Added inheritable handles to native process creation.

tyranid · tyranid · commit f07c6d584abc · 2020-05-24T10:30:38.000+01:00
diff --git a/NtApiDotNet/NtProcess.cs b/NtApiDotNet/NtProcess.cs
@@ -188,6 +188,11 @@ private static NtProcessCreateResult Create(NtProcessCreateConfig config, string
                     dispose.Add(ProcessAttribute.SecureProcess(trustlet_config));
                 }
 
+                if (config.InheritHandleList.Count > 0)
+                {
+                    dispose.Add(ProcessAttribute.HandleList(config.InheritHandleList.Select(o => o.Handle)));
+                }
+
                 var attr_list = dispose.AddResource(ProcessAttributeList.Create(dispose.OfType<ProcessAttribute>().Concat(config.AdditionalAttributes)));
                 create_info.Data.InitFlags = config.InitFlags;
                 if (config.CaptureAdditionalInformation)
diff --git a/NtApiDotNet/NtProcessCreateConfig.cs b/NtApiDotNet/NtProcessCreateConfig.cs
@@ -168,6 +168,12 @@ public sealed class NtProcessCreateConfig
         /// Redirection DLL path. Only supported from 1903.
         /// </summary>
         public string RedirectionDllName { get; set; }
+
+        /// <summary>
+        /// Inheritable handles.
+        /// </summary>
+        public List<NtObject> InheritHandleList { get; }
+
         #endregion
 
         #region Public Methods
@@ -209,6 +215,7 @@ public NtProcessCreateConfig()
             AdditionalAttributes = new List<ProcessAttribute>();
             ProcessDesiredAccess = ProcessAccessRights.MaximumAllowed;
             ThreadDesiredAccess = ThreadAccessRights.MaximumAllowed;
+            InheritHandleList = new List<NtObject>();
         }
         #endregion
     }
diff --git a/NtApiDotNet/ProcessAttribute.cs b/NtApiDotNet/ProcessAttribute.cs
@@ -127,8 +127,8 @@ public static ProcessAttribute ProtectionLevel(PsProtection protection)
 
         public static ProcessAttribute HandleList(IEnumerable<SafeHandle> handles)
         {
-            return new ProcessAttribute(ProcessAttributeNum.HandleList, false, true, false,
-              new SafeHandleListHandle(handles.Select(h => NtObject.DuplicateHandle(h.ToSafeKernelHandle()))));
+            return new ProcessAttribute(ProcessAttributeNum.HandleList, false, true, false, 
+                handles.Select(h => h.DangerousGetHandle()).ToArray().ToBuffer());
         }
 
         public static ProcessAttribute SecureProcess(NtProcessTrustletConfig trustlet_config)
diff --git a/NtObjectManager/NtObjectManager.psm1 b/NtObjectManager/NtObjectManager.psm1
@@ -1288,7 +1288,8 @@ function New-NtProcessConfig {
         [switch]$TerminateOnDispose,
         [switch]$Win32Path,
         [switch]$CaptureAdditionalInformation,
-        [switch]$Secure
+        [switch]$Secure,
+        [NtApiDotNet.NtObject[]]$InheritHandle
     )
 
     if ($Win32Path) {
@@ -1315,6 +1316,9 @@ function New-NtProcessConfig {
     }
     $config.CaptureAdditionalInformation = $CaptureAdditionalInformation
     $config.Secure = $Secure
+    if ($null -ne $InheritHandle) {
+        $config.InheritHandleList.AddRange($InheritHandle)
+    }
 
     return $config
 }

Original file line number	Diff line number	Diff line change
`@@ -127,8 +127,8 @@ public static ProcessAttribute ProtectionLevel(PsProtection protection)`
`127`	`127`
`128`	`128`	`public static ProcessAttribute HandleList(IEnumerable<SafeHandle> handles)`
`129`	`129`	`{`
`130`		`- return new ProcessAttribute(ProcessAttributeNum.HandleList, false, true, false,`
`131`		`- new SafeHandleListHandle(handles.Select(h => NtObject.DuplicateHandle(h.ToSafeKernelHandle()))));`
	`130`	`+ return new ProcessAttribute(ProcessAttributeNum.HandleList, false, true, false,`
	`131`	`+ handles.Select(h => h.DangerousGetHandle()).ToArray().ToBuffer());`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`public static ProcessAttribute SecureProcess(NtProcessTrustletConfig trustlet_config)`
Original file line number	Diff line number	Diff line change
`@@ -1288,7 +1288,8 @@ function New-NtProcessConfig {`
`1288`	`1288`	`[switch]$TerminateOnDispose,`
`1289`	`1289`	`[switch]$Win32Path,`
`1290`	`1290`	`[switch]$CaptureAdditionalInformation,`
`1291`		`- [switch]$Secure`
	`1291`	`+ [switch]$Secure,`
	`1292`	`+ [NtApiDotNet.NtObject[]]$InheritHandle`
`1292`	`1293`	`)`
`1293`	`1294`
`1294`	`1295`	`if ($Win32Path) {`
`@@ -1315,6 +1316,9 @@ function New-NtProcessConfig {`
`1315`	`1316`	`}`
`1316`	`1317`	`$config.CaptureAdditionalInformation = $CaptureAdditionalInformation`
`1317`	`1318`	`$config.Secure = $Secure`
	`1319`	`+ if ($null -ne $InheritHandle) {`
	`1320`	`+ $config.InheritHandleList.AddRange($InheritHandle)`
	`1321`	`+ }`
`1318`	`1322`
`1319`	`1323`	`return $config`
`1320`	`1324`	`}`