AntonNik0laev/dumpsd.cs

## dumpsd.cs
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics.Eventing.Reader;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;

namespace DumpSd_cs
{
    class Program
    {
        enum SID_NAME_USE
        {
            SidTypeUser = 1,
            SidTypeGroup,
            SidTypeDomain,
            SidTypeAlias,
            SidTypeWellKnownGroup,
            SidTypeDeletedAccount,
            SidTypeInvalid,
            SidTypeUnknown,
            SidTypeComputer
        }

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        static extern bool LookupAccountSid(
          string lpSystemName,
          [MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
          StringBuilder lpName,
          ref uint cchName,
          StringBuilder ReferencedDomainName,
          ref uint cchReferencedDomainName,
          out SID_NAME_USE peUse);

        [Flags]
        public enum ACE_FLAGS : uint
        {
            READ_DATA = 0x0001,

            WRITE_DATA = 0x0002,

            APPEND_DATA = 0x0004,

            READ_EA = 0x0008,
            WRITE_EA = 0x0010,
            EXECUTE = 0x0020,

            DELETE_CHILD = 0x0040,
            READ_ATTR= 0x0080,
            WRITE_ATTR= 0x0100,

            DELETE = 0x001F0000,
            READ_CONTROL = 0x001F0000,
            WRITE_DAC = 0x001F0000,
            WRITE_OWNER = 0x001F0000,
            SYNCHRONIZE = 0x001F0000,

            //STD_RIGHTS_REQUIRED         = 0x000F0000,
            //STANDARD_RIGHTS_ALL = 0x001F0000,
            //SPECIFIC_RIGHTS_ALL = 0x0000FFFF,

            ACCESS_SYSTEM_SECURITY = 0x01000000,
            GENERIC_READ = 0x80000000,
            GENERIC_WRITE = 0x40000000,
            GENERIC_EXECUTE = 0x20000000,
            GENERIC_ALL = 0x10000000,

            //FILE_ALL_ACCESS  = (STD_RIGHTS_REQUIRED | ACE_FLAGS.SYNCHRONIZE ),
            FILE_GENERIC_READ         = (READ_CONTROL| READ_DATA| READ_ATTR| READ_EA| SYNCHRONIZE),
            FILE_GENERIC_WRITE        = (READ_CONTROL| WRITE_DATA| WRITE_ATTR| WRITE_EA| APPEND_DATA | SYNCHRONIZE),
            FILE_GENERIC_EXECUTE      = (READ_CONTROL | READ_ATTR| EXECUTE | SYNCHRONIZE),

            FILE_ALL = 0xfff,
            ALL = (READ_DATA |  WRITE_DATA |  APPEND_DATA |   READ_EA | WRITE_EA | EXECUTE |  DELETE_CHILD | READ_ATTR | WRITE_ATTR | DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE
                |   ACCESS_SYSTEM_SECURITY | GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL |  FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE)
        }

        static void Main(string[] args)
        {
            if (args.Length < 1)
                Console.WriteLine("usage: DumpSd path\\to\\file.ext");

            var sdBin = new FileInfo(args[0]).GetAccessControl().GetSecurityDescriptorBinaryForm();

            DumpSd(sdBin);
        }

        private class SamAccount
        {
            public string UserName { get; set; }
            public string Domain { get; set; }
            public SID_NAME_USE SidNameUse { get; set; }
            public override string ToString()
            {
                return Domain + "\\" + UserName;
            }
        }

        private static SamAccount TryResolveAccount(SecurityIdentifier sid, string computerName = null)
        {
            byte[] binSid= new byte[sid.BinaryLength];
            sid.GetBinaryForm(binSid,0);
            var sbName = new StringBuilder(100);
            var sbDomain = new StringBuilder(100);
            uint cchName = (uint) sbName.Capacity;
            uint cchDomain = (uint) sbDomain.Capacity;
            SID_NAME_USE sidNameUse;
            if (string.IsNullOrEmpty(computerName))
            {
                computerName = Environment.MachineName;
            }
            if (LookupAccountSid(computerName, binSid, sbName, ref cchName, sbDomain, ref cchDomain, out sidNameUse))
                return new SamAccount()
                {
                    UserName = sbName.ToString(),
                    Domain = sbDomain.ToString(),
                    SidNameUse = sidNameUse
                };
            return null;
        }

        private static string GetSidOrSamAccount(SecurityIdentifier sid)
        {
            return TryResolveAccount(sid)?.ToString() ?? sid.Value;
        }

        static void DumpSd(byte[] sdBin)
        {
            var sd = new CommonSecurityDescriptor(false, false, new RawSecurityDescriptor(sdBin,0));
            var ownerSid = sd.Owner.Value;

            Console.WriteLine($"Control flags: {sd.ControlFlags}");
            Console.WriteLine($"Owner: {GetSidOrSamAccount(sd.Owner)}");
            Console.WriteLine();
            Console.WriteLine("--------Discretionary ACL----------");
            CommonAcl acl = sd.DiscretionaryAcl;
            foreach (CommonAce ace in acl)
            {

                ACE_FLAGS flags = (ACE_FLAGS) (uint)ace.AccessMask & ACE_FLAGS.FILE_ALL;

                Console.WriteLine($"{GetSidOrSamAccount(ace.SecurityIdentifier)} : {ace.AceType} ; flags: {flags}; inheritance: {ace.InheritanceFlags}");
                Console.WriteLine();
            }
        }
    }
}
	using System;
	using System.Collections;
	using System.Collections.Generic;
	using System.Diagnostics.Eventing.Reader;
	using System.IO;
	using System.Linq;
	using System.Runtime.InteropServices;
	using System.Security.AccessControl;
	using System.Security.Principal;
	using System.Text;
	using System.Threading.Tasks;

	namespace DumpSd_cs
	{
	class Program
	{
	enum SID_NAME_USE
	{
	SidTypeUser = 1,
	SidTypeGroup,
	SidTypeDomain,
	SidTypeAlias,
	SidTypeWellKnownGroup,
	SidTypeDeletedAccount,
	SidTypeInvalid,
	SidTypeUnknown,
	SidTypeComputer
	}

