PageRenderTime 33ms CodeModel.GetById 1ms app.highlight 25ms RepoModel.GetById 1ms app.codeStats 1ms

/Visual Studio 2008/VBUACSelfElevation/NativeMethods.vb

#
Visual Basic | 412 lines | 218 code | 46 blank | 148 comment | 0 complexity | 5859751c2b36264e61d3ef7b4da20ceb MD5 | raw file
  1'***************************** Module Header *******************************\
  2' Module Name:  NativeMethod.vb
  3' Project:      VBUACSelfElevation
  4' Copyright (c) Microsoft Corporation.
  5' 
  6' The file defines the P/Invoke signatures and native data structures.
  7' 
  8' This source is subject to the Microsoft Public License.
  9' See http://www.microsoft.com/opensource/licenses.mspx#Ms-PL.
 10' All other rights reserved.
 11' 
 12' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, 
 13' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 
 14' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
 15'***************************************************************************/
 16
 17#Region "Imports directives"
 18
 19Imports System.Runtime.InteropServices
 20Imports Microsoft.Win32.SafeHandles
 21
 22#End Region
 23
 24
 25''' <summary>
 26''' The TOKEN_INFORMATION_CLASS enumeration type contains values that specify 
 27''' the type of information being assigned to or retrieved from an access 
 28''' token.
 29''' </summary>
 30Friend Enum TOKEN_INFORMATION_CLASS
 31    TokenUser = 1
 32    TokenGroups
 33    TokenPrivileges
 34    TokenOwner
 35    TokenPrimaryGroup
 36    TokenDefaultDacl
 37    TokenSource
 38    TokenType
 39    TokenImpersonationLevel
 40    TokenStatistics
 41    TokenRestrictedSids
 42    TokenSessionId
 43    TokenGroupsAndPrivileges
 44    TokenSessionReference
 45    TokenSandBoxInert
 46    TokenAuditPolicy
 47    TokenOrigin
 48    TokenElevationType
 49    TokenLinkedToken
 50    TokenElevation
 51    TokenHasRestrictions
 52    TokenAccessInformation
 53    TokenVirtualizationAllowed
 54    TokenVirtualizationEnabled
 55    TokenIntegrityLevel
 56    TokenUIAccess
 57    TokenMandatoryPolicy
 58    TokenLogonSid
 59    MaxTokenInfoClass
 60End Enum
 61
 62
 63''' <summary>
 64''' The WELL_KNOWN_SID_TYPE enumeration type is a list of commonly used 
 65''' security identifiers (SIDs). Programs can pass these values to the 
 66''' CreateWellKnownSid function to create a SID from this list.
 67''' </summary>
 68Friend Enum WELL_KNOWN_SID_TYPE
 69    WinNullSid = 0
 70    WinWorldSid = 1
 71    WinLocalSid = 2
 72    WinCreatorOwnerSid = 3
 73    WinCreatorGroupSid = 4
 74    WinCreatorOwnerServerSid = 5
 75    WinCreatorGroupServerSid = 6
 76    WinNtAuthoritySid = 7
 77    WinDialupSid = 8
 78    WinNetworkSid = 9
 79    WinBatchSid = 10
 80    WinInteractiveSid = 11
 81    WinServiceSid = 12
 82    WinAnonymousSid = 13
 83    WinProxySid = 14
 84    WinEnterpriseControllersSid = 15
 85    WinSelfSid = 16
 86    WinAuthenticatedUserSid = 17
 87    WinRestrictedCodeSid = 18
 88    WinTerminalServerSid = 19
 89    WinRemoteLogonIdSid = 20
 90    WinLogonIdsSid = 21
 91    WinLocalSystemSid = 22
 92    WinLocalServiceSid = 23
 93    WinNetworkServiceSid = 24
 94    WinBuiltinDomainSid = 25
 95    WinBuiltinAdministratorsSid = 26
 96    WinBuiltinUsersSid = 27
 97    WinBuiltinGuestsSid = 28
 98    WinBuiltinPowerUsersSid = 29
 99    WinBuiltinAccountOperatorsSid = 30
100    WinBuiltinSystemOperatorsSid = 31
101    WinBuiltinPrintOperatorsSid = 32
102    WinBuiltinBackupOperatorsSid = 33
103    WinBuiltinReplicatorSid = 34
104    WinBuiltinPreWindows2000CompatibleAccessSid = 35
105    WinBuiltinRemoteDesktopUsersSid = 36
106    WinBuiltinNetworkConfigurationOperatorsSid = 37
107    WinAccountAdministratorSid = 38
108    WinAccountGuestSid = 39
109    WinAccountKrbtgtSid = 40
110    WinAccountDomainAdminsSid = 41
111    WinAccountDomainUsersSid = 42
112    WinAccountDomainGuestsSid = 43
113    WinAccountComputersSid = 44
114    WinAccountControllersSid = 45
115    WinAccountCertAdminsSid = 46
116    WinAccountSchemaAdminsSid = 47
117    WinAccountEnterpriseAdminsSid = 48
118    WinAccountPolicyAdminsSid = 49
119    WinAccountRasAndIasServersSid = 50
120    WinNTLMAuthenticationSid = 51
121    WinDigestAuthenticationSid = 52
122    WinSChannelAuthenticationSid = 53
123    WinThisOrganizationSid = 54
124    WinOtherOrganizationSid = 55
125    WinBuiltinIncomingForestTrustBuildersSid = 56
126    WinBuiltinPerfMonitoringUsersSid = 57
127    WinBuiltinPerfLoggingUsersSid = 58
128    WinBuiltinAuthorizationAccessSid = 59
129    WinBuiltinTerminalServerLicenseServersSid = 60
130    WinBuiltinDCOMUsersSid = 61
131    WinBuiltinIUsersSid = 62
132    WinIUserSid = 63
133    WinBuiltinCryptoOperatorsSid = 64
134    WinUntrustedLabelSid = 65
135    WinLowLabelSid = 66
136    WinMediumLabelSid = 67
137    WinHighLabelSid = 68
138    WinSystemLabelSid = 69
139    WinWriteRestrictedCodeSid = 70
140    WinCreatorOwnerRightsSid = 71
141    WinCacheablePrincipalsGroupSid = 72
142    WinNonCacheablePrincipalsGroupSid = 73
143    WinEnterpriseReadonlyControllersSid = 74
144    WinAccountReadonlyControllersSid = 75
145    WinBuiltinEventLogReadersGroup = 76
146    WinNewEnterpriseReadonlyControllersSid = 77
147    WinBuiltinCertSvcDComAccessGroup = 78
148End Enum
149
150
151''' <summary>
152''' The SECURITY_IMPERSONATION_LEVEL enumeration type contains values 
153''' that specify security impersonation levels. Security impersonation 
154''' levels govern the degree to which a server process can act on behalf 
155''' of a client process.
156''' </summary>
157Friend Enum SECURITY_IMPERSONATION_LEVEL
158    SecurityAnonymous = 0
159    SecurityIdentification
160    SecurityImpersonation
161    SecurityDelegation
162End Enum
163
164
165''' <summary>
166''' The TOKEN_ELEVATION_TYPE enumeration indicates the elevation type of 
167''' token being queried by the GetTokenInformation function or set by 
168''' the SetTokenInformation function.
169''' </summary>
170Friend Enum TOKEN_ELEVATION_TYPE
171    TokenElevationTypeDefault = 1
172    TokenElevationTypeFull
173    TokenElevationTypeLimited
174End Enum
175
176
177''' <summary>
178''' The structure represents a security identifier (SID) and its attributes.
179''' SIDs are used to uniquely identify users or groups.
180''' </summary>
181<StructLayout(LayoutKind.Sequential)> _
182Friend Structure SID_AND_ATTRIBUTES
183    Public Sid As IntPtr
184    Public Attributes As UInteger
185End Structure
186
187
188''' <summary>
189''' The structure indicates whether a token has elevated privileges.
190''' </summary>
191<StructLayout(LayoutKind.Sequential)> _
192Friend Structure TOKEN_ELEVATION
193    Public TokenIsElevated As Integer
194End Structure
195
196
197''' <summary>
198''' The structure specifies the mandatory integrity level for a token.
199''' </summary>
200<StructLayout(LayoutKind.Sequential)> _
201Friend Structure TOKEN_MANDATORY_LABEL
202    Public Label As SID_AND_ATTRIBUTES
203End Structure
204
205
206''' <summary>
207''' Represents a wrapper class for a token handle.
