AirDog46/ProcessHacker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

add plugins-extra

Browse Source
This commit is contained in:
AirDog46
2025-05-13 19:49:49 +03:00
parent c5fab8aa94
commit 3575d86c17
531 changed files with 70258 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
plugins-extra/SecurityExplorerPlugin/SecurityExplorer.rc Normal file
View File

@@ -0,0 +1,208 @@
// Microsoft Visual C++ generated resource script.
//
#include "resource.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "winres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// English (Australia) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENA)
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_AUS
#pragma code_page(1252)
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE
BEGIN
"#include ""winres.h""\r\n"
"\0"
END
3 TEXTINCLUDE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Version
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 1,0,0,0
PRODUCTVERSION 1,0,0,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
#else
FILEFLAGS 0x0L
#endif
FILEOS 0x4L
FILETYPE 0x2L
FILESUBTYPE 0x0L
BEGIN
BLOCK "StringFileInfo"
BEGIN
BLOCK "0c0904b0"
BEGIN
VALUE "CompanyName", "wj32"
VALUE "FileDescription", "Security Explorer"
VALUE "FileVersion", "1.0"
VALUE "InternalName", "SecurityExplorer"
VALUE "LegalCopyright", "Licensed under the GNU GPL, v3."
VALUE "OriginalFilename", "SecurityExplorer.dll"
VALUE "ProductName", "Security Explorer"
VALUE "ProductVersion", "1.0"
END
END
BLOCK "VarFileInfo"
BEGIN
VALUE "Translation", 0xc09, 1200
END
END
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_LSA DIALOGEX 0, 0, 433, 311
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "LSA"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "Accounts:",IDC_STATIC,7,25,33,8
PUSHBUTTON "Edit Policy Security...",IDC_EDITPOLICYSECURITY,7,7,91,14
CONTROL "",IDC_ACCOUNTS,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,37,365,103
PUSHBUTTON "Delete",IDC_ACCOUNT_DELETE,376,36,50,14
LTEXT "Privileges:",IDC_STATIC,7,144,34,8
CONTROL "",IDC_PRIVILEGES,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,155,419,149
PUSHBUTTON "Security",IDC_ACCOUNT_SECURITY,376,53,50,14
END
IDD_SESSIONS DIALOGEX 0, 0, 309, 178
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Sessions"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "",IDC_SESSIONS,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,164
END
IDD_USERS DIALOGEX 0, 0, 309, 178
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Users"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "",IDC_SESSIONS,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,164
END
IDD_GROUPS DIALOGEX 0, 0, 309, 178
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Groups"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "",IDC_SESSIONS,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,164
END
/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
BEGIN
IDD_LSA, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 426
TOPMARGIN, 7
BOTTOMMARGIN, 304
END
IDD_SESSIONS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 302
TOPMARGIN, 7
BOTTOMMARGIN, 171
END
IDD_USERS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 302
TOPMARGIN, 7
BOTTOMMARGIN, 171
END
IDD_GROUPS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 302
TOPMARGIN, 7
BOTTOMMARGIN, 171
END
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// AFX_DIALOG_LAYOUT
//
IDD_SESSIONS AFX_DIALOG_LAYOUT
BEGIN
0
END
IDD_USERS AFX_DIALOG_LAYOUT
BEGIN
0
END
IDD_GROUPS AFX_DIALOG_LAYOUT
BEGIN
0
END
#endif // English (Australia) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED

111
plugins-extra/SecurityExplorerPlugin/SecurityExplorer.vcxproj Normal file
View File

@@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{0DCBC570-B4E3-482A-9872-8BB5678F5E5C}</ProjectGuid>
<RootNamespace>SecurityExplorer</RootNamespace>
<Keyword>Win32Proj</Keyword>
<ProjectName>SecurityExplorer</ProjectName>
<WindowsTargetPlatformVersion>10.0.14393.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\ExtraPlugins.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\ExtraPlugins.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\ExtraPlugins.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="..\ExtraPlugins.props" />
</ImportGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LibraryPath>$(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\um\x86;C:\Users\AirDog46\Downloads\processhacker-2.39-src\bin\Debug32</LibraryPath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LibraryPath>$(VC_LibraryPath_x64);$(WindowsSDK_LibraryPath_x64);$(NETFXKitsDir)Lib\um\x64;C:\Users\AirDog46\Downloads\processhacker-2.39-src\bin\Release64</LibraryPath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LibraryPath>$(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\um\x86;$(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);$(NETFXKitsDir)Lib\um\x86;C:\Users\AirDog46\Downloads\processhacker-2.39-src\bin\Release32</LibraryPath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="explorer.c" />
<ClCompile Include="groups.c" />
<ClCompile Include="main.c" />
<ClCompile Include="sessions.c" />
<ClCompile Include="support.c" />
<ClCompile Include="users.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="explorer.h" />
<ClInclude Include="resource.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SecurityExplorer.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>

