(TokenEntry token, NtType type, NtObject obj)
         {
             using (ObjectAttributes obj_attributes = new ObjectAttributes(string.Empty,
-               AttributeFlags.CaseInsensitive, obj))
+               GetAttributeFlags(), obj))
             {
                 return token.Token.RunUnderImpersonate(() => type.Open(obj_attributes, GenericAccessRights.MaximumAllowed, false));
             }
@@ -248,17 +248,23 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, HashSet<string> type_
                         continue;
                     }
 
-                    if (entry.IsDirectory)
+                    if (entry.IsDirectory || (FollowLink && entry.IsSymbolicLink))
                     {
                         using (var new_dir = OpenDirectory(entry.Name, dir))
                         {
                             if (new_dir.IsSuccess)
                             {
-                                DumpDirectory(tokens, type_filter, access_rights, new_dir.Result, current_depth - 1);
+                                if (FollowPath(new_dir.Result.FullPath))
+                                {
+                                    DumpDirectory(tokens, type_filter, access_rights, new_dir.Result, current_depth - 1);
+                                }
                             }
                             else
                             {
-                                WriteAccessWarning(dir, entry.Name, new_dir.Status);
+                                if (entry.IsDirectory || new_dir.Status != NtStatus.STATUS_OBJECT_TYPE_MISMATCH)
+                                {
+                                    WriteAccessWarning(dir, entry.Name, new_dir.Status);
+                                }
                             }
                         }
                     }
@@ -292,19 +298,18 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, HashSet<string> type_
             }
         }
 
-        private static NtResult<NtObject> OpenObject(ObjectDirectoryInformation entry, NtObject root, AccessMask desired_access)
+        private NtResult<NtObject> OpenObject(ObjectDirectoryInformation entry, NtObject root, AccessMask desired_access)
         {
             NtType type = entry.NtType;
-            using (var obja = new ObjectAttributes(entry.Name, AttributeFlags.CaseInsensitive, root))
+            using (var obja = new ObjectAttributes(entry.Name, GetAttributeFlags(), root))
             {
                 return type.Open(obja, desired_access, false);
             }
         }
 
         private NtResult<NtDirectory> OpenDirectory(string path, NtObject root)
         {
-            using (ObjectAttributes obja = new ObjectAttributes(path,
-                AttributeFlags.CaseInsensitive, root))
+            using (ObjectAttributes obja = new ObjectAttributes(path, GetAttributeFlags(), root))
             {
                 var result = NtDirectory.Open(obja, GetMaximumAccessGeneric(DirectoryAccessRights.Query | DirectoryAccessRights.ReadControl), false);
                 if (result.IsSuccess || result.Status != NtStatus.STATUS_ACCESS_DENIED)
@@ -342,11 +347,15 @@ private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> token
             {
                 if (result.IsSuccess)
                 {
-                    DumpDirectory(tokens, GetTypeFilter(), Access, result.Result, GetMaxDepth());
+                    if (FollowPath(result.Result.FullPath))
+                    {
+                        DumpDirectory(tokens, GetTypeFilter(), Access, result.Result, GetMaxDepth());
+                    }
                 }
                 else
                 {
-                    using (var obj = NtObject.OpenWithType(null, path, null, AttributeFlags.CaseInsensitive, GetMaximumAccess(GenericAccessRights.MaximumAllowed), null, false))
+                    using (var obj = NtObject.OpenWithType(null, path, null, GetAttributeFlags(), 
+                        GetMaximumAccess(GenericAccessRights.MaximumAllowed), null, false))
                     {
                         if (obj.IsSuccess)
                         {
diff --git a/NtObjectManager/Cmdlets/Accessible/GetAccessiblePathCmdlet.cs b/NtObjectManager/Cmdlets/Accessible/GetAccessiblePathCmdlet.cs
@@ -30,6 +30,7 @@ public abstract class GetAccessiblePathCmdlet<A> : CommonAccessBaseWithAccessCmd
         private Func<string, bool>[] _include_filters;
         private Func<string, bool>[] _exclude_filters;
         private Func<string, bool> _filter;
+        private HashSet<string> _checked_paths;
 
         /// <summary>
         /// <para type="description">Specify a list of native paths to check.</para>
@@ -83,6 +84,42 @@ public abstract class GetAccessiblePathCmdlet<A> : CommonAccessBaseWithAccessCmd
         [Parameter(ParameterSetName = "path")]
         public string[] Exclude { get; set; }
 
+        /// <summary>
+        /// <para type="description">Specify to follow links in an recursive enumeration.</para>
+        /// </summary>
+        [Parameter(ParameterSetName = "path")]
+        public SwitchParameter FollowLink { get; set; }
+
+        /// <summary>
+        /// <para type="description">Specify the checks should be attempted case sensitively.</para>
+        /// </summary>
+        [Parameter(ParameterSetName = "path")]
+        public SwitchParameter CaseSensitive { get; set; }
+
+        private protected AttributeFlags GetAttributeFlags()
+        {
+            return CaseSensitive ? AttributeFlags.None : AttributeFlags.CaseInsensitive;
+        }
+
+        private protected bool FollowPath(string path)
+        {
+            if (!FollowLink)
+                return true;
+            if (_checked_paths == null)
+            {
+                _checked_paths = new HashSet<string>(CaseSensitive
+                    ? StringComparer.Ordinal : StringComparer.OrdinalIgnoreCase);
+            }
+            return _checked_paths.Add(path);
+        }
+
+        private protected bool FollowPath<T>(T obj, Func<T, string> get_path)
+        {
+            if (!FollowLink)
+                return true;
+            return FollowPath(get_path(obj));
+        }
+
         /// <summary>
         /// Convert a Win32 path to a native path.
         /// </summary>

Original file line number	Diff line number	Diff line change
`@@ -87,8 +87,7 @@ public class GetAccessibleFileCmdlet : GetAccessiblePathCmdlet<FileAccessRights>`
`87`	`87`
`88`	`88`	`private NtResult<NtFile> OpenFile(string name, NtFile root, FileOpenOptions options)`
`89`	`89`	`{`
`90`		`- using (ObjectAttributes obja = new ObjectAttributes(name,`
`91`		`- AttributeFlags.CaseInsensitive, root))`
	`90`	`+ using (ObjectAttributes obja = new ObjectAttributes(name, GetAttributeFlags(), root))`
`92`	`91`	`{`
`93`	`92`	`var result = NtFile.Open(obja, GetMaximumAccess(FileAccessRights.Synchronize \| FileAccessRights.ReadAttributes \| FileAccessRights.ReadControl),`
`94`	`93`	`FileShareMode.Read \| FileShareMode.Delete, options \| FileOpenOptions.SynchronousIoNonAlert, false);`
`@@ -147,7 +146,7 @@ private void CheckAccessUnderImpersonation(TokenEntry token, AccessMask access_r`
`147`	`146`	`using (var result = token.Token.RunUnderImpersonate(() =>`
`148`	`147`	`file.ReOpen(FileAccessRights.MaximumAllowed,`
`149`	`148`	`FileShareMode.Read \| FileShareMode.Delete,`
`150`		`- FileOpenOptions.None, false)))`
	`149`	`+ FileOpenOptions.None, GetAttributeFlags(), false)))`
`151`	`150`	`{`
`152`	`151`	`if ( result.Status.IsSuccess() && IsAccessGranted(result.Result.GrantedAccessMask, access_rights))`
`153`	`152`	`{`
`@@ -207,7 +206,8 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, AccessMask access_rig`
`207`	`206`	`if (Recurse)`
`208`	`207`	`{`
`209`	`208`	`using (var result = file.ReOpen(FileAccessRights.Synchronize \| FileAccessRights.ReadData \| FileAccessRights.ReadAttributes,`
`210`		`- FileShareMode.Read \| FileShareMode.Delete, options \| FileOpenOptions.DirectoryFile \| FileOpenOptions.SynchronousIoNonAlert, false))`
	`209`	`+ FileShareMode.Read \| FileShareMode.Delete, options \| FileOpenOptions.DirectoryFile \| FileOpenOptions.SynchronousIoNonAlert,`
	`210`	`+ GetAttributeFlags(), false))`
`211`	`211`	`{`
`212`	`212`	`if (result.Status.IsSuccess())`
`213`	`213`	`{`
`@@ -230,12 +230,15 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, AccessMask access_rig`
`230`	`230`	`{`
`231`	`231`	`if (new_file.IsSuccess)`
`232`	`232`	`{`
`233`		`- DumpFile(tokens, access_rights, dir_access_rights,`
`234`		`- parent_sd.IsSuccess ? parent_sd.Result : null, new_file.Result);`
`235`		`- if (IsDirectoryNoThrow(new_file.Result))`
	`233`	`+ if (FollowPath(new_file.Result, GetFilePath))`
`236`	`234`	`{`
`237`		`- DumpDirectory(tokens, access_rights, dir_access_rights,`
`238`		`- new_file.Result, options, current_depth - 1);`
	`235`	`+ DumpFile(tokens, access_rights, dir_access_rights,`
	`236`	`+ parent_sd.IsSuccess ? parent_sd.Result : null, new_file.Result);`
	`237`	`+ if (IsDirectoryNoThrow(new_file.Result))`
	`238`	`+ {`
	`239`	`+ DumpDirectory(tokens, access_rights, dir_access_rights,`
	`240`	`+ new_file.Result, options, current_depth - 1);`
	`241`	`+ }`
`239`	`242`	`}`
`240`	`243`	`}`
`241`	`244`	`}`
`@@ -275,23 +278,35 @@ protected override void BeginProcessing()`
`275`	`278`	`base.BeginProcessing();`
`276`	`279`	`}`
`277`	`280`
	`281`	`+ private static string GetFilePath(NtFile file)`
	`282`	`+ {`
	`283`	`+ return file.GetNormalizedFileName(false).GetResultOrDefault() ?? file.FileName;`
	`284`	`+ }`
	`285`	`+`
`278`	`286`	`private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> tokens, string path)`
`279`	`287`	`{`
`280`		`- FileOpenOptions options = FileOpenOptions.OpenReparsePoint \| (_open_for_backup ? FileOpenOptions.OpenForBackupIntent : FileOpenOptions.None);`
	`288`	`+ FileOpenOptions options = _open_for_backup ? FileOpenOptions.OpenForBackupIntent : FileOpenOptions.None;`
	`289`	`+ if (!FollowLink)`
	`290`	`+ {`
	`291`	`+ options \|= FileOpenOptions.OpenReparsePoint;`
	`292`	`+ }`
`281`	`293`	`NtType type = NtType.GetTypeByType<NtFile>();`
`282`	`294`	`AccessMask access_rights = type.MapGenericRights(Access);`
`283`	`295`	`AccessMask dir_access_rights = type.MapGenericRights(DirectoryAccess);`
`284`	`296`	`using (var result = OpenFile(path, null, options))`
`285`	`297`	`{`
`286`	`298`	`NtFile file = result.GetResultOrThrow();`
`287`		`- DumpFile(tokens,`
`288`		`- access_rights,`
`289`		`- dir_access_rights,`
`290`		`- null,`
`291`		`- result.Result);`