208''' </summary>
209Friend Class SafeTokenHandle
210    Inherits SafeHandleZeroOrMinusOneIsInvalid
211
212    Private Sub New()
213        MyBase.New(True)
214    End Sub
215
216    Friend Sub New(ByVal handle As IntPtr)
217        MyBase.New(True)
218        MyBase.SetHandle(handle)
219    End Sub
220
221    <DllImport("kernel32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
222    Friend Shared Function CloseHandle(ByVal handle As IntPtr) As Boolean
223    End Function
224
225    Protected Overrides Function ReleaseHandle() As Boolean
226        Return SafeTokenHandle.CloseHandle(MyBase.handle)
227    End Function
228
229End Class
230
231
232Friend Class NativeMethods
233
234    ' Token Specific Access Rights
235
236    Public Const STANDARD_RIGHTS_REQUIRED As UInt32 = &HF0000
237    Public Const STANDARD_RIGHTS_READ As UInt32 = &H20000
238    Public Const TOKEN_ASSIGN_PRIMARY As UInt32 = 1
239    Public Const TOKEN_DUPLICATE As UInt32 = 2
240    Public Const TOKEN_IMPERSONATE As UInt32 = 4
241    Public Const TOKEN_QUERY As UInt32 = 8
242    Public Const TOKEN_QUERY_SOURCE As UInt32 = &H10
243    Public Const TOKEN_ADJUST_PRIVILEGES As UInt32 = &H20
244    Public Const TOKEN_ADJUST_GROUPS As UInt32 = &H40
245    Public Const TOKEN_ADJUST_DEFAULT As UInt32 = &H80
246    Public Const TOKEN_ADJUST_SESSIONID As UInt32 = &H100
247    Public Const TOKEN_READ As UInt32 = (STANDARD_RIGHTS_READ Or TOKEN_QUERY)
248    Public Const TOKEN_ALL_ACCESS As UInt32 = (STANDARD_RIGHTS_REQUIRED Or _
249        TOKEN_ASSIGN_PRIMARY Or TOKEN_DUPLICATE Or TOKEN_IMPERSONATE Or _
250        TOKEN_QUERY Or TOKEN_QUERY_SOURCE Or TOKEN_ADJUST_PRIVILEGES Or _
251        TOKEN_ADJUST_GROUPS Or TOKEN_ADJUST_DEFAULT Or TOKEN_ADJUST_SESSIONID)
252
253
254    Public Const ERROR_INSUFFICIENT_BUFFER As Int32 = 122
255
256
257    ' Integrity Levels
258
259    Public Const SECURITY_MANDATORY_UNTRUSTED_RID As Integer = 0
260    Public Const SECURITY_MANDATORY_LOW_RID As Integer = &H1000
261    Public Const SECURITY_MANDATORY_MEDIUM_RID As Integer = &H2000
262    Public Const SECURITY_MANDATORY_HIGH_RID As Integer = &H3000
263    Public Const SECURITY_MANDATORY_SYSTEM_RID As Integer = &H4000
264
265
266    ''' <summary>
267    ''' The function opens the access token associated with a process.
268    ''' </summary>
269    ''' <param name="hProcess">
270    ''' A handle to the process whose access token is opened.
271    ''' </param>
272    ''' <param name="desiredAccess">
273    ''' Specifies an access mask that specifies the requested types of access 
274    ''' to the access token. 
275    ''' </param>
276    ''' <param name="hToken">
277    ''' Outputs a handle that identifies the newly opened access token 
278    ''' when the function returns.
279    ''' </param>
280    ''' <returns></returns>
281    <DllImport("advapi32", CharSet:=CharSet.Auto, SetLastError:=True)> _
282    Public Shared Function OpenProcessToken( _
283        ByVal hProcess As IntPtr, _
284        ByVal desiredAccess As UInt32, _
285        <Out()> ByRef hToken As SafeTokenHandle) _
286        As <MarshalAs(UnmanagedType.Bool)> Boolean
287    End Function
288
289
290    ''' <summary>
291    ''' The function creates a new access token that duplicates one already
292    ''' in existence.
293    ''' </summary>
294    ''' <param name="ExistingTokenHandle">
295    ''' A handle to an access token opened with TOKEN_DUPLICATE access.
296    ''' </param>
297    ''' <param name="ImpersonationLevel">
298    ''' Specifies a SECURITY_IMPERSONATION_LEVEL enumerated type that 
299    ''' supplies the impersonation level of the new token.
300    ''' </param>
301    ''' <param name="DuplicateTokenHandle">
302    ''' Outputs a handle to the duplicate token. 