50
plugins-extra/SecurityExplorerPlugin/SecurityExplorer.vcxproj.filters Normal file
View File

@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="explorer.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="main.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="support.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="sessions.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="users.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="groups.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="explorer.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="resource.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SecurityExplorer.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project>

705
plugins-extra/SecurityExplorerPlugin/explorer.c Normal file
View File

@@ -0,0 +1,705 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2013 wj32
* Copyright (C) 2015-2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
HWND AccountsLv = NULL;
PPH_LIST AccountsList = NULL;
HWND PrivilegesLv = NULL;
PSID SelectedAccount = NULL;
VOID SxShowExplorer()
{
PROPSHEETHEADER propSheetHeader = { sizeof(propSheetHeader) };
PROPSHEETPAGE propSheetPage;
HPROPSHEETPAGE pages[4];
propSheetHeader.dwFlags =
PSH_NOAPPLYNOW |
PSH_NOCONTEXTHELP |
PSH_PROPTITLE;
propSheetHeader.hwndParent = PhMainWndHandle;
propSheetHeader.pszCaption = L"Security";
propSheetHeader.nPages = 0;
propSheetHeader.nStartPage = 0;
propSheetHeader.phpage = pages;
// LSA page
memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE));
propSheetPage.dwSize = sizeof(PROPSHEETPAGE);
propSheetPage.hInstance = PluginInstance->DllBase;
propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_LSA);
propSheetPage.pfnDlgProc = SxLsaDlgProc;
pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage);
// Sessions page
memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE));
propSheetPage.dwSize = sizeof(PROPSHEETPAGE);
propSheetPage.hInstance = PluginInstance->DllBase;
propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_SESSIONS);
propSheetPage.pfnDlgProc = SxSessionsDlgProc;
pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage);
// Users page
memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE));
propSheetPage.dwSize = sizeof(PROPSHEETPAGE);
propSheetPage.hInstance = PluginInstance->DllBase;
propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_USERS);
propSheetPage.pfnDlgProc = SxUsersDlgProc;
pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage);
// Groups page
memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE));
propSheetPage.dwSize = sizeof(PROPSHEETPAGE);
propSheetPage.hInstance = PluginInstance->DllBase;
propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_GROUPS);
propSheetPage.pfnDlgProc = SxGroupsDlgProc;
pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage);
PropertySheet(&propSheetHeader);
}
VOID SxpFreeAccounts()
{
if (AccountsList)
{
for (ULONG i = 0; i < AccountsList->Count; i++)
PhFree(AccountsList->Items[i]);
PhClearList(AccountsList);
}
}
VOID SxpRefreshAccounts()
{
LSA_HANDLE policyHandle;
LSA_ENUMERATION_HANDLE enumerationHandle = 0;
PLSA_ENUMERATION_INFORMATION accounts;
ULONG numberOfAccounts;
if (AccountsList)
{
SxpFreeAccounts();
}
else
{
AccountsList = PhCreateList(40);
}
ListView_DeleteAllItems(AccountsLv);
if (NT_SUCCESS(PhOpenLsaPolicy(&policyHandle, POLICY_VIEW_LOCAL_INFORMATION, NULL)))
{
while (NT_SUCCESS(LsaEnumerateAccounts(
policyHandle,
&enumerationHandle,
&accounts,
0x100,
&numberOfAccounts
)))
{
for (ULONG i = 0; i < numberOfAccounts; i++)
{
INT lvItemIndex;
PSID sid;
PPH_STRING name;
PPH_STRING sidString;
sid = PhAllocateCopy(accounts[i].Sid, RtlLengthSid(accounts[i].Sid));
PhAddItemList(AccountsList, sid);
name = PH_AUTO(PhGetSidFullName(sid, TRUE, NULL));
lvItemIndex = PhAddListViewItem(AccountsLv, MAXINT, PhGetStringOrDefault(name, L"(unknown)"), sid);
sidString = PH_AUTO(PhSidToStringSid(sid));
PhSetListViewSubItem(AccountsLv, lvItemIndex, 1, PhGetStringOrDefault(sidString, L"(unknown)"));
}
LsaFreeMemory(accounts);
}
LsaClose(policyHandle);
}
ExtendedListView_SortItems(AccountsLv);
}
VOID SxpRefreshPrivileges()
{
LSA_HANDLE policyHandle;
LSA_ENUMERATION_HANDLE enumerationHandle = 0;
PPOLICY_PRIVILEGE_DEFINITION privileges;
ULONG numberOfPrivileges;
ListView_DeleteAllItems(PrivilegesLv);
if (NT_SUCCESS(PhOpenLsaPolicy(&policyHandle, POLICY_VIEW_LOCAL_INFORMATION, NULL)))
{
while (NT_SUCCESS(LsaEnumeratePrivileges(
policyHandle,
&enumerationHandle,
&privileges,
0x100,
&numberOfPrivileges
)))
{
for (ULONG i = 0; i < numberOfPrivileges; i++)
{
INT lvItemIndex;
PPH_STRING name;
PPH_STRING displayName;
name = PhCreateStringEx(privileges[i].Name.Buffer, privileges[i].Name.Length);
lvItemIndex = PhAddListViewItem(PrivilegesLv, MAXINT, name->Buffer, NULL);
if (PhLookupPrivilegeDisplayName(&name->sr, &displayName))
{
PhSetListViewSubItem(PrivilegesLv, lvItemIndex, 1, displayName->Buffer);
PhDereferenceObject(displayName);
}
PhDereferenceObject(name);
}
LsaFreeMemory(privileges);
}
LsaClose(policyHandle);
}
ExtendedListView_SortItems(PrivilegesLv);
}
VOID SxpRefreshSessions(
_In_ HWND ListViewHandle
)
{
ULONG logonSessionCount = 0;
PLUID logonSessionList = NULL;
if (AccountsList)
{
SxpFreeAccounts();
}
else
{
AccountsList = PhCreateList(40);
}
ListView_DeleteAllItems(ListViewHandle);
if (NT_SUCCESS(LsaEnumerateLogonSessions(
&logonSessionCount,
&logonSessionList
)))
{
for (ULONG i = 0; i < logonSessionCount; i++)
{
PSECURITY_LOGON_SESSION_DATA logonSessionData;
if (NT_SUCCESS(LsaGetLogonSessionData(&logonSessionList[i], &logonSessionData)))
{
WCHAR logonSessionLuid[PH_PTR_STR_LEN_1] = L"Unknown";
if (RtlValidSid(logonSessionData->Sid))
{
INT lvItemIndex;
PSID sid = NULL;
PPH_STRING name;
PPH_STRING sidString;
sid = PhAllocateCopy(logonSessionData->Sid, RtlLengthSid(logonSessionData->Sid));
PhAddItemList(AccountsList, sid);
PhPrintPointer(logonSessionLuid, UlongToPtr(logonSessionData->LogonId.LowPart));
lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, logonSessionLuid, sid);
name = PH_AUTO(PhGetSidFullName(sid, TRUE, NULL));
PhSetListViewSubItem(ListViewHandle, lvItemIndex, 1, PhGetStringOrDefault(name, L"(unknown)"));
sidString = PH_AUTO(PhSidToStringSid(sid));
PhSetListViewSubItem(ListViewHandle, lvItemIndex, 2, PhGetStringOrDefault(sidString, L"(unknown)"));
}
else
{
PhPrintPointer(logonSessionLuid, UlongToPtr(logonSessionData->LogonId.LowPart));
PhAddListViewItem(ListViewHandle, MAXINT, logonSessionLuid, NULL);
}
LsaFreeReturnBuffer(logonSessionData);
}
}
LsaFreeReturnBuffer(logonSessionList);
}
ExtendedListView_SortItems(ListViewHandle);
}
VOID SxpRefreshUsers(
_In_ HWND ListViewHandle
)
{
NTSTATUS status;
LSA_HANDLE policyHandle = NULL;
SAM_HANDLE serverHandle = NULL;
SAM_HANDLE domainHandle = NULL;
SAM_HANDLE userHandle = NULL;
SAM_ENUMERATE_HANDLE enumContext = 0;
ULONG enumBufferLength = 0;
PSAM_RID_ENUMERATION enumBuffer = NULL;
PPOLICY_ACCOUNT_DOMAIN_INFO policyDomainInfo = NULL;
__try
{
if (!NT_SUCCESS(status = PhOpenLsaPolicy(
&policyHandle,
POLICY_VIEW_LOCAL_INFORMATION,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = LsaQueryInformationPolicy(
policyHandle,
PolicyAccountDomainInformation,
&policyDomainInfo
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamConnect(
NULL,
&serverHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamOpenDomain(
serverHandle,
DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP,
policyDomainInfo->DomainSid,
&domainHandle
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamEnumerateUsersInDomain(
domainHandle,
&enumContext,
0, // USER_ACCOUNT_TYPE_MASK
&enumBuffer,
-1,
&enumBufferLength
)))
{
__leave;
}
for (ULONG i = 0; i < enumBufferLength; i++)
{
PSID userSid = NULL;
PUSER_ALL_INFORMATION userInfo = NULL;
if (!NT_SUCCESS(status = SamOpenUser(
domainHandle,
USER_ALL_ACCESS,
enumBuffer[i].RelativeId,
&userHandle
)))
{
continue;
}
if (!NT_SUCCESS(status = SamQueryInformationUser(
userHandle,
UserAllInformation,
&userInfo
)))
{
SamCloseHandle(userHandle);
continue;
}
if (NT_SUCCESS(status = SamRidToSid(
userHandle,
enumBuffer[i].RelativeId,
&userSid
)))
{
INT lvItemIndex;
PSID sid;
PPH_STRING name;
PPH_STRING sidString;
sid = PhAllocateCopy(userSid, RtlLengthSid(userSid));
PhAddItemList(AccountsList, sid);
name = PH_AUTO(PhGetSidFullName(sid, TRUE, NULL));
lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, PhGetStringOrDefault(name, L"(unknown)"), UlongToPtr(enumBuffer[i].RelativeId));
sidString = PH_AUTO(PhSidToStringSid(sid));
PhSetListViewSubItem(ListViewHandle, lvItemIndex, 1, PhGetStringOrDefault(sidString, L"(unknown)"));
}
SamCloseHandle(userHandle);
SamFreeMemory(userInfo);
}
}
__finally
{
if (enumBuffer)
{
SamFreeMemory(enumBuffer);
}
if (domainHandle)
{
SamCloseHandle(domainHandle);
}
if (serverHandle)
{
SamCloseHandle(serverHandle);
}
if (policyDomainInfo)
{
LsaFreeMemory(policyDomainInfo);
}
if (policyHandle)
{
LsaClose(policyHandle);
}
}
}
VOID SxpRefreshGroups(
_In_ HWND ListViewHandle
)
{
NTSTATUS status;
LSA_HANDLE policyHandle = NULL;
SAM_HANDLE serverHandle = NULL;
SAM_HANDLE domainHandle = NULL;
SAM_HANDLE groupHandle = NULL;
SAM_ENUMERATE_HANDLE enumContext = 0;
ULONG enumBufferLength = 0;
PSAM_RID_ENUMERATION enumBuffer = NULL;
PPOLICY_ACCOUNT_DOMAIN_INFO policyDomainInfo = NULL;
__try
{
if (!NT_SUCCESS(status = PhOpenLsaPolicy(
&policyHandle,
POLICY_VIEW_LOCAL_INFORMATION,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = LsaQueryInformationPolicy(
policyHandle,
PolicyAccountDomainInformation,
&policyDomainInfo
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamConnect(
NULL,
&serverHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamOpenDomain(
serverHandle,
DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP,
policyDomainInfo->DomainSid,
&domainHandle
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamEnumerateGroupsInDomain(
domainHandle,
&enumContext,
&enumBuffer,
-1,
&enumBufferLength
)))
{
__leave;
}
for (ULONG i = 0; i < enumBufferLength; i++)
{
PGROUP_GENERAL_INFORMATION groupInfo = NULL;
if (!NT_SUCCESS(status = SamOpenGroup(
domainHandle,
GROUP_ALL_ACCESS,
enumBuffer[i].RelativeId,
&groupHandle
)))
{
continue;
}
if (NT_SUCCESS(status = SamQueryInformationGroup(
groupHandle,
GroupGeneralInformation,
&groupInfo
)))
{
INT lvItemIndex;
PPH_STRING groupName;
PPH_STRING groupComment;
groupName = PH_AUTO(PhCreateStringFromUnicodeString(&groupInfo->Name));
groupComment = PH_AUTO(PhCreateStringFromUnicodeString(&groupInfo->AdminComment));
lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, PhGetStringOrDefault(groupName, L"(unknown)"), NULL);
PhSetListViewSubItem(ListViewHandle, lvItemIndex, 1, PhGetStringOrDefault(groupComment, L"(unknown)"));
SamFreeMemory(groupInfo);
}
SamCloseHandle(groupHandle);
}
}
__finally
{
if (enumBuffer)
{
SamFreeMemory(enumBuffer);
}
if (domainHandle)
{
SamCloseHandle(domainHandle);
}
if (serverHandle)
{
SamCloseHandle(serverHandle);
}
if (policyDomainInfo)
{
LsaFreeMemory(policyDomainInfo);
}
if (policyHandle)
{
LsaClose(policyHandle);
}
}
}
INT_PTR CALLBACK SxLsaDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
PhCenterWindow(GetParent(hwndDlg), GetParent(GetParent(hwndDlg)));
AccountsLv = GetDlgItem(hwndDlg, IDC_ACCOUNTS);
PrivilegesLv = GetDlgItem(hwndDlg, IDC_PRIVILEGES);
PhSetListViewStyle(AccountsLv, FALSE, TRUE);
PhSetControlTheme(AccountsLv, L"explorer");
PhAddListViewColumn(AccountsLv, 0, 0, 0, LVCFMT_LEFT, 220, L"Name");
PhAddListViewColumn(AccountsLv, 1, 1, 1, LVCFMT_LEFT, 300, L"SID");
PhSetExtendedListView(AccountsLv);
PhSetListViewStyle(PrivilegesLv, FALSE, TRUE);
PhSetControlTheme(PrivilegesLv, L"explorer");
PhAddListViewColumn(PrivilegesLv, 0, 0, 0, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(PrivilegesLv, 1, 1, 1, LVCFMT_LEFT, 360, L"Description");
PhSetExtendedListView(PrivilegesLv);
SxpRefreshAccounts();
SxpRefreshPrivileges();
}
break;
case WM_DESTROY:
{
SxpFreeAccounts();
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_EDITPOLICYSECURITY:
{
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
stdObjectSecurity.OpenObject = SxpOpenLsaPolicy;
stdObjectSecurity.ObjectType = L"LsaPolicy";
stdObjectSecurity.Context = NULL;
if (PhGetAccessEntries(L"LsaPolicy", &accessEntries, &numberOfAccessEntries))
{
PhEditSecurity(
hwndDlg,
L"Local LSA Policy",
SxStdGetObjectSecurity,
SxStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
}
}
break;
case IDC_ACCOUNT_DELETE:
{
if (!SelectedAccount)
return FALSE;
if (PhShowConfirmMessage(
hwndDlg,
L"delete",
L"the selected account",
NULL,
TRUE
))
{
NTSTATUS status;
LSA_HANDLE policyHandle;
LSA_HANDLE accountHandle;
if (NT_SUCCESS(status = PhOpenLsaPolicy(&policyHandle, POLICY_LOOKUP_NAMES, NULL)))
{
if (NT_SUCCESS(status = LsaOpenAccount(
policyHandle,
SelectedAccount,
ACCOUNT_VIEW | DELETE, // ACCOUNT_VIEW is needed as well for some reason
&accountHandle
)))
{
status = LsaDelete(accountHandle);
LsaClose(accountHandle);
}
LsaClose(policyHandle);
}
if (NT_SUCCESS(status))
SxpRefreshAccounts();
else
PhShowStatus(hwndDlg, L"Unable to delete the account", status, 0);
}
}
break;
case IDC_ACCOUNT_SECURITY:
{
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
if (!SelectedAccount)
return FALSE;
stdObjectSecurity.OpenObject = SxpOpenSelectedLsaAccount;
stdObjectSecurity.ObjectType = L"LsaAccount";
stdObjectSecurity.Context = NULL;
if (PhGetAccessEntries(L"LsaAccount", &accessEntries, &numberOfAccessEntries))
{
PPH_STRING name;
name = PhGetSidFullName(SelectedAccount, TRUE, NULL);
PhEditSecurity(
hwndDlg,
PhGetStringOrDefault(name, L"(unknown)"),
SxStdGetObjectSecurity,
SxStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
PhDereferenceObject(name);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == AccountsLv)
{
if (ListView_GetSelectedCount(AccountsLv) == 1)
{
SelectedAccount = PhGetSelectedListViewItemParam(AccountsLv);
}
else
{
SelectedAccount = NULL;
}
}
}
break;
}
}
break;
}
return FALSE;
}

113
plugins-extra/SecurityExplorerPlugin/explorer.h Normal file
View File

@@ -0,0 +1,113 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2013 wj32
* Copyright (C) 2015-2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _EXPLORER_H_
#define _EXPLORER_H_
#pragma comment(lib, "Samlib.lib")
#pragma comment(lib, "Secur32.lib")
#pragma comment(lib, "Samlib.lib")
#include <phdk.h>
#include <secedit.h>
#include <ntsam.h>
#include <Sddl.h>
#include "resource.h"
extern PPH_PLUGIN PluginInstance;
extern PSID SelectedAccount;
_Callback_ NTSTATUS SxpOpenLsaPolicy(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
);
_Callback_ NTSTATUS SxpOpenSelectedLsaAccount(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
);
_Callback_ NTSTATUS SxpOpenSelectedSamAccount(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
);
_Callback_ NTSTATUS SxStdGetObjectSecurity(
_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
);
_Callback_ NTSTATUS SxStdSetObjectSecurity(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
);
VOID SxShowExplorer();
VOID SxpRefreshSessions(
_In_ HWND ListViewHandle
);
VOID SxpRefreshUsers(
_In_ HWND ListViewHandle
);
VOID SxpRefreshGroups(
_In_ HWND ListViewHandle
);
INT_PTR CALLBACK SxLsaDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
);
INT_PTR CALLBACK SxSessionsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
);
INT_PTR CALLBACK SxUsersDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
);
INT_PTR CALLBACK SxGroupsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
);
#endif _EXPLORER_H_

64
plugins-extra/SecurityExplorerPlugin/groups.c Normal file
View File

@@ -0,0 +1,64 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
static HWND GroupsLv = NULL;
static PH_LAYOUT_MANAGER LayoutManager;
INT_PTR CALLBACK SxGroupsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
GroupsLv = GetDlgItem(hwndDlg, IDC_SESSIONS);
PhSetListViewStyle(GroupsLv, FALSE, TRUE);
PhSetControlTheme(GroupsLv, L"explorer");
PhAddListViewColumn(GroupsLv, 0, 0, 0, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(GroupsLv, 1, 1, 1, LVCFMT_LEFT, 300, L"SID");
PhSetExtendedListView(GroupsLv);
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, GroupsLv, NULL, PH_ANCHOR_ALL);
SxpRefreshGroups(GroupsLv);
}
break;
case WM_DESTROY:
{
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&LayoutManager);
break;
}
return FALSE;
}