`292`		`- if (IsDirectoryNoThrow(result.Result))`
	`299`	`+ if (FollowPath(file, GetFilePath))`
`293`	`300`	`{`
`294`		`- DumpDirectory(tokens, access_rights, dir_access_rights, file, options, GetMaxDepth());`
	`301`	`+ DumpFile(tokens,`
	`302`	`+ access_rights,`
	`303`	`+ dir_access_rights,`
	`304`	`+ null,`
	`305`	`+ result.Result);`
	`306`	`+ if (IsDirectoryNoThrow(result.Result))`
	`307`	`+ {`
	`308`	`+ DumpDirectory(tokens, access_rights, dir_access_rights, file, options, GetMaxDepth());`
	`309`	`+ }`
`295`	`310`	`}`
`296`	`311`	`}`
`297`	`312`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public class GetAccessibleKeyCmdlet : GetAccessiblePathCmdlet<KeyAccessRights>`
`54`	`54`	`{`
`55`	`55`	`private NtResult<NtKey> OpenKey(string name, NtObject root, bool open_link, bool open_for_backup)`
`56`	`56`	`{`
`57`		`- AttributeFlags flags = AttributeFlags.CaseInsensitive;`
	`57`	`+ AttributeFlags flags = GetAttributeFlags();`
`58`	`58`	`if (open_link)`
`59`	`59`	`{`
`60`	`60`	`flags \|= AttributeFlags.OpenLink;`
`@@ -82,7 +82,7 @@ private void CheckAccess(TokenEntry token, NtKey key, AccessMask access_rights,`
`82`	`82`	`private void CheckAccessUnderImpersonation(TokenEntry token, AccessMask access_rights, NtKey key)`
`83`	`83`	`{`
`84`	`84`	`using (ObjectAttributes obj_attributes = new ObjectAttributes(string.Empty,`
`85`		`- AttributeFlags.CaseInsensitive \| AttributeFlags.OpenLink, key))`
	`85`	`+ GetAttributeFlags() \| (FollowLink ? AttributeFlags.None : AttributeFlags.OpenLink), key))`
`86`	`86`	`{`
`87`	`87`	`using (var result = token.Token.RunUnderImpersonate(() => NtKey.Open(obj_attributes, KeyAccessRights.MaximumAllowed, 0, false)))`
`88`	`88`	`{`
`@@ -131,11 +131,14 @@ private void DumpKey(IEnumerable<TokenEntry> tokens, AccessMask access_rights, b`
`131`	`131`	`{`
`132`	`132`	`continue;`
`133`	`133`	`}`
`134`		`- using (var result = OpenKey(subkey, key, true, open_for_backup))`
	`134`	`+ using (var result = OpenKey(subkey, key, !FollowLink, open_for_backup))`
`135`	`135`	`{`
`136`	`136`	`if (result.IsSuccess)`
`137`	`137`	`{`
`138`		`- DumpKey(tokens, access_rights, open_for_backup, result.Result, current_depth - 1);`
	`138`	`+ if (FollowPath(result.Result.FullPath))`
	`139`	`+ {`
	`140`	`+ DumpKey(tokens, access_rights, open_for_backup, result.Result, current_depth - 1);`
	`141`	`+ }`
`139`	`142`	`}`
`140`	`143`	`else`
`141`	`144`	`{`
`@@ -181,7 +184,10 @@ private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> token`
`181`	`184`	`using (var result = OpenKey(path, null, false, _open_for_backup))`
`182`	`185`	`{`
`183`	`186`	`NtKey key = result.GetResultOrThrow();`
`184`		`- DumpKey(tokens, result.Result.NtType.MapGenericRights(Access), _open_for_backup, key, GetMaxDepth());`
	`187`	`+ if (FollowPath(key.FullPath))`
	`188`	`+ {`
	`189`	`+ DumpKey(tokens, result.Result.NtType.MapGenericRights(Access), _open_for_backup, key, GetMaxDepth());`
	`190`	`+ }`
`185`	`191`	`}`
`186`	`192`	`}`
`187`	`193`	`}`
Original file line number	Diff line number	Diff line change
`@@ -152,10 +152,10 @@ private void CheckAccess(TokenEntry token, NtObject obj, NtType type, bool is_di`
`152`	`152`	`}`
`153`	`153`	`}`
`154`	`154`
`155`		`- private static NtResult<NtObject> ReopenUnderImpersonation(TokenEntry token, NtType type, NtObject obj)`
	`155`	`+ private NtResult<NtObject> ReopenUnderImpersonation(TokenEntry token, NtType type, NtObject obj)`
`156`	`156`	`{`
`157`	`157`	`using (ObjectAttributes obj_attributes = new ObjectAttributes(string.Empty,`