303    ''' </param>
304    ''' <returns></returns>
305    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
306    Public Shared Function DuplicateToken( _
307        ByVal ExistingTokenHandle As SafeTokenHandle, _
308        ByVal ImpersonationLevel As SECURITY_IMPERSONATION_LEVEL, _
309        <Out()> ByRef DuplicateTokenHandle As SafeTokenHandle) _
310        As Boolean
311    End Function
312
313
314    ''' <summary>
315    ''' The function retrieves a specified type of information about an 
316    ''' access token. The calling process must have appropriate access rights
317    ''' to obtain the information.
318    ''' </summary>
319    ''' <param name="hToken">
320    ''' A handle to an access token from which information is retrieved.
321    ''' </param>
322    ''' <param name="tokenInfoClass">
323    ''' Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type to 
324    ''' identify the type of information the function retrieves.
325    ''' </param>
326    ''' <param name="pTokenInfo">
327    ''' A pointer to a buffer the function fills with the requested 
328    ''' information.
329    ''' </param>
330    ''' <param name="tokenInfoLength">
331    ''' Specifies the size, in bytes, of the buffer pointed to by the 
332    ''' TokenInformation parameter. 
333    ''' </param>
334    ''' <param name="returnLength">
335    ''' A pointer to a variable that receives the number of bytes needed for 
336    ''' the buffer pointed to by the TokenInformation parameter. 
337    ''' </param>
338    ''' <returns></returns>
339    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
340    Public Shared Function GetTokenInformation( _
341        ByVal hToken As SafeTokenHandle, _
342        ByVal tokenInfoClass As TOKEN_INFORMATION_CLASS, _
343        ByVal pTokenInfo As IntPtr, _
344        ByVal tokenInfoLength As Integer, _
345        <Out()> ByRef returnLength As Integer) _
346        As <MarshalAs(UnmanagedType.Bool)> Boolean
347    End Function
348
349
350    ''' <summary>
351    ''' Sets the elevation required state for a specified button or command 
352    ''' link to display an elevated icon. 
353    ''' </summary>
354    ''' <remarks></remarks>
355    Public Const BCM_SETSHIELD As UInt32 = &H160C
356
357
358    ''' <summary>
359    ''' Sends the specified message to a window or windows. The function 
360    ''' calls the window procedure for the specified window and does not 
361    ''' return until the window procedure has processed the message. 
362    ''' </summary>
363    ''' <param name="hWnd">
364    ''' Handle to the window whose window procedure will receive the message.
365    ''' </param>
366    ''' <param name="Msg">Specifies the message to be sent.</param>
367    ''' <param name="wParam">
368    ''' Specifies additional message-specific information.
369    ''' </param>
370    ''' <param name="lParam">
371    ''' Specifies additional message-specific information.
372    ''' </param>
373    ''' <returns></returns>
374    <DllImport("user32", CharSet:=CharSet.Auto, SetLastError:=True)> _
375    Public Shared Function SendMessage( _
376        ByVal hWnd As IntPtr, _
377        ByVal Msg As UInt32, _
378        ByVal wParam As Integer, _
379        ByVal lParam As IntPtr) _
380        As Integer
381    End Function
382
383
384    ''' <summary>
385    ''' The function returns a pointer to a specified subauthority in a 
386    ''' security identifier (SID). The subauthority value is a relative 
387    ''' identifier (RID).
388    ''' </summary>
389    ''' <param name="pSid">
390    ''' A pointer to the SID structure from which a pointer to a subauthority
391    ''' is to be returned.
392    ''' </param>
393    ''' <param name="nSubAuthority">
394    ''' Specifies an index value identifying the subauthority array element 
395    ''' whose address the function will return.
396    ''' </param>
397    ''' <returns>
398    ''' If the function succeeds, the return value is a pointer to the 
399    ''' specified SID subauthority. To get extended error information, call
400    ''' GetLastError. If the function fails, the return value is undefined.
401    ''' The function fails if the specified SID structure is not valid or if 
402    ''' the index value specified by the nSubAuthority parameter is out of
403    ''' bounds. 
404    ''' </returns>
405    <DllImport("advapi32.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
406    Public Shared Function GetSidSubAuthority( _
407        ByVal pSid As IntPtr, _
408        ByVal nSubAuthority As UInt32) _
409        As IntPtr
410    End Function
411
412End Class