112
plugins-extra/SecurityExplorerPlugin/main.c Normal file
View File

@@ -0,0 +1,112 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2013 wj32
* Copyright (C) 2015-2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
PPH_PLUGIN PluginInstance;
PH_CALLBACK_REGISTRATION PluginLoadCallbackRegistration;
PH_CALLBACK_REGISTRATION PluginMenuItemCallbackRegistration;
PH_CALLBACK_REGISTRATION MainMenuInitializingCallbackRegistration;
VOID NTAPI LoadCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
NOTHING;
}
VOID NTAPI MenuItemCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_PLUGIN_MENU_ITEM menuItem = Parameter;
switch (menuItem->Id)
{
case 1:
SxShowExplorer();
break;
}
}
VOID NTAPI MainMenuInitializingCallback(
_In_opt_ PVOID Parameter,
_In_opt_ PVOID Context
)
{
PPH_PLUGIN_MENU_INFORMATION menuInfo = Parameter;
if (menuInfo->u.MainMenu.SubMenuIndex != PH_MENU_ITEM_LOCATION_TOOLS)
return;
PhInsertEMenuItem(menuInfo->Menu, PhPluginCreateEMenuItem(PluginInstance, 0, 1, L"Security Explorer", NULL), -1);
}
LOGICAL DllMain(
_In_ HINSTANCE Instance,
_In_ ULONG Reason,
_Reserved_ PVOID Reserved
)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
{
PPH_PLUGIN_INFORMATION info;
PluginInstance = PhRegisterPlugin(L"dmex.SecurityExplorer", Instance, &info);
if (!PluginInstance)
return FALSE;
info->DisplayName = L"Security Explorer";
info->Author = L"dmex, wj32";
info->Description = L"Manages LSA and SAM objects.";
info->HasOptions = FALSE;
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackLoad),
LoadCallback,
NULL,
&PluginLoadCallbackRegistration
);
PhRegisterCallback(
PhGetPluginCallback(PluginInstance, PluginCallbackMenuItem),
MenuItemCallback,
NULL,
&PluginMenuItemCallbackRegistration
);
PhRegisterCallback(
PhGetGeneralCallback(GeneralCallbackMainMenuInitializing),
MainMenuInitializingCallback,
NULL,
&MainMenuInitializingCallbackRegistration
);
}
break;
}
return TRUE;
}

26
plugins-extra/SecurityExplorerPlugin/resource.h Normal file
View File

@@ -0,0 +1,26 @@
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by SecurityExplorer.rc
//
#define IDD_LSA 101
#define IDD_SESSIONS 102
#define IDD_USERS 103
#define IDD_GROUPS 104
#define IDC_EDITPOLICYSECURITY 1001
#define IDC_ACCOUNTS 1002
#define IDC_DELETE 1003
#define IDC_ACCOUNT_DELETE 1003
#define IDC_PRIVILEGES 1004
#define IDC_ACCOUNT_SECURITY 1005
#define IDC_SESSIONS 1006
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 104
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1007
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif

171
plugins-extra/SecurityExplorerPlugin/sessions.c Normal file
View File

@@ -0,0 +1,171 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
static HWND SessionsLv = NULL;
static PH_LAYOUT_MANAGER LayoutManager;
INT_PTR CALLBACK SxSessionsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
SessionsLv = GetDlgItem(hwndDlg, IDC_SESSIONS);
PhSetListViewStyle(SessionsLv, FALSE, TRUE);
PhSetControlTheme(SessionsLv, L"explorer");
PhAddListViewColumn(SessionsLv, 0, 0, 0, LVCFMT_LEFT, 80, L"LogonId");
PhAddListViewColumn(SessionsLv, 1, 1, 1, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(SessionsLv, 2, 2, 2, LVCFMT_LEFT, 300, L"SID");
PhSetExtendedListView(SessionsLv);
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, SessionsLv, NULL, PH_ANCHOR_ALL);
SxpRefreshSessions(SessionsLv);
}
break;
case WM_DESTROY:
{
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&LayoutManager);
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_ACCOUNT_DELETE:
{
if (!SelectedAccount)
return FALSE;
if (PhShowConfirmMessage(
hwndDlg,
L"delete",
L"the selected session",
NULL,
TRUE
))
{
NTSTATUS status;
LSA_HANDLE policyHandle;
LSA_HANDLE accountHandle;
if (NT_SUCCESS(status = PhOpenLsaPolicy(&policyHandle, POLICY_LOOKUP_NAMES, NULL)))
{
if (NT_SUCCESS(status = LsaOpenAccount(
policyHandle,
SelectedAccount,
ACCOUNT_VIEW | DELETE, // ACCOUNT_VIEW is needed as well for some reason
&accountHandle
)))
{
status = LsaDelete(accountHandle);
LsaClose(accountHandle);
}
LsaClose(policyHandle);
}
if (NT_SUCCESS(status))
SxpRefreshSessions(SessionsLv);
else
PhShowStatus(hwndDlg, L"Unable to delete the session", status, 0);
}
}
break;
case IDC_ACCOUNT_SECURITY:
{
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
if (!SelectedAccount)
return FALSE;
stdObjectSecurity.OpenObject = SxpOpenSelectedLsaAccount;
stdObjectSecurity.ObjectType = L"LsaAccount";
stdObjectSecurity.Context = NULL;
if (PhGetAccessEntries(L"LsaAccount", &accessEntries, &numberOfAccessEntries))
{
PPH_STRING name;
name = PhGetSidFullName(SelectedAccount, TRUE, NULL);
PhEditSecurity(
hwndDlg,
PhGetStringOrDefault(name, L"(unknown)"),
SxStdGetObjectSecurity,
SxStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
if (name)
PhDereferenceObject(name);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == SessionsLv)
{
if (ListView_GetSelectedCount(SessionsLv) == 1)
{
SelectedAccount = PhGetSelectedListViewItemParam(SessionsLv);
}
else
{
SelectedAccount = NULL;
}
}
}
break;
}
}
break;
}
return FALSE;
}

