Created
October 20, 2015 21:18
-
-
Save AntonNik0laev/0c8142a3a75aa019d286 to your computer and use it in GitHub Desktop.
display sd information
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections; | |
using System.Collections.Generic; | |
using System.Diagnostics.Eventing.Reader; | |
using System.IO; | |
using System.Linq; | |
using System.Runtime.InteropServices; | |
using System.Security.AccessControl; | |
using System.Security.Principal; | |
using System.Text; | |
using System.Threading.Tasks; | |
namespace DumpSd_cs | |
{ | |
class Program | |
{ | |
enum SID_NAME_USE | |
{ | |
SidTypeUser = 1, | |
SidTypeGroup, | |
SidTypeDomain, | |
SidTypeAlias, | |
SidTypeWellKnownGroup, | |
SidTypeDeletedAccount, | |
SidTypeInvalid, | |
SidTypeUnknown, | |
SidTypeComputer | |
} | |
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] | |
static extern bool LookupAccountSid( | |
string lpSystemName, | |
[MarshalAs(UnmanagedType.LPArray)] byte[] Sid, | |
StringBuilder lpName, | |
ref uint cchName, | |
StringBuilder ReferencedDomainName, | |
ref uint cchReferencedDomainName, | |
out SID_NAME_USE peUse); | |
[Flags] | |
public enum ACE_FLAGS : uint | |
{ | |
READ_DATA = 0x0001, | |
WRITE_DATA = 0x0002, | |
APPEND_DATA = 0x0004, | |
READ_EA = 0x0008, | |
WRITE_EA = 0x0010, | |
EXECUTE = 0x0020, | |
DELETE_CHILD = 0x0040, | |
READ_ATTR= 0x0080, | |
WRITE_ATTR= 0x0100, | |
DELETE = 0x001F0000, | |
READ_CONTROL = 0x001F0000, | |
WRITE_DAC = 0x001F0000, | |
WRITE_OWNER = 0x001F0000, | |
SYNCHRONIZE = 0x001F0000, | |
//STD_RIGHTS_REQUIRED = 0x000F0000, | |
//STANDARD_RIGHTS_ALL = 0x001F0000, | |
//SPECIFIC_RIGHTS_ALL = 0x0000FFFF, | |
ACCESS_SYSTEM_SECURITY = 0x01000000, | |
GENERIC_READ = 0x80000000, | |
GENERIC_WRITE = 0x40000000, | |
GENERIC_EXECUTE = 0x20000000, | |
GENERIC_ALL = 0x10000000, | |
//FILE_ALL_ACCESS = (STD_RIGHTS_REQUIRED | ACE_FLAGS.SYNCHRONIZE ), | |
FILE_GENERIC_READ = (READ_CONTROL| READ_DATA| READ_ATTR| READ_EA| SYNCHRONIZE), | |
FILE_GENERIC_WRITE = (READ_CONTROL| WRITE_DATA| WRITE_ATTR| WRITE_EA| APPEND_DATA | SYNCHRONIZE), | |
FILE_GENERIC_EXECUTE = (READ_CONTROL | READ_ATTR| EXECUTE | SYNCHRONIZE), | |
FILE_ALL = 0xfff, | |
ALL = (READ_DATA | WRITE_DATA | APPEND_DATA | READ_EA | WRITE_EA | EXECUTE | DELETE_CHILD | READ_ATTR | WRITE_ATTR | DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER | SYNCHRONIZE | |
| ACCESS_SYSTEM_SECURITY | GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL | FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE) | |
} | |
static void Main(string[] args) | |
{ | |
if (args.Length < 1) | |
Console.WriteLine("usage: DumpSd path\\to\\file.ext"); | |
var sdBin = new FileInfo(args[0]).GetAccessControl().GetSecurityDescriptorBinaryForm(); | |
DumpSd(sdBin); | |
} | |
private class SamAccount | |
{ | |
public string UserName { get; set; } | |
public string Domain { get; set; } | |
public SID_NAME_USE SidNameUse { get; set; } | |
public override string ToString() | |
{ | |
return Domain + "\\" + UserName; | |
} | |
} | |
private static SamAccount TryResolveAccount(SecurityIdentifier sid, string computerName = null) | |
{ | |
byte[] binSid= new byte[sid.BinaryLength]; | |
sid.GetBinaryForm(binSid,0); | |
var sbName = new StringBuilder(100); | |
var sbDomain = new StringBuilder(100); | |
uint cchName = (uint) sbName.Capacity; | |
uint cchDomain = (uint) sbDomain.Capacity; | |
SID_NAME_USE sidNameUse; | |
if (string.IsNullOrEmpty(computerName)) | |
{ | |
computerName = Environment.MachineName; | |
} | |
if (LookupAccountSid(computerName, binSid, sbName, ref cchName, sbDomain, ref cchDomain, out sidNameUse)) | |
return new SamAccount() | |
{ | |
UserName = sbName.ToString(), | |
Domain = sbDomain.ToString(), | |
SidNameUse = sidNameUse | |
}; | |
return null; | |
} | |
private static string GetSidOrSamAccount(SecurityIdentifier sid) | |
{ | |
return TryResolveAccount(sid)?.ToString() ?? sid.Value; | |
} | |
static void DumpSd(byte[] sdBin) | |
{ | |
var sd = new CommonSecurityDescriptor(false, false, new RawSecurityDescriptor(sdBin,0)); | |
var ownerSid = sd.Owner.Value; | |
Console.WriteLine($"Control flags: {sd.ControlFlags}"); | |
Console.WriteLine($"Owner: {GetSidOrSamAccount(sd.Owner)}"); | |
Console.WriteLine(); | |
Console.WriteLine("--------Discretionary ACL----------"); | |
CommonAcl acl = sd.DiscretionaryAcl; | |
foreach (CommonAce ace in acl) | |
{ | |
ACE_FLAGS flags = (ACE_FLAGS) (uint)ace.AccessMask & ACE_FLAGS.FILE_ALL; | |
Console.WriteLine($"{GetSidOrSamAccount(ace.SecurityIdentifier)} : {ace.AceType} ; flags: {flags}; inheritance: {ace.InheritanceFlags}"); | |
Console.WriteLine(); | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment