nefarius/HidHideAllowListExample.cs

## HidHideAllowListExample.cs
// Use e.g. https://github.com/dotnet/pinvoke/
// Install-Package PInvoke.Kernel32
using (var handle = Kernel32.CreateFile("\\\\.\\HidHide",
    Kernel32.ACCESS_MASK.GenericRight.GENERIC_READ,
    Kernel32.FileShare.FILE_SHARE_READ | Kernel32.FileShare.FILE_SHARE_WRITE,
    IntPtr.Zero, Kernel32.CreationDisposition.OPEN_EXISTING,
    Kernel32.CreateFileFlags.FILE_ATTRIBUTE_NORMAL,
    Kernel32.SafeObjectHandle.Null
))
{
    var buffer = IntPtr.Zero;

    // List of allowed application paths
    IList<string> paths = new List<string>();

    // Get existing list of allowed applications
    // This is important to not discard entries other processes potentially made
    // Always get the current list before altering/submitting it
    try
    {
        // Get required buffer size
        // Check return value for success
        Kernel32.DeviceIoControl(
            handle,
            unchecked((int) IOCTL_GET_WHITELIST),
            IntPtr.Zero,
            0,
            IntPtr.Zero,
            0,
            out var required,
            IntPtr.Zero
        );

        buffer = Marshal.AllocHGlobal(required);

        // Get actual buffer content
        // Check return value for success
        Kernel32.DeviceIoControl(
            handle,
            unchecked((int) IOCTL_GET_WHITELIST),
            IntPtr.Zero,
            0,
            buffer,
            required,
            out _,
            IntPtr.Zero
        );

        // Store existing allow-list in a more manageable "C#" fashion
        paths = buffer.MultiSzPointerToStringArray(required).ToList();
    }
    finally
    {
        Marshal.FreeHGlobal(buffer);
    }

    // Manipulate allow-list and submit it
    try
    {
        buffer = paths
            .Concat(new[] // Add our own instance paths to the existing list
            {
                // Add application stored on multiple mounted folders
                VolumeHelper.PathToDosDevicePath(@"D:\test-junction\subdir\another\deep\SCPUser.exe"),
                // Add development build of DS4Windows
                VolumeHelper.PathToDosDevicePath(
                    @"D:\Development\GitHub\DS4Windows\DS4Windows\bin\x64\Debug\DS4Windows.exe")
            })
            .Distinct() // Remove duplicates, if any
            .StringArrayToMultiSzPointer(out var length); // Convert to usable buffer

        // Submit new list
        // Check return value for success
        Kernel32.DeviceIoControl(
            handle,
            unchecked((int) IOCTL_SET_WHITELIST),
            buffer,
            length,
            IntPtr.Zero,
            0,
            out _,
            IntPtr.Zero
        );
    }
    finally
    {
        Marshal.FreeHGlobal(buffer);
    }
}
	// Use e.g. https://github.com/dotnet/pinvoke/
	// Install-Package PInvoke.Kernel32
	using (var handle = Kernel32.CreateFile("\\\\.\\HidHide",
	Kernel32.ACCESS_MASK.GenericRight.GENERIC_READ,
	Kernel32.FileShare.FILE_SHARE_READ \| Kernel32.FileShare.FILE_SHARE_WRITE,
	IntPtr.Zero, Kernel32.CreationDisposition.OPEN_EXISTING,
	Kernel32.CreateFileFlags.FILE_ATTRIBUTE_NORMAL,
	Kernel32.SafeObjectHandle.Null
	))
	{
	var buffer = IntPtr.Zero;

	// List of allowed application paths
	IList<string> paths = new List<string>();

	// Get existing list of allowed applications
	// This is important to not discard entries other processes potentially made
	// Always get the current list before altering/submitting it
	try
	{
	// Get required buffer size
	// Check return value for success
	Kernel32.DeviceIoControl(
	handle,
	unchecked((int) IOCTL_GET_WHITELIST),
	IntPtr.Zero,
	0,
	IntPtr.Zero,
	0,
	out var required,
	IntPtr.Zero
	);

	buffer = Marshal.AllocHGlobal(required);

	// Get actual buffer content
	// Check return value for success
	Kernel32.DeviceIoControl(
	handle,
	unchecked((int) IOCTL_GET_WHITELIST),
	IntPtr.Zero,
	0,
	buffer,
	required,
	out _,
	IntPtr.Zero
	);

	// Store existing allow-list in a more manageable "C#" fashion
	paths = buffer.MultiSzPointerToStringArray(required).ToList();
	}
	finally
	{
	Marshal.FreeHGlobal(buffer);
	}

	// Manipulate allow-list and submit it
	try
	{
	buffer = paths
	.Concat(new[] // Add our own instance paths to the existing list
	{
	// Add application stored on multiple mounted folders
	VolumeHelper.PathToDosDevicePath(@"D:\test-junction\subdir\another\deep\SCPUser.exe"),
	// Add development build of DS4Windows
	VolumeHelper.PathToDosDevicePath(
	@"D:\Development\GitHub\DS4Windows\DS4Windows\bin\x64\Debug\DS4Windows.exe")
	})
	.Distinct() // Remove duplicates, if any
	.StringArrayToMultiSzPointer(out var length); // Convert to usable buffer

	// Submit new list
	// Check return value for success
	Kernel32.DeviceIoControl(
	handle,
	unchecked((int) IOCTL_SET_WHITELIST),
	buffer,
	length,
	IntPtr.Zero,
	0,
	out _,
	IntPtr.Zero
	);
	}
	finally
	{
	Marshal.FreeHGlobal(buffer);
	}
	}