299
plugins-extra/SecurityExplorerPlugin/support.c Normal file
View File

@@ -0,0 +1,299 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2013 wj32
* Copyright (C) 2015-2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
_Callback_ NTSTATUS SxpOpenLsaPolicy(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
)
{
return PhOpenLsaPolicy(Handle, DesiredAccess, NULL);
}
_Callback_ NTSTATUS SxpOpenSelectedLsaAccount(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
LSA_HANDLE policyHandle;
if (NT_SUCCESS(status = PhOpenLsaPolicy(&policyHandle, POLICY_LOOKUP_NAMES, NULL)))
{
status = LsaOpenAccount(policyHandle, SelectedAccount, DesiredAccess, Handle);
LsaClose(policyHandle);
}
return status;
}
_Callback_ NTSTATUS SxpOpenSelectedSamAccount(
_Out_ PHANDLE Handle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
LSA_HANDLE policyHandle = NULL;
SAM_HANDLE serverHandle = NULL;
SAM_HANDLE domainHandle = NULL;
PPOLICY_ACCOUNT_DOMAIN_INFO policyDomainInfo = NULL;
__try
{
if (!NT_SUCCESS(status = PhOpenLsaPolicy(
&policyHandle,
POLICY_VIEW_LOCAL_INFORMATION,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = LsaQueryInformationPolicy(
policyHandle,
PolicyAccountDomainInformation,
&policyDomainInfo
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamConnect(
NULL,
&serverHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamOpenDomain(
serverHandle,
DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP,
policyDomainInfo->DomainSid,
&domainHandle
)))
{
__leave;
}
if (!NT_SUCCESS(status = SamOpenUser(
domainHandle,
DesiredAccess,
PtrToUlong(Context),
Handle
)))
{
__leave;
}
}
__finally
{
if (domainHandle)
{
SamFreeMemory(domainHandle);
}
if (serverHandle)
{
SamFreeMemory(serverHandle);
}
if (policyDomainInfo)
{
LsaFreeMemory(policyDomainInfo);
}
if (policyHandle)
{
LsaClose(policyHandle);
}
}
return status;
}
_Callback_ NTSTATUS SxStdGetObjectSecurity(
_Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
PPH_STD_OBJECT_SECURITY stdObjectSecurity;
HANDLE handle;
stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context;
if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaAccount", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaPolicy", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaSecret", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaTrusted", TRUE)
)
{
PSECURITY_DESCRIPTOR securityDescriptor;
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForGetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = LsaQuerySecurityObject(
handle,
SecurityInformation,
&securityDescriptor
);
if (NT_SUCCESS(status))
{
*SecurityDescriptor = PhAllocateCopy(
securityDescriptor,
RtlLengthSecurityDescriptor(securityDescriptor)
);
LsaFreeMemory(securityDescriptor);
}
LsaClose(handle);
}
else if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamAlias", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamDomain", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamGroup", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamServer", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamUser", TRUE)
)
{
PSECURITY_DESCRIPTOR securityDescriptor;
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForGetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = SamQuerySecurityObject(
handle,
SecurityInformation,
&securityDescriptor
);
if (NT_SUCCESS(status))
{
*SecurityDescriptor = PhAllocateCopy(
securityDescriptor,
RtlLengthSecurityDescriptor(securityDescriptor)
);
SamFreeMemory(securityDescriptor);
}
SamCloseHandle(handle);
}
else
{
status = PhStdGetObjectSecurity(SecurityDescriptor, SecurityInformation, Context);
}
return status;
}
_Callback_ NTSTATUS SxStdSetObjectSecurity(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
PPH_STD_OBJECT_SECURITY stdObjectSecurity;
HANDLE handle;
stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context;
if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaAccount", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaPolicy", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaSecret", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaTrusted", TRUE)
)
{
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = LsaSetSecurityObject(
handle,
SecurityInformation,
SecurityDescriptor
);
LsaClose(handle);
}
else if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamAlias", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamDomain", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamGroup", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamServer", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamUser", TRUE)
)
{
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = SamSetSecurityObject(
handle,
SecurityInformation,
SecurityDescriptor
);
SamCloseHandle(handle);
}
else
{
status = PhStdSetObjectSecurity(SecurityDescriptor, SecurityInformation, Context);
}
return status;
}

171
plugins-extra/SecurityExplorerPlugin/users.c Normal file
View File

@@ -0,0 +1,171 @@
/*
* Process Hacker Extra Plugins -
* LSA Security Explorer Plugin
*
* Copyright (C) 2016 dmex
*
* This file is part of Process Hacker.
*
* Process Hacker is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Process Hacker is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
*/
#include "explorer.h"
static ULONG RelativeId = 0;
static HWND UsersLv = NULL;
static PH_LAYOUT_MANAGER LayoutManager;
INT_PTR CALLBACK SxUsersDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
UsersLv = GetDlgItem(hwndDlg, IDC_SESSIONS);
PhSetListViewStyle(UsersLv, FALSE, TRUE);
PhSetControlTheme(UsersLv, L"explorer");
PhAddListViewColumn(UsersLv, 0, 0, 0, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(UsersLv, 1, 1, 1, LVCFMT_LEFT, 300, L"SID");
PhSetExtendedListView(UsersLv);
PhInitializeLayoutManager(&LayoutManager, hwndDlg);
PhAddLayoutItem(&LayoutManager, UsersLv, NULL, PH_ANCHOR_ALL);
SxpRefreshUsers(UsersLv);
}
break;
case WM_DESTROY:
{
PhDeleteLayoutManager(&LayoutManager);
}
break;
case WM_SIZE:
PhLayoutManagerLayout(&LayoutManager);
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDC_ACCOUNT_DELETE:
{
//if (!SelectedAccount)
// return FALSE;
//
//if (PhShowConfirmMessage(
// hwndDlg,
// L"delete",
// L"the selected session",
// NULL,
// TRUE
// ))
//{
// NTSTATUS status;
// LSA_HANDLE policyHandle;
// LSA_HANDLE accountHandle;
//
// if (NT_SUCCESS(status = PhOpenLsaPolicy(&policyHandle, POLICY_LOOKUP_NAMES, NULL)))
// {
// if (NT_SUCCESS(status = LsaOpenAccount(
// policyHandle,
// SelectedAccount,
// ACCOUNT_VIEW | DELETE, // ACCOUNT_VIEW is needed as well for some reason
// &accountHandle
// )))
// {
// status = LsaDelete(accountHandle);
// LsaClose(accountHandle);
// }
//
// LsaClose(policyHandle);
// }
//
// if (NT_SUCCESS(status))
// SxpRefreshSessions(UsersLv);
// else
// PhShowStatus(hwndDlg, L"Unable to delete the session", status, 0);
//}
}
break;
case IDC_ACCOUNT_SECURITY:
{
PH_STD_OBJECT_SECURITY stdObjectSecurity;
PPH_ACCESS_ENTRY accessEntries;
ULONG numberOfAccessEntries;
if (!SelectedAccount)
return FALSE;
stdObjectSecurity.OpenObject = SxpOpenSelectedSamAccount;
stdObjectSecurity.ObjectType = L"SamUser";
stdObjectSecurity.Context = UlongToPtr(RelativeId);
if (PhGetAccessEntries(L"SamUser", &accessEntries, &numberOfAccessEntries))
{
PPH_STRING name;
name = PhGetSidFullName(SelectedAccount, TRUE, NULL);
PhEditSecurity(
hwndDlg,
PhGetStringOrDefault(name, L"(unknown)"),
SxStdGetObjectSecurity,
SxStdSetObjectSecurity,
&stdObjectSecurity,
accessEntries,
numberOfAccessEntries
);
PhFree(accessEntries);
if (name)
PhDereferenceObject(name);
}
}
break;
}
}
break;
case WM_NOTIFY:
{
LPNMHDR header = (LPNMHDR)lParam;
switch (header->code)
{
case LVN_ITEMCHANGED:
{
if (header->hwndFrom == UsersLv)
{
if (ListView_GetSelectedCount(UsersLv) == 1)
{
RelativeId = PtrToUlong(PhGetSelectedListViewItemParam(UsersLv));
}
else
{
RelativeId = 0;
}
}
}
break;
}
}
break;
}
return FALSE;
}