Added New-NtDesktop.

Author: tyranid

NtApiDotNet/NtDesktop.cs

@@ -113,12 +113,12 @@ public static NtDesktop Open(string desktop_name)
         /// <param name="heap_size">Heap size.</param>
         /// <returns>An instance of NtDesktop.</returns>
         public static NtResult<NtDesktop> Create(ObjectAttributes object_attributes, string device, 
-            IntPtr dev_mode, CreateDesktopFlags flags, DesktopAccessRights desired_access, int heap_size,
+            DEVMODE dev_mode, CreateDesktopFlags flags, DesktopAccessRights desired_access, int heap_size,
             bool throw_on_error)
         {
 
             SafeKernelObjectHandle handle = NtSystemCalls.NtUserCreateDesktopEx(object_attributes, 
-                device == null ? null : new UnicodeString(device),
+                string.IsNullOrEmpty(device) ? null : new UnicodeString(device),
                 dev_mode, flags, desired_access, heap_size);
             if (handle.IsInvalid)
             {
@@ -127,6 +127,22 @@ public static NtResult<NtDesktop> Create(ObjectAttributes object_attributes, str
             return new NtResult<NtDesktop>(NtStatus.STATUS_SUCCESS, new NtDesktop(handle));
         }
 
+        /// <summary>
+        /// Create a new desktop.
+        /// </summary>
+        /// <param name="object_attributes">The object attributes for opening.</param>
+        /// <param name="flags">Flags for opening the desktop.</param>
+        /// <param name="desired_access">Desired access.</param>
+        /// <param name="device">Device name.</param>
+        /// <param name="dev_mode">Device mode.</param>
+        /// <param name="heap_size">Heap size.</param>
+        /// <returns>An instance of NtDesktop.</returns>
+        public static NtDesktop Create(ObjectAttributes object_attributes, string device,
+            DEVMODE dev_mode, CreateDesktopFlags flags, DesktopAccessRights desired_access, int heap_size)
+        {
+            return Create(object_attributes, device, dev_mode, flags, desired_access, heap_size, true).Result;
+        }
+
         /// <summary>
         /// Create a new desktop.
         /// </summary>
@@ -137,7 +153,7 @@ public static NtDesktop Create(string desktop_name, NtObject root)
         {
             using (ObjectAttributes obj_attributes = new ObjectAttributes(desktop_name, AttributeFlags.CaseInsensitive, root))
             {
-                return Create(obj_attributes, null, IntPtr.Zero, 0, DesktopAccessRights.MaximumAllowed, 0, true).Result;
+                return Create(obj_attributes, null, null, 0, DesktopAccessRights.MaximumAllowed, 0, true).Result;
             }
         }
 
@@ -186,5 +202,20 @@ public static NtDesktop GetThreadDesktop(int thread_id)
         /// Get list of top level Windows for this Desktop.
         /// </summary>
         public IEnumerable<NtWindow> Windows => NtWindow.GetWindows(this, NtWindow.Null, false, true, 0);
+
+        /// <summary>
+        /// Close the Desktop. This is different from normal Close as it destroys the Desktop.
+        /// </summary>
+        /// <param name="throw_on_error">True to throw on error.</param>
+        /// <returns>The NT status.</returns>
+        public NtStatus CloseDesktop(bool throw_on_error = true)
+        {
+            if (!NtSystemCalls.NtUserCloseDesktop(Handle))
+            {
+                return NtObjectUtils.MapDosErrorToStatus().ToNtException(throw_on_error);
+            }
+            Handle.SetHandleAsInvalid();
+            return NtStatus.STATUS_SUCCESS;
+        }
     }
 }

NtApiDotNet/NtDesktopNative.cs

@@ -50,6 +50,89 @@ public enum CreateDesktopFlags
         AllowOtherAccountHook = 1,
     }
 
+    [StructLayout(LayoutKind.Sequential)]
+    public struct DEVMODE_S1
+    {
+        public short dmOrientation;
+        public short dmPaperSize;
+        public short dmPaperLength;
+        public short dmPaperWidth;
+        public short dmScale;
+        public short dmCopies;
+        public short dmDefaultSource;
+        public short dmPrintQuality;
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    public struct POINTL
+    {
+        public int x;
+        public int y;
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    public struct DEVMODE_S2
+    {
+        public POINTL dmPosition;
+        public int dmDisplayOrientation;
+        public int dmDisplayFixedOutput;
+    }
+
+    [StructLayout(LayoutKind.Explicit)]
+    public struct DEVMODE_UNION1
+    {
+        [FieldOffset(0)]
+        public DEVMODE_S1 s1;
+        [FieldOffset(0)]
+        public DEVMODE_S2 s2;
+    }
+
+    [StructLayout(LayoutKind.Explicit)]
+    public struct DEVMODE_UNION2
+    {
+        [FieldOffset(0)]
+        public int dmDisplayFlags;
+        [FieldOffset(0)]
+        public int dmNup;
+    }
+
+    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+    public class DEVMODE
+    {
+        public const int CCHDEVICENAME = 32;
+        public const int CCHFORMNAME = 32;
+
+        [MarshalAs(UnmanagedType.ByValTStr, SizeConst = CCHDEVICENAME)]
+        public string dmDeviceName;
+        public short dmSpecVersion;
+        public short dmDriverVersion;
+        public short dmSize;
+        public short dmDriverExtra;
+        public int dmFields;
+        public DEVMODE_UNION1 u1;
+        public short dmColor;
+        public short dmDuplex;
+        public short dmYResolution;
+        public short dmTTOption;
+        public short dmCollate;
+        [MarshalAs(UnmanagedType.ByValTStr, SizeConst = CCHFORMNAME)]
+        public string dmFormName;
+        public short dmLogPixels;
+        public int dmBitsPerPel;
+        public int dmPelsWidth;
+        public int dmPelsHeight;
+        public DEVMODE_UNION2 u2;
+        public int dmDisplayFrequency;
+        public int dmICMMethod;
+        public int dmICMIntent;
+        public int dmMediaType;
+        public int dmDitherType;
+        public int dmReserved1;
+        public int dmReserved2;
+        public int dmPanningWidth;
+        public int dmPanningHeight;
+    }
+
     public static partial class NtSystemCalls
     {
         [DllImport("win32u.dll", SetLastError = true)]
@@ -60,12 +143,16 @@ public static extern SafeKernelObjectHandle NtUserOpenDesktop(
         [DllImport("win32u.dll", SetLastError = true)]
         public static extern SafeKernelObjectHandle NtUserCreateDesktopEx(
             ObjectAttributes ObjectAttributes, UnicodeString Device,
-            IntPtr DevMode, CreateDesktopFlags Flags,
+            DEVMODE DevMode, CreateDesktopFlags Flags,
             DesktopAccessRights DesiredAccess,
             int HeapSize);
 
         [DllImport("win32u.dll", SetLastError = true)]
         public static extern IntPtr NtUserGetThreadDesktop(int dwThreadId);
+
+        [DllImport("win32u.dll", SetLastError = true)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        public static extern bool NtUserCloseDesktop(SafeKernelObjectHandle handle);
     }
 
 #pragma warning restore

NtApiDotNet/NtWindowStation.cs

@@ -323,6 +323,7 @@ public NtStatus CloseWindowStation(bool throw_on_error = true)
             {
                 return NtObjectUtils.MapDosErrorToStatus().ToNtException(throw_on_error);
             }
+            Handle.SetHandleAsInvalid();
             return NtStatus.STATUS_SUCCESS;
         }
 

NtObjectManager/NtObjectManager.psd1

@@ -102,7 +102,8 @@ CmdletsToExport = 'Add-NtKey', 'Get-NtDirectory', 'Get-NtEvent', 'Get-NtFile',
                'Remove-NtTokenSecurityAttribute', 'Get-AccessibleEventTrace',
                'Test-NtToken', 'Get-AccessibleToken', 'Set-NtProcessJob', 
                'Get-AccessibleWnf', 'Get-AccessibleWindowStation', 'Get-NtProcessJob',
-               'Get-NtWindowStation', 'Get-NtDesktop', 'New-NtWindowStation'
+               'Get-NtWindowStation', 'Get-NtDesktop', 'New-NtWindowStation',
+               'New-NtDesktop'
 
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()

NtObjectManager/NtWin32Cmdlets.cs

@@ -223,7 +223,7 @@ protected override void ProcessRecord()
 
     /// <summary>
     /// <para type="synopsis">Creates a Window Station object by path.</para>
-    /// <para type="description">This cmdlet creates an new Window Station object. The absolute path to the object in the NT object manager name space must be specified. 
+    /// <para type="description">This cmdlet creates a new Window Station object. The absolute path to the object in the NT object manager name space must be specified. 
     /// It's also possible to create the object relative to an existing object by specified the -Root parameter.</para>
     /// </summary>
     /// <example>
@@ -299,4 +299,91 @@ protected override object CreateObject(ObjectAttributes obj_attributes)
                 LanguageId ?? 0x409, KeyboardLocale ?? 0x4090409);
         }
     }
+
+    /// <summary>
+    /// <para type="synopsis">Creates a Desktop object by path.</para>
+    /// <para type="description">This cmdlet creates a new Desktop object. The absolute path to the object in the NT object manager name space must be specified. 
+    /// It's also possible to create the object relative to an existing object by specified the -Root parameter.</para>
+    /// </summary>
+    /// <example>
+    ///   <code>$obj = New-NtDesktop \Windows\WindowStations\WinSta0\ABC</code>
+    ///   <para>Create a Desktop object with an absolute path.</para>
+    /// </example>
+    /// <example>
+    ///   <code>$root = Get-NtNtWindowStation \Windows\WindowStations\WinSta0&#x0A;$obj = New-NtDesktop ABC -Root $root</code>
+    ///   <para>Create a desktop object with a relative path.
+    ///   </para>
+    /// </example>
+    /// <example>
+    ///   <code>$obj = New-NtDesktop -Path ABC -Win32Path</code>
+    ///   <para>Create a desktop object from Win32 path in current Window Station.</para>
+    /// </example>
+    /// <para type="link">about_ManagingNtObjectLifetime</para>
+    [Cmdlet(VerbsCommon.New, "NtDesktop")]
+    [OutputType(typeof(NtDesktop))]
+    public sealed class NewNtDesktopCmdlet : NtObjectBaseCmdletWithAccess<DesktopAccessRights>
+    {
+        /// <summary>
+        /// <para type="description">The NT object manager path to the object to use.</para>
+        /// </summary>
+        [Parameter(Position = 0, Mandatory = true)]
+        public override string Path { get; set; }
+
+        /// <summary>
+        /// <para type="description">The device for the desktop.</para>
+        /// </summary>
+        [Parameter]
+        public string Device { get; set; }
+
+        /// <summary>
+        /// <para type="description">The device mode for the desktop.</para>
+        /// </summary>
+        [Parameter]
+        public DEVMODE DeviceMode { get; set; }
+
+        /// <summary>
+        /// <para type="description">The flags for the desktop.</para>
+        /// </summary>
+        [Parameter]
+        public CreateDesktopFlags Flags { get; set; }
+
+        /// <summary>
+        /// <para type="description">The heap size for the desktop.</para>
+        /// </summary>
+        [Parameter]
+        public int HeapSize { get; set; }
+
+        /// <summary>
+        /// Determine if the cmdlet can create objects.
+        /// </summary>
+        /// <returns>True if objects can be created.</returns>
+        protected override bool CanCreateDirectories()
+        {
+            return true;
+        }
+
+        /// <summary>
+        /// Get the Win32 path for a specified path.
+        /// </summary>
+        /// <param name="path">The path component.</param>
+        /// <returns>The full NT path.</returns>
+        protected override string GetWin32Path(string path)
+        {
+            if (!path.Contains(@"\"))
+            {
+                return $@"{NtWindowStation.Current.FullPath}\{path}";
+            }
+            return $@"{NtWindowStation.GetWindowStationDirectory()}\{path}";
+        }
+
+        /// <summary>
+        /// Method to create an object from a set of object attributes.
+        /// </summary>
+        /// <param name="obj_attributes">The object attributes to create/open from.</param>
+        /// <returns>The newly created object.</returns>
+        protected override object CreateObject(ObjectAttributes obj_attributes)
+        {
+            return NtDesktop.Create(obj_attributes, Device, DeviceMode, Flags, Access, HeapSize);
+        }
+    }
 }