`158`		`- AttributeFlags.CaseInsensitive, obj))`
	`158`	`+ GetAttributeFlags(), obj))`
`159`	`159`	`{`
`160`	`160`	`return token.Token.RunUnderImpersonate(() => type.Open(obj_attributes, GenericAccessRights.MaximumAllowed, false));`
`161`	`161`	`}`
`@@ -248,17 +248,23 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, HashSet<string> type_`
`248`	`248`	`continue;`
`249`	`249`	`}`
`250`	`250`
`251`		`- if (entry.IsDirectory)`
	`251`	`+ if (entry.IsDirectory \|\| (FollowLink && entry.IsSymbolicLink))`
`252`	`252`	`{`
`253`	`253`	`using (var new_dir = OpenDirectory(entry.Name, dir))`
`254`	`254`	`{`
`255`	`255`	`if (new_dir.IsSuccess)`
`256`	`256`	`{`
`257`		`- DumpDirectory(tokens, type_filter, access_rights, new_dir.Result, current_depth - 1);`
	`257`	`+ if (FollowPath(new_dir.Result.FullPath))`
	`258`	`+ {`
	`259`	`+ DumpDirectory(tokens, type_filter, access_rights, new_dir.Result, current_depth - 1);`
	`260`	`+ }`
`258`	`261`	`}`
`259`	`262`	`else`
`260`	`263`	`{`
`261`		`- WriteAccessWarning(dir, entry.Name, new_dir.Status);`
	`264`	`+ if (entry.IsDirectory \|\| new_dir.Status != NtStatus.STATUS_OBJECT_TYPE_MISMATCH)`
	`265`	`+ {`
	`266`	`+ WriteAccessWarning(dir, entry.Name, new_dir.Status);`
	`267`	`+ }`
`262`	`268`	`}`
`263`	`269`	`}`
`264`	`270`	`}`
`@@ -292,19 +298,18 @@ private void DumpDirectory(IEnumerable<TokenEntry> tokens, HashSet<string> type_`
`292`	`298`	`}`
`293`	`299`	`}`
`294`	`300`
`295`		`- private static NtResult<NtObject> OpenObject(ObjectDirectoryInformation entry, NtObject root, AccessMask desired_access)`
	`301`	`+ private NtResult<NtObject> OpenObject(ObjectDirectoryInformation entry, NtObject root, AccessMask desired_access)`
`296`	`302`	`{`
`297`	`303`	`NtType type = entry.NtType;`
`298`		`- using (var obja = new ObjectAttributes(entry.Name, AttributeFlags.CaseInsensitive, root))`
	`304`	`+ using (var obja = new ObjectAttributes(entry.Name, GetAttributeFlags(), root))`
`299`	`305`	`{`
`300`	`306`	`return type.Open(obja, desired_access, false);`
`301`	`307`	`}`
`302`	`308`	`}`
`303`	`309`
`304`	`310`	`private NtResult<NtDirectory> OpenDirectory(string path, NtObject root)`
`305`	`311`	`{`
`306`		`- using (ObjectAttributes obja = new ObjectAttributes(path,`
`307`		`- AttributeFlags.CaseInsensitive, root))`
	`312`	`+ using (ObjectAttributes obja = new ObjectAttributes(path, GetAttributeFlags(), root))`
`308`	`313`	`{`
`309`	`314`	`var result = NtDirectory.Open(obja, GetMaximumAccessGeneric(DirectoryAccessRights.Query \| DirectoryAccessRights.ReadControl), false);`
`310`	`315`	`if (result.IsSuccess \|\| result.Status != NtStatus.STATUS_ACCESS_DENIED)`
`@@ -342,11 +347,15 @@ private protected override void RunAccessCheckPath(IEnumerable<TokenEntry> token`
`342`	`347`	`{`
`343`	`348`	`if (result.IsSuccess)`
`344`	`349`	`{`
`345`		`- DumpDirectory(tokens, GetTypeFilter(), Access, result.Result, GetMaxDepth());`
	`350`	`+ if (FollowPath(result.Result.FullPath))`
	`351`	`+ {`
	`352`	`+ DumpDirectory(tokens, GetTypeFilter(), Access, result.Result, GetMaxDepth());`
	`353`	`+ }`
`346`	`354`	`}`
`347`	`355`	`else`
`348`	`356`	`{`
`349`		`- using (var obj = NtObject.OpenWithType(null, path, null, AttributeFlags.CaseInsensitive, GetMaximumAccess(GenericAccessRights.MaximumAllowed), null, false))`
	`357`	`+ using (var obj = NtObject.OpenWithType(null, path, null, GetAttributeFlags(),`
	`358`	`+ GetMaximumAccess(GenericAccessRights.MaximumAllowed), null, false))`
`350`	`359`	`{`
`351`	`360`	`if (obj.IsSuccess)`
`352`	`361`	`{`