BowTiedGnome Comments

BowTiedGnome

•Created by BowTiedGnome on 8/11/2024 in #help

FFI on windows and handles

let code = kernel32.symbols.GetLastError();

// windows api last error code
log("ec", code);

const currentProcessHandle = kernel32.symbols.GetCurrentProcess();
log("currentProcessHandle ptr", Deno.UnsafePointer.value(currentProcessHandle));
    
// handle
const token = new Uint8Array(8); // using long sing one 64 bit machine, but always returns int.
const tokenHandle = Deno.UnsafePointer.of(token);
// show that its basically a null pointer
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))

log("")
log("call OpenProcessToken")
if (!advapi32.symbols.OpenProcessToken(currentProcessHandle, TokenAccess.Read, tokenHandle)) {
    throw new Error("Failed to open process token");
}

code = kernel32.symbols.GetLastError();
log("ec", code);
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))

/**
 * sequential struct that is 4 bytes
 * struct TokenElevation {
 *      int TokenIsElevanted { get; set; }  // int32, 4 bytes, but used as boolean value
 * }
 */
const elevation = new Uint8Array(4);
const cbSize = new Uint32Array(1);

log("")
log("call GetTokenInformation")
const pass = advapi32.symbols.GetTokenInformation(
    tokenHandle,
    TokenElevation,
    elevation,
    elevation.byteLength,
    cbSize
);
code = kernel32.symbols.GetLastError();

const length = cbSize[0];
const elevated = new DataView(elevation.buffer).getInt32(0, true);
log("length", length);  // 4, so its updating
log("elevated", elevated); // 0
log("ec", code); // 6, invalid handle
log("success?", pass); // false
log("elevation", elevation); // empty array, null pointer

let code = kernel32.symbols.GetLastError();

// windows api last error code
log("ec", code);

const currentProcessHandle = kernel32.symbols.GetCurrentProcess();
log("currentProcessHandle ptr", Deno.UnsafePointer.value(currentProcessHandle));
    
// handle
const token = new Uint8Array(8); // using long sing one 64 bit machine, but always returns int.
const tokenHandle = Deno.UnsafePointer.of(token);
// show that its basically a null pointer
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))

log("")
log("call OpenProcessToken")
if (!advapi32.symbols.OpenProcessToken(currentProcessHandle, TokenAccess.Read, tokenHandle)) {
    throw new Error("Failed to open process token");
}

code = kernel32.symbols.GetLastError();
log("ec", code);
log("token ptr addr", Deno.UnsafePointer.value(tokenHandle))
log("token intptr", new DataView(token.buffer).getBigInt64(0, true))

/**
 * sequential struct that is 4 bytes
 * struct TokenElevation {
 *      int TokenIsElevanted { get; set; }  // int32, 4 bytes, but used as boolean value
 * }
 */
const elevation = new Uint8Array(4);
const cbSize = new Uint32Array(1);

log("")
log("call GetTokenInformation")
const pass = advapi32.symbols.GetTokenInformation(
    tokenHandle,
    TokenElevation,
    elevation,
    elevation.byteLength,
    cbSize
);
code = kernel32.symbols.GetLastError();

const length = cbSize[0];
const elevated = new DataView(elevation.buffer).getInt32(0, true);
log("length", length);  // 4, so its updating
log("elevated", elevated); // 0
log("ec", code); // 6, invalid handle
log("success?", pass); // false
log("elevation", elevation); // empty array, null pointer

4 replies

DDeno

•Created by BowTiedGnome on 8/11/2024 in #help

FFI on windows and handles

const log = console.log;
enum TokenAccess {
    AssignPrimary = 0x00000001,
    Duplicate = 0x00000002,
    Impersonate = 0x00000004,
    Query = 0x00000008,
    QuerySource = 0x00000010,
    AdjustPrivileges = 0x00000020,
    AdjustGroups = 0x00000040,
    AdjustDefault = 0x00000080,
    AdjustSessionId = 0x00000100,

    Read = 0x00020000 | Query,

    Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,

    AllAccess = 0x000F0000 |
                        AssignPrimary |
                        Duplicate |
                        Impersonate |
                        Query |
                        QuerySource |
                        AdjustPrivileges |
                        AdjustGroups |
                        AdjustDefault |
                        AdjustSessionId,

    MaximumAllowed = 0x02000000
}

const TokenElevation = 20;

const log = console.log;
enum TokenAccess {
    AssignPrimary = 0x00000001,
    Duplicate = 0x00000002,
    Impersonate = 0x00000004,
    Query = 0x00000008,
    QuerySource = 0x00000010,
    AdjustPrivileges = 0x00000020,
    AdjustGroups = 0x00000040,
    AdjustDefault = 0x00000080,
    AdjustSessionId = 0x00000100,

    Read = 0x00020000 | Query,

    Write = 0x00020000 | AdjustPrivileges | AdjustGroups | AdjustDefault,

    AllAccess = 0x000F0000 |
                        AssignPrimary |
                        Duplicate |
                        Impersonate |
                        Query |
                        QuerySource |
                        AdjustPrivileges |
                        AdjustGroups |
                        AdjustDefault |
                        AdjustSessionId,

    MaximumAllowed = 0x02000000
}

const TokenElevation = 20;

4 replies

DDeno

•Created by JacobZwang on 7/29/2024 in #help

use `process` without importing it

if the code in a node project, you can reference the process object using globalThis

const g = globalThis as Record<string, unknown>;
if (g.process) {
   // do something with process
}

const g = globalThis as Record<string, unknown>;
if (g.process) {
   // do something with process
}

4 replies