	[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
	static extern bool LookupAccountSid(
	string lpSystemName,
	[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
	StringBuilder lpName,
	ref uint cchName,
	StringBuilder ReferencedDomainName,
	ref uint cchReferencedDomainName,
	out SID_NAME_USE peUse);

	[Flags]
	public enum ACE_FLAGS : uint
	{
	READ_DATA = 0x0001,

	WRITE_DATA = 0x0002,

	APPEND_DATA = 0x0004,

	READ_EA = 0x0008,
	WRITE_EA = 0x0010,
	EXECUTE = 0x0020,

	DELETE_CHILD = 0x0040,
	READ_ATTR= 0x0080,
	WRITE_ATTR= 0x0100,

	DELETE = 0x001F0000,
	READ_CONTROL = 0x001F0000,
	WRITE_DAC = 0x001F0000,
	WRITE_OWNER = 0x001F0000,
	SYNCHRONIZE = 0x001F0000,

	//STD_RIGHTS_REQUIRED = 0x000F0000,
	//STANDARD_RIGHTS_ALL = 0x001F0000,
	//SPECIFIC_RIGHTS_ALL = 0x0000FFFF,

	ACCESS_SYSTEM_SECURITY = 0x01000000,
	GENERIC_READ = 0x80000000,
	GENERIC_WRITE = 0x40000000,
	GENERIC_EXECUTE = 0x20000000,
	GENERIC_ALL = 0x10000000,

	//FILE_ALL_ACCESS = (STD_RIGHTS_REQUIRED \| ACE_FLAGS.SYNCHRONIZE ),
	FILE_GENERIC_READ = (READ_CONTROL\| READ_DATA\| READ_ATTR\| READ_EA\| SYNCHRONIZE),
	FILE_GENERIC_WRITE = (READ_CONTROL\| WRITE_DATA\| WRITE_ATTR\| WRITE_EA\| APPEND_DATA \| SYNCHRONIZE),
	FILE_GENERIC_EXECUTE = (READ_CONTROL \| READ_ATTR\| EXECUTE \| SYNCHRONIZE),

	FILE_ALL = 0xfff,
	ALL = (READ_DATA \| WRITE_DATA \| APPEND_DATA \| READ_EA \| WRITE_EA \| EXECUTE \| DELETE_CHILD \| READ_ATTR \| WRITE_ATTR \| DELETE \| READ_CONTROL \| WRITE_DAC \| WRITE_OWNER \| SYNCHRONIZE
	\| ACCESS_SYSTEM_SECURITY \| GENERIC_READ \| GENERIC_WRITE \| GENERIC_EXECUTE \| GENERIC_ALL \| FILE_GENERIC_READ \| FILE_GENERIC_WRITE \| FILE_GENERIC_EXECUTE)
	}

	static void Main(string[] args)
	{
	if (args.Length < 1)
	Console.WriteLine("usage: DumpSd path\\to\\file.ext");

	var sdBin = new FileInfo(args[0]).GetAccessControl().GetSecurityDescriptorBinaryForm();

	DumpSd(sdBin);
	}

	private class SamAccount
	{
	public string UserName { get; set; }
	public string Domain { get; set; }
	public SID_NAME_USE SidNameUse { get; set; }
	public override string ToString()
	{
	return Domain + "\\" + UserName;
	}
	}

	private static SamAccount TryResolveAccount(SecurityIdentifier sid, string computerName = null)
	{
	byte[] binSid= new byte[sid.BinaryLength];
	sid.GetBinaryForm(binSid,0);
	var sbName = new StringBuilder(100);
	var sbDomain = new StringBuilder(100);
	uint cchName = (uint) sbName.Capacity;
	uint cchDomain = (uint) sbDomain.Capacity;
	SID_NAME_USE sidNameUse;
	if (string.IsNullOrEmpty(computerName))
	{
	computerName = Environment.MachineName;
	}
	if (LookupAccountSid(computerName, binSid, sbName, ref cchName, sbDomain, ref cchDomain, out sidNameUse))
	return new SamAccount()
	{
	UserName = sbName.ToString(),
	Domain = sbDomain.ToString(),
	SidNameUse = sidNameUse
	};
	return null;
	}

	private static string GetSidOrSamAccount(SecurityIdentifier sid)
	{
	return TryResolveAccount(sid)?.ToString() ?? sid.Value;
	}

	static void DumpSd(byte[] sdBin)
	{
	var sd = new CommonSecurityDescriptor(false, false, new RawSecurityDescriptor(sdBin,0));
	var ownerSid = sd.Owner.Value;

	Console.WriteLine($"Control flags: {sd.ControlFlags}");
	Console.WriteLine($"Owner: {GetSidOrSamAccount(sd.Owner)}");
	Console.WriteLine();
	Console.WriteLine("--------Discretionary ACL----------");
	CommonAcl acl = sd.DiscretionaryAcl;
	foreach (CommonAce ace in acl)
	{

	ACE_FLAGS flags = (ACE_FLAGS) (uint)ace.AccessMask & ACE_FLAGS.FILE_ALL;

	Console.WriteLine($"{GetSidOrSamAccount(ace.SecurityIdentifier)} : {ace.AceType} ; flags: {flags}; inheritance: {ace.InheritanceFlags}");
	Console.WriteLine();
	}
	}
	